cleanup #132
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: cleanup | |
on: delete | |
jobs: | |
snowflake-delete: | |
name: Delete Snowflake development environment | |
if: ${{ github.event.ref != 'main' && github.event.ref != 'staging' }} | |
runs-on: ubuntu-latest | |
env: | |
PRIVATE_KEY_PASSPHRASE: ${{ secrets.SNOWFLAKE_PRIVATE_KEY_PASSPHRASE }} | |
steps: | |
- name: Configure Snowflake connection | |
run: | | |
# Create temporary files for config.toml and our private key | |
config_file=$(mktemp) | |
private_key_file=$(mktemp) | |
# Write to the private key file | |
echo "${{ secrets.SNOWFLAKE_PRIVATE_KEY }}" > $private_key_file | |
# Write to config.toml file | |
echo 'default_connection_name = "recover"' >> $config_file | |
echo '[connections.recover]' >> $config_file | |
echo "account = \"${{ vars.SNOWFLAKE_ACCOUNT }}\"" >> $config_file | |
echo "user = \"${{ vars.SNOWFLAKE_USER }}\"" >> $config_file | |
echo "role = \"${{ vars.SNOWFLAKE_ROLE }}\"" >> $config_file | |
echo 'warehouse = "RECOVER_XSMALL"' >> $config_file | |
echo 'authenticator = "SNOWFLAKE_JWT"' >> $config_file | |
echo "private_key_path = \"$private_key_file\"" >> $config_file | |
# Write config.toml path to global environment | |
echo "SNOWFLAKE_CONFIG_PATH=$config_file" >> $GITHUB_ENV | |
- name: Configuration file information | |
run: | | |
echo "Snowflake configuration is located at $SNOWFLAKE_CONFIG_PATH" | |
cat $SNOWFLAKE_CONFIG_PATH | |
- name: Install Snowflake CLI | |
uses: Snowflake-Labs/[email protected] | |
with: | |
default-config-file-path: ${{ env.SNOWFLAKE_CONFIG_PATH }} | |
- name: Test Snowflake connection | |
run: | | |
snow --version | |
snow connection test | |
- name: Delete Snowflake environment | |
run: | | |
snow sql \ | |
-q " | |
SET safe_environment_identifier = (SELECT REPLACE('${{ github.event.ref }}', '-', '_')); | |
SET database_identifier = CONCAT('recover_', \$safe_environment_identifier); | |
DROP DATABASE IDENTIFIER(\$database_identifier); | |
" | |
sceptre-delete: | |
name: Delete CloudFormation stacks using sceptre | |
runs-on: ubuntu-latest | |
environment: develop | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Setup code, pipenv, aws | |
uses: Sage-Bionetworks/action-pipenv-aws-setup@v3 | |
with: | |
role_to_assume: ${{ vars.AWS_CREDENTIALS_IAM_ROLE }} | |
role_session_name: GitHubActions-${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ github.run_id }} | |
python_version: 3.9 | |
- name: Delete S3 event notification for this namespace | |
uses: gagoar/invoke-aws-lambda@v3 | |
with: | |
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }} | |
REGION: ${{ env.AWS_REGION }} | |
FunctionName: ${{ github.event.ref }}-S3EventConfig | |
Payload: '{"RequestType": "Delete"}' | |
LogType: Tail | |
- name: Remove sceptre stacks | |
run: pipenv run sceptre --debug --var namespace=${{ github.event.ref }} delete develop/namespaced --yes | |
- name: Remove artifacts | |
run: > | |
pipenv run python src/scripts/manage_artifacts/artifacts.py | |
--remove | |
--namespace ${{ github.event.ref }} | |
--cfn_bucket ${{ vars.CFN_BUCKET }} | |
--shareable-artifacts-bucket ${{ vars.SHAREABLE_ARTIFACTS_BUCKET }} |