-
Notifications
You must be signed in to change notification settings - Fork 7
149 lines (134 loc) · 4.88 KB
/
tpl-destroy-env.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
---
name: 🔒 Destroy Environment
on:
workflow_call:
inputs:
env-type:
required: true
type: string
pull-request-id:
required: false
type: string
workflow-id:
required: false
type: string
delete-env:
required: false
default: true
type: boolean
pull_request:
types: [ closed ]
issue_comment:
types: [ created ]
env:
# ----------------------------------------------------------------------------
# CI/CD
ARGOCD_URL: "${{ secrets.ARGOCD_URL }}"
ARGOCD_ACCESS_TOKEN: "${{ secrets.ARGOCD_ACCESS_TOKEN }}"
GITLAB_PAT_OCTANT_K8S_DEVOPS_REPOSITORY_WRITE: "${{ secrets.GITLAB_PAT_OCTANT_K8S_DEVOPS_REPOSITORY_WRITE }}"
jobs:
destroy:
name: Destroy Environment
runs-on:
- general
if: (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/destroy')) || github.event_name != 'issue_comment'
container:
image: registry.gitlab.com/golemfoundation/devops/container-builder/gitops-builder:2ea6d57c
credentials:
username: "doesnt-matter"
password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}"
steps:
- name: Get PR branch
uses: xt0rted/pull-request-comment-branch@v2
if: github.event_name == 'issue_comment'
id: comment-branch
- name: Check if user is an org member
uses: actions/github-script@v7
id: is-organization-member
with:
result-encoding: string
github-token: ${{ secrets.GH_BOT_TOKEN }}
script: |
return (
await github.rest.orgs.listMembers({
org: 'golemfoundation'
})
).data.map(({login}) => login).includes('${{ github.event.comment.user.login }}').toString()
- name: Cancel workflow
if: ${{ github.event_name == 'issue_comment' && steps.is-organization-member.outputs.result == 'false' }}
run: |
echo '${{ github.event.comment.user.login }} is not a member of the golemfoundation org'
exit 1
- uses: actions/github-script@v7
id: get-pr-number
if: github.event_name == 'issue_comment'
with:
result-encoding: string
script: |
return (
await github.rest.repos.listPullRequestsAssociatedWithCommit({
commit_sha: '${{ steps.comment-branch.outputs.head_sha }}',
owner: context.repo.owner,
repo: context.repo.repo,
})
).data[0].number;
- uses: actions/[email protected]
if: github.event_name == 'issue_comment'
with:
ref: ${{ steps.comment-branch.outputs.head_ref }}
- uses: actions/[email protected]
if: github.event_name != 'issue_comment'
- name: Set up Gitops mutex
uses: ben-z/[email protected]
with:
branch: gitops-mutex
- name: Destroy application
id: destroy-env
run: |
set -ex
export CI_PROJECT_DIR="${GITHUB_WORKSPACE}"
export ENV_TYPE=${{ inputs.env-type }}
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
export CI_MERGE_REQUEST_IID=${{ github.event.number }}
export CI_PIPELINE_ID=${{ github.run_id }}
elif [[ "${{ github.event_name }}" == "issue_comment" ]]; then
export CI_MERGE_REQUEST_IID=${{ steps.get-pr-number.outputs.result }}
export CI_PIPELINE_ID=${{ github.run_id }}
else
export CI_MERGE_REQUEST_IID=${{ inputs.pull-request-id }}
export CI_PIPELINE_ID=${{ inputs.workflow-id }}
fi
source ${CI_PROJECT_DIR}/ci/argocd/resolve_env.sh $ENV_TYPE
bash ${CI_PROJECT_DIR}/ci/argocd/application.sh destroy
echo "DEPLOYMENT_ID=$DEPLOYMENT_ID" >> $GITHUB_OUTPUT
shell: bash
- uses: actions/github-script@v7
id: does-env-exist
if: always()
with:
result-encoding: string
script: |
try {
await github.rest.repos.getEnvironment({
owner: context.repo.owner,
repo: context.repo.repo,
environment_name: '${{ steps.destroy-env.outputs.DEPLOYMENT_ID }}',
});
return 'true';
} catch {
return 'false';
}
- name: Delete Environment
uses: bobheadxi/deployments@v1
if: ${{ (steps.does-env-exist.outputs.result == 'true') && (inputs.delete-env || github.event_name == 'pull_request' || github.event_name == 'issue_comment') }}
with:
step: delete-env
token: ${{ secrets.GH_BOT_TOKEN }}
env: ${{ steps.destroy-env.outputs.DEPLOYMENT_ID }}
- name: Deactivate Environment
uses: bobheadxi/deployments@v1
if: ${{ (steps.does-env-exist.outputs.result == 'true') && !inputs.delete-env }}
with:
step: deactivate-env
token: ${{ secrets.GH_BOT_TOKEN }}
env: ${{ steps.destroy-env.outputs.DEPLOYMENT_ID }}