Destroy #1138
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Destroy | |
| on: delete | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: read | |
| jobs: | |
| destroy: | |
| # Protected branches should be designated as such in the GitHub UI. | |
| # So, a protected branch should never have this workflow run, since the branch should never be deleted. | |
| # This conditional is a backup mechanism to help prevent mistakes from becoming disasters. | |
| # This is a list of branch names that are commonly used for protected branches/environments. | |
| # Add/remove names from this list as appropriate. | |
| if: github.event.ref_type == 'branch' && !contains(fromJson('["master", "val", "prod"]'), github.event.ref) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: set branch_name | |
| run: | | |
| if [[ "${{ github.event.ref }}" =~ ^dependabot/.* ]]; then # Dependabot builds very long branch names. This is a switch to make it shorter. | |
| echo "branch_name=`echo ${{ github.event.ref }} | md5sum | head -c 10 | sed 's/^/x/'`" >> $GITHUB_ENV | |
| else | |
| echo "branch_name=${{ github.event.ref }}" >> $GITHUB_ENV | |
| fi | |
| - uses: actions/checkout@v3 | |
| - name: set branch specific variable names | |
| run: ./.github/build_vars.sh set_names | |
| - name: set variable values | |
| run: ./.github/build_vars.sh set_values | |
| env: | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
| STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }} | |
| - name: Configure AWS credentials for GitHub Actions | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }} | |
| aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
| - name: lock this branch to prevent concurrent builds | |
| run: ./.github/github-lock.sh $branch_name | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - run: ./destroy.sh $STAGE_PREFIX$branch_name |