You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
123 lines
4.6 KiB
123 lines
4.6 KiB
name: Review app teardown pipeline |
|
|
|
concurrency: |
|
group: deploy-review${{ github.event.pull_request.number || inputs.pr_number }} |
|
|
|
on: |
|
pull_request: |
|
types: |
|
- closed |
|
workflow_dispatch: |
|
inputs: |
|
pr_number: |
|
required: true |
|
type: string |
|
description: "The PR number of the review app to tear down. Note: this is NOT the ticket number" |
|
|
|
permissions: {} |
|
|
|
env: |
|
app_repo_role: arn:aws:iam::815624722760:role/core-application-repo |
|
aws_account_id: 837698168072 |
|
aws_region: eu-west-2 |
|
aws_role_prefix: core-dev |
|
|
|
jobs: |
|
get_pr_number: |
|
name: Get PR number |
|
runs-on: ubuntu-latest |
|
outputs: |
|
pr_number: ${{ steps.get.outputs.pr_number }} |
|
steps: |
|
- name: Get PR number |
|
id: get |
|
run: | |
|
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then |
|
echo "pr_number=${{ inputs.pr_number }}" >> $GITHUB_OUTPUT |
|
else |
|
echo "pr_number=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT |
|
fi |
|
|
|
check_review_app_exists: |
|
name: Check if review app exists |
|
needs: [get_pr_number] |
|
runs-on: ubuntu-latest |
|
permissions: |
|
id-token: write |
|
outputs: |
|
exists: ${{ steps.check.outputs.exists }} |
|
steps: |
|
- name: Configure AWS credentials |
|
uses: aws-actions/configure-aws-credentials@v4 |
|
with: |
|
aws-region: ${{ env.aws_region }} |
|
role-to-assume: ${{ env.app_repo_role }} |
|
|
|
- name: Configure AWS credentials for review environment |
|
uses: aws-actions/configure-aws-credentials@v4 |
|
with: |
|
aws-region: ${{ env.aws_region }} |
|
role-to-assume: arn:aws:iam::${{ env.aws_account_id }}:role/${{ env.aws_role_prefix }}-deployment |
|
role-chaining: true |
|
|
|
- name: Check if ECS service exists |
|
id: check |
|
env: |
|
aws_task_prefix: core-review-${{ needs.get_pr_number.outputs.pr_number }} |
|
run: | |
|
if aws ecs describe-services --cluster ${{ env.aws_task_prefix }}-app --services ${{ env.aws_task_prefix }}-app --query "services[?status=='ACTIVE']" | grep -q 'serviceName'; then |
|
echo "exists=true" >> $GITHUB_OUTPUT |
|
else |
|
echo "exists=false" >> $GITHUB_OUTPUT |
|
fi |
|
|
|
database: |
|
name: Drop database |
|
if: needs.check_review_app_exists.outputs.exists == 'true' |
|
needs: [get_pr_number, check_review_app_exists] |
|
runs-on: ubuntu-latest |
|
permissions: |
|
id-token: write |
|
env: |
|
aws_task_prefix: core-review-${{ needs.get_pr_number.outputs.pr_number }} |
|
|
|
steps: |
|
- name: Configure AWS credentials |
|
uses: aws-actions/configure-aws-credentials@v4 |
|
with: |
|
aws-region: ${{ env.aws_region }} |
|
role-to-assume: ${{ env.app_repo_role }} |
|
|
|
- name: Configure AWS credentials for review environment |
|
uses: aws-actions/configure-aws-credentials@v4 |
|
with: |
|
aws-region: ${{ env.aws_region }} |
|
role-to-assume: arn:aws:iam::${{ env.aws_account_id }}:role/${{ env.aws_role_prefix }}-deployment |
|
role-chaining: true |
|
|
|
- name: Drop Database |
|
env: |
|
ad_hoc_task_definition: ${{ env.aws_task_prefix }}-ad-hoc |
|
cluster: ${{ env.aws_task_prefix }}-app |
|
service: ${{ env.aws_task_prefix }}-app |
|
run: | |
|
network=$(aws ecs describe-services --cluster $cluster --services $service --query services[0].networkConfiguration) |
|
overrides='{ "containerOverrides" : [{ "name" : "app", "command" : ["bundle", "exec", "rake", "db:drop"]}]}' |
|
arn=$(aws ecs run-task --cluster $cluster --task-definition $ad_hoc_task_definition --network-configuration "$network" --overrides "$overrides" --group migrations --launch-type FARGATE --query tasks[0].taskArn) |
|
echo "Waiting for db drop task to complete" |
|
temp=${arn##*/} |
|
id=${temp%*\"} |
|
aws ecs wait tasks-stopped --cluster $cluster --tasks $id |
|
succeeded=$(aws ecs describe-tasks --cluster $cluster --tasks $id --query "tasks[0].stopCode == 'EssentialContainerExited' && to_string(tasks[0].containers[0].exitCode) == '0'") |
|
if [ $succeeded == true ]; then exit 0; else exit 1; fi |
|
|
|
infra: |
|
name: Teardown review app |
|
if: needs.check_review_app_exists.outputs.exists == 'true' |
|
needs: [get_pr_number, check_review_app_exists, database] |
|
uses: communitiesuk/submit-social-housing-lettings-and-sales-data-infrastructure/.github/workflows/destroy_review_app_infra.yml@main |
|
with: |
|
key: ${{ needs.get_pr_number.outputs.pr_number }} |
|
app_repo_role: arn:aws:iam::815624722760:role/core-application-repo |
|
permissions: |
|
id-token: write
|
|
|