Skip to content

Destroy

Destroy #1192

Workflow file for this run

name: Destroy
on:
delete:
workflow_dispatch:
inputs:
environment:
description: "Name of the environment to destroy:"
required: true
concurrency:
group: ${{ inputs.environment || github.event.ref }}
permissions:
id-token: write
contents: read
actions: read
jobs:
destroy:
# Protected branches should be designated as such in the GitHub UI.
# So, a protected branch should never have this workflow run, since the branch should never be deleted.
# This conditional is a backup mechanism to help prevent mistakes from becoming disasters.
# This is a list of branch names that are commonly used for protected branches/environments.
# Add/remove names from this list as appropriate.
if: |
(
github.event.ref_type == 'branch' &&
(!startsWith(github.event.ref, 'skipci')) &&
(!contains(fromJson('["master", "val", "production"]'), github.event.ref))
) ||
(
inputs.environment != '' &&
(!contains(fromJson('["master", "val", "production"]'), inputs.environment))
)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"
- name: set branch_name
run: |
BRANCH_NAME=$(./.github/setBranchName.sh ${{ inputs.environment || github.event.ref }})
echo "branch_name=${BRANCH_NAME}" >> $GITHUB_ENV
- name: set branch specific variable names
run: ./.github/build_vars.sh set_names
- name: set variable values
run: ./.github/build_vars.sh set_values
env:
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
- name: Configure AWS credentials for GitHub Actions OIDC
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Destroy
run: ./run destroy --stage $STAGE_PREFIX$branch_name --verify false
# Notify the integrations channel when a destroy action fails
notify_on_destroy_failure:
runs-on: ubuntu-latest
needs:
- destroy
if: ${{ failure() }}
steps:
- name: Slack Notification
uses: rtCamp/action-slack-notify@v2
env:
SLACK_TITLE: ":boom: A destroy action has failed on ${{ github.repository }}."
MSG_MINIMAL: true
SLACK_WEBHOOK: ${{ secrets.INTEGRATIONS_SLACK_WEBHOOK }}