.github/workflows/destroy-custom-env.yml from betagouv/service-national-universel

.github/workflows/destroy-custom-env.yml
Summary

Maintainability

Test Coverage

Issues
name: Destroy custom environment

on:
  workflow_dispatch:
  pull_request:
    types:
      - closed
    branches:
      - main

jobs:
  prepare:
    if: |
      github.event_name == 'workflow_dispatch' ||
      (github.event_name == 'pull_request' &&
        !(contains(github.head_ref, '-no-ci-') ||
        startsWith(github.head_ref, 'no-ci-') ||
        endsWith(github.head_ref, 'no-ci') ||
        contains(github.head_ref, '_no_ci_') ||
        startsWith(github.head_ref, 'no_ci_') ||
        endsWith(github.head_ref, '_no_ci'))
      )
    runs-on: ubuntu-latest
    outputs:
      branch_name: ${{ steps.check.outputs.branch_name }}
      commit_sha: ${{ steps.check.outputs.commit_sha }}
      image_tag: ${{ steps.image_tag.outputs.image_tag }}
      env_name: ${{ steps.env_name.outputs.env_name }}

    steps:
      - name: Check branch name
        id: check
        run: |
          if [[ ${{ github.event_name }} == 'pull_request' ]] ; then
            branch_name=${{ github.head_ref }}
            commit_sha=${{ github.event.pull_request.head.sha }}
          else
            branch_name=${{ github.ref_name }}
            commit_sha=${{ github.sha }}
          fi
          if [[ $branch_name == 'main' ]] || [[ $branch_name == 'production' ]] ; then
            echo "This action is not available on the branch $branch_name"
            exit 1
          fi
          echo "branch_name=$branch_name" >> $GITHUB_OUTPUT
          echo "commit_sha=$commit_sha" >> $GITHUB_OUTPUT

      - uses: actions/checkout@v4
        with:
          ref: ${{ steps.check.outputs.commit_sha }}

      - name: Get custom-env name
        id: env_name
        run: |
          env_name=$(.github/scripts/get_custom_env_name.sh ${{ steps.check.outputs.branch_name }})
          echo "env_name: $env_name"
          echo "env_name=$env_name" >> $GITHUB_OUTPUT

  destroy:
    runs-on: ubuntu-latest
    needs: [prepare]
    concurrency:
      group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
      cancel-in-progress: false
    env:
      SCW_ACCESS_KEY: ${{ secrets.SCW_CI_DEPLOY_ACCESS_KEY }}
      SCW_SECRET_KEY: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }}
      PG_CONN_STR: ${{ secrets.SCW_CI_BACKEND_CONN_STR }}
      PGUSER: ${{ secrets.SCW_CI_BACKEND_USER }}
      PGPASSWORD: ${{ secrets.SCW_CI_BACKEND_PASSWORD }}
      custom_directory: ./devops/terraform/environments/ci/custom

    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ needs.prepare.outputs.commit_sha }}

      - uses: hashicorp/setup-terraform@v3

      - name: Create custom env stack
        working-directory: ${{ env.custom_directory }}
        run: sed -i.bak "s|###___ENV_NAME___###|${{ needs.prepare.outputs.env_name }}|g" main.tf
        # the -i option replaces main.tf in-place creating a .bak backup file

      - name: Init terraform
        working-directory: ${{ env.custom_directory }}
        run: terraform init

      - name: Validate terraform
        working-directory: ${{ env.custom_directory }}
        run: terraform validate -no-color

      - name: Terraform destroy
        working-directory: ${{ env.custom_directory }}
        run: |
          terraform apply -no-color -input=false -lock-timeout=15m -auto-approve -destroy \
            -var="api_image_tag=latest" \
            -var="admin_image_tag=latest" \
            -var="app_image_tag=latest"