Matt Parker Newsletter image #2056
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR - Delete Environment when PR is closed | |
on: | |
pull_request: | |
types: [closed] | |
workflow_dispatch: | |
inputs: | |
slotID: | |
description: "Pull request number" | |
required: true | |
default: "" | |
workflow_call: | |
inputs: | |
slotIDs: | |
type: string | |
description: "Slot IDs" | |
required: true | |
defaults: | |
run: | |
shell: pwsh | |
env: | |
SLOT_NAME: ${{ inputs.slotIDs || inputs.slotID || github.event.number }} | |
SLOT_PREFIX: pr- | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
setting-up-slot-ids: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- name: Get slot ids from input | |
id: set-matrix | |
run: | | |
$slotIDs = '${{ env.SLOT_NAME }}' | |
if($slotIDs -notlike '`[*') | |
{ | |
$array = $slotIDs -split " " | |
$slotIDs = ConvertTo-Json -Compress @($array) | |
} | |
echo "matrix=$slotIDs" >> $env:GITHUB_OUTPUT | |
delete-slot-and-acr-cleanup: | |
runs-on: ubuntu-latest | |
needs: setting-up-slot-ids | |
strategy: | |
matrix: | |
SLOT_NAME: ${{ fromJson(needs.setting-up-slot-ids.outputs.matrix) }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Load .env file | |
uses: xom9ikk/dotenv@v2 | |
with: | |
path: ./.github | |
- name: Azure CLI - Login | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Cleanup ACR and Key Vault Permissions | |
run: | | |
$acrId = az acr show ` | |
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} ` | |
--name ${{ env.ACR_LOGIN_SERVER }} ` | |
--query id ` | |
--output tsv | |
Write-Host '✅ acr found' | |
# get slot identity | |
$identityId = az webapp identity show ` | |
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} ` | |
--name ${{ env.APP_SERVICE_NAME }} ` | |
--slot ${{ env.SLOT_PREFIX }}${{ matrix.SLOT_NAME }} ` | |
--query principalId ` | |
--output tsv | |
Write-Host '✅ slot identity found' | |
# Check if the role assignment exists before deleting it | |
$acrRoleAssignment = az role assignment list ` | |
--assignee $identityId ` | |
--scope $acrId ` | |
--role acrpull ` | |
--query "[].roleDefinitionName" ` | |
--output tsv | |
if ($acrRoleAssignment) { | |
# Delete the role assignment if it exists | |
az role assignment delete ` | |
--assignee $identityId ` | |
--scope $acrId ` | |
--role acrpull ` | |
--output none | |
Write-Host '✅ acrpull role deleted' | |
} else { | |
Write-Host '❌ acrpull role assignment not found' | |
} | |
$kvId = az keyvault show ` | |
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} ` | |
--name ${{ env.KEY_VAULT }} ` | |
--query id ` | |
--output tsv | |
if($kvId){ | |
Write-Host '✅ KeyVault found' | |
# Check if the Key Vault role assignment exists | |
$kvRoleAssignment = az role assignment list ` | |
--assignee $identityId ` | |
--scope $kvId ` | |
--role "Key Vault Secrets User" ` | |
--query "[].roleDefinitionName" ` | |
--output tsv | |
if ($kvRoleAssignment) { | |
# Delete the Key Vault role assignment if it exists | |
az role assignment delete ` | |
--assignee $identityId ` | |
--scope $kvId ` | |
--role "Key Vault Secrets User" ` | |
--output none | |
Write-Host '✅ Key Vault Secrets User role deleted' | |
} else { | |
Write-Host '❌ Key Vault Secrets User role assignment not found' | |
} | |
} else { | |
Write-Host '❌ Key Vault not found' | |
} | |
- name: Delete all untagged images | |
run: | | |
az acr manifest list-metadata ` | |
-r ${{ env.ACR_NAME }} ` | |
-n ${{ env.IMAGE_NAME }} ` | |
--query "[?tags==null].digest" ` | |
-o tsv | ` | |
%{ ` | |
az acr repository delete ` | |
-n ${{ env.ACR_NAME }} ` | |
-t ${{ env.IMAGE_NAME }}@$_ ` | |
--yes ` | |
} | |
Write-Host "✅ All untagged images have been deleted" | |
- name: ACR - Delete image | |
run: | | |
$imageTagWithPrefix = '${{ env.SLOT_PREFIX }}${{ matrix.SLOT_NAME}}' | |
$imageName = "${{ env.IMAGE_NAME }}:$imageTagWithPrefix" | |
# Check if the image exists in the ACR | |
$imageExists = az acr repository show-manifests ` | |
--name ${{ env.ACR_NAME }} ` | |
--repository ${{ env.IMAGE_NAME }} ` | |
--query "[?tags[?contains(@, '$imageTagWithPrefix')]].tags[]" ` | |
--output tsv | |
if ($imageExists) { | |
# If the image exists, delete it | |
az acr repository delete --name ${{ env.ACR_NAME }} ` | |
--image $imageName --yes | |
Write-Output "✅ ACR - $imageName image deleted successfully." | |
} else { | |
Write-Output "❌ ACR - $imageName image not found, skipping deletion." | |
} | |
- name: Delete slot | |
run: | | |
az webapp deployment slot delete ` | |
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} ` | |
--name ${{ env.APP_SERVICE_NAME }} ` | |
--slot ${{ env.SLOT_PREFIX }}${{ matrix.SLOT_NAME }} ` | |
--output none |