-
Notifications
You must be signed in to change notification settings - Fork 8
183 lines (160 loc) · 5.53 KB
/
pr-close-delete-env.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
name: PR - Delete Environment when PR is closed
on:
pull_request:
types: [closed]
workflow_dispatch:
inputs:
slotID:
description: "Pull request number"
required: true
default: ""
workflow_call:
inputs:
slotIDs:
type: string
description: "Slot IDs"
required: true
defaults:
run:
shell: pwsh
env:
SLOT_NAME: ${{ inputs.slotIDs || inputs.slotID || github.event.number }}
SLOT_PREFIX: pr-
permissions:
id-token: write
contents: read
jobs:
setting-up-slot-ids:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Get slot ids from input
id: set-matrix
run: |
$slotIDs = '${{ env.SLOT_NAME }}'
if($slotIDs -notlike '`[*')
{
$array = $slotIDs -split " "
$slotIDs = ConvertTo-Json -Compress @($array)
}
echo "matrix=$slotIDs" >> $env:GITHUB_OUTPUT
delete-slot-and-acr-cleanup:
runs-on: ubuntu-latest
needs: setting-up-slot-ids
strategy:
matrix:
SLOT_NAME: ${{ fromJson(needs.setting-up-slot-ids.outputs.matrix) }}
steps:
- uses: actions/checkout@v4
- name: Load .env file
uses: xom9ikk/dotenv@v2
with:
path: ./.github
- name: Azure CLI - Login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Cleanup ACR and Key Vault Permissions
run: |
$acrId = az acr show `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.ACR_LOGIN_SERVER }} `
--query id `
--output tsv
Write-Host '✅ acr found'
# get slot identity
$identityId = az webapp identity show `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.APP_SERVICE_NAME }} `
--slot ${{ env.SLOT_PREFIX }}${{ matrix.SLOT_NAME }} `
--query principalId `
--output tsv
Write-Host '✅ slot identity found'
# Check if the role assignment exists before deleting it
$acrRoleAssignment = az role assignment list `
--assignee $identityId `
--scope $acrId `
--role acrpull `
--query "[].roleDefinitionName" `
--output tsv
if ($acrRoleAssignment) {
# Delete the role assignment if it exists
az role assignment delete `
--assignee $identityId `
--scope $acrId `
--role acrpull `
--output none
Write-Host '✅ acrpull role deleted'
} else {
Write-Host '❌ acrpull role assignment not found'
}
$kvId = az keyvault show `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.KEY_VAULT }} `
--query id `
--output tsv
if($kvId){
Write-Host '✅ KeyVault found'
# Check if the Key Vault role assignment exists
$kvRoleAssignment = az role assignment list `
--assignee $identityId `
--scope $kvId `
--role "Key Vault Secrets User" `
--query "[].roleDefinitionName" `
--output tsv
if ($kvRoleAssignment) {
# Delete the Key Vault role assignment if it exists
az role assignment delete `
--assignee $identityId `
--scope $kvId `
--role "Key Vault Secrets User" `
--output none
Write-Host '✅ Key Vault Secrets User role deleted'
} else {
Write-Host '❌ Key Vault Secrets User role assignment not found'
}
} else {
Write-Host '❌ Key Vault not found'
}
- name: Delete all untagged images
run: |
az acr manifest list-metadata `
-r ${{ env.ACR_NAME }} `
-n ${{ env.IMAGE_NAME }} `
--query "[?tags==null].digest" `
-o tsv | `
%{ `
az acr repository delete `
-n ${{ env.ACR_NAME }} `
-t ${{ env.IMAGE_NAME }}@$_ `
--yes `
}
Write-Host "✅ All untagged images have been deleted"
- name: ACR - Delete image
run: |
$imageTagWithPrefix = '${{ env.SLOT_PREFIX }}${{ matrix.SLOT_NAME}}'
$imageName = "${{ env.IMAGE_NAME }}:$imageTagWithPrefix"
# Check if the image exists in the ACR
$imageExists = az acr repository show-manifests `
--name ${{ env.ACR_NAME }} `
--repository ${{ env.IMAGE_NAME }} `
--query "[?tags[?contains(@, '$imageTagWithPrefix')]].tags[]" `
--output tsv
if ($imageExists) {
# If the image exists, delete it
az acr repository delete --name ${{ env.ACR_NAME }} `
--image $imageName --yes
Write-Output "✅ ACR - $imageName image deleted successfully."
} else {
Write-Output "❌ ACR - $imageName image not found, skipping deletion."
}
- name: Delete slot
run: |
az webapp deployment slot delete `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.APP_SERVICE_NAME }} `
--slot ${{ env.SLOT_PREFIX }}${{ matrix.SLOT_NAME }} `
--output none