MLPAB-2786: Send voucher access code when fee approved and paid #1708
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "[Workflow] Destroy PR Environment" | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| types: | |
| - closed | |
| permissions: | |
| id-token: write | |
| contents: read | |
| security-events: none | |
| pull-requests: read | |
| actions: none | |
| checks: none | |
| deployments: none | |
| issues: none | |
| packages: none | |
| repository-projects: none | |
| statuses: none | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| generate_environment_workspace_name: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Generate workspace name | |
| id: name_workspace | |
| run: | | |
| workspace=${{ github.event.pull_request.number }} | |
| workspace=${workspace//-} | |
| workspace=${workspace//_} | |
| workspace=${workspace//\/} | |
| workspace=${workspace:0:11} | |
| workspace=$(echo ${workspace} | tr '[:upper:]' '[:lower:]') | |
| echo "name=${workspace}" >> $GITHUB_OUTPUT | |
| echo ${workspace} | |
| outputs: | |
| environment_workspace_name: ${{ steps.name_workspace.outputs.name }} | |
| cleanup_workspace: | |
| runs-on: ubuntu-latest | |
| needs: [ generate_environment_workspace_name ] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials For Terraform | |
| uses: aws-actions/configure-aws-credentials@v4.1.0 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| aws-region: eu-west-1 | |
| role-duration-seconds: 3600 | |
| role-session-name: OPGModernisingLPATerraformGithubAction | |
| - uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.OPG_MODERNISING_LPA_DEPLOY_KEY_PRIVATE_KEY }} | |
| - name: Setup Workspace Manager | |
| run: | | |
| wget https://github.com/ministryofjustice/opg-terraform-workspace-manager/releases/download/v0.3.2/opg-terraform-workspace-manager_Linux_x86_64.tar.gz -O $HOME/terraform-workspace-manager.tar.gz | |
| sudo tar -xvf $HOME/terraform-workspace-manager.tar.gz -C /usr/local/bin | |
| sudo chmod +x /usr/local/bin/terraform-workspace-manager | |
| terraform-workspace-manager -register-workspace=${{ needs.generate_environment_workspace_name.outputs.environment_workspace_name }} -time-to-protect=1 -aws-account-id=653761790766 -aws-iam-role=modernising-lpa-ci | |
| - name: Parse terraform version | |
| id: tf_version_setup | |
| working-directory: ./terraform/environment | |
| run: | | |
| if [ -f ./versions.tf ]; then | |
| terraform_version=$(cat ./versions.tf | ../../scripts/terraform-version.sh) | |
| echo "- Terraform version: [${terraform_version}]" >> $GITHUB_STEP_SUMMARY | |
| echo "TERRAFORM_VERSION=${terraform_version}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: "Terraform version [${{ steps.tf_version_setup.outputs.TERRAFORM_VERSION }}]" | |
| run: echo "terraform version [${{ steps.tf_version_setup.outputs.TERRAFORM_VERSION }}]" | |
| working-directory: ./terraform/environment | |
| - uses: hashicorp/setup-terraform@v3.1.2 | |
| with: | |
| terraform_version: ${{ steps.tf_version_setup.outputs.TERRAFORM_VERSION }} | |
| terraform_wrapper: false | |
| - name: Terraform Init | |
| run: terraform init -input=false | |
| working-directory: ./terraform/environment | |
| - name: Destroy PR environment and Terraform workspace | |
| working-directory: ./terraform/environment | |
| env: | |
| TF_VAR_pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }} | |
| run: | | |
| terraform workspace select -or-create=true ${{ needs.generate_environment_workspace_name.outputs.environment_workspace_name }} | |
| terraform destroy -auto-approve | |
| terraform workspace select default | |
| terraform workspace delete ${{ needs.generate_environment_workspace_name.outputs.environment_workspace_name }} | |
| - name: Remove protection for environment workspace | |
| run: | | |
| terraform-workspace-manager -register-workspace=${{ needs.generate_environment_workspace_name.outputs.environment_workspace_name }} -time-to-protect=0 -aws-account-id=653761790766 -aws-iam-role=modernising-lpa-ci | |
| - name: Configure AWS Credentials For AWS CLI | |
| uses: aws-actions/configure-aws-credentials@v4.1.0 | |
| with: | |
| role-to-assume: arn:aws:iam::653761790766:role/modernising-lpa-github-actions-cloudwatch-log-group-delete | |
| aws-region: eu-west-1 | |
| role-duration-seconds: 900 | |
| role-session-name: OPGModernisingLPALogGroupDeleteGithubAction | |
| - name: Remove container insights log group | |
| run: | | |
| aws logs delete-log-group --log-group-name /aws/ecs/containerinsights/${{ needs.generate_environment_workspace_name.outputs.environment_workspace_name }}/performance | |
| - name: Configure AWS Credentials For opensearch | |
| uses: aws-actions/configure-aws-credentials@v4.1.0 | |
| with: | |
| role-to-assume: arn:aws:iam::653761790766:role/modernising-lpa-github-actions-opensearch-delete-index | |
| aws-region: eu-west-1 | |
| role-duration-seconds: 900 | |
| role-session-name: OPGModernisingOpensearchIndexDeleteGithubAction | |
| - name: Delete opensearch index lpas_v2_${{ needs.generate_environment_workspace_name.outputs.environment_workspace_name }} | |
| run: | | |
| pip install awscurl==0.33 | |
| response=$(awscurl \ | |
| "${{ secrets.DEVELOPMENT_OPENSEARCH_COLLECTION_ENDPOINT }}/lpas_v2_${{ needs.generate_environment_workspace_name.outputs.environment_workspace_name }}" \ | |
| --request DELETE \ | |
| --region eu-west-1 \ | |
| --service aoss) | |
| if [[ $response == *'"acknowledged":true'* ]]; then | |
| echo "Request successful." | |
| elif [[ $response == *'"status":404'* ]]; then | |
| echo "Request successful but index not found." | |
| else | |
| exit 1 | |
| fi |