Skip to content

Pulumi Destroy

Pulumi Destroy #1

name: Pulumi Destroy
on:
workflow_dispatch: null
jobs:
preview:
runs-on: ubuntu-latest
strategy:
fail-fast: false
# This IAM Matrix should have a name with the stack name, awsAccountID, and iamRole
# with access to deploy AWS resources in you account. The easiest method is attaching AdministratorAccess Policy to role
# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services for details on implementing OIDC with Github Actions
matrix:
arrays: [
stack: {name: "hub", awsAccountID: "AWS_ACCOUNT_ID", iamRole: "AWS_DEPLOY_ROLE"},
stack: {name: "dev", awsAccountID: "AWS_ACCOUNT_ID", iamRole: "AWS_DEPLOY_ROLE"},
stack: {name: "prod", awsAccountID: "AWS_ACCOUNT_ID", iamRole: "AWS_DEPLOY_ROLE"},
]
permissions:
id-token: write
contents: read
name: Pulumi Destroy ${{ matrix.arrays.stack.name }}
steps:
- name: Checkout 🛎️
uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
## the following creates an ARN based on the values entered into github secrets
role-to-assume: arn:aws:iam::${{ secrets[matrix.arrays.stack.awsAccountID] }}:role/${{ secrets[matrix.arrays.stack.iamRole] }}
role-session-name: myGitHubActions
- name: 📦️ Pulumi Install 📦️
uses: pulumi/actions@v5
# - name: Overrides Pulumi Config 🔨
# working-directory: pulumi
# env:
# PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
# run: |
# pulumi stack select ${{ matrix.arrays.stack.name }}
# pulumi config set githubOrg ${GITHUB_REPOSITORY_OWNER}
# pulumi config set githubRepo $(echo "${GITHUB_REPOSITORY}" | cut -d '/' -f2)
# pulumi config set veleroBucketPrefix ${{ secrets.VELERO_BACKUP_BUCKET }}
# if [ ${{ matrix.arrays.stack.name }} != "hub" ]; then
# pulumi config set hubStackName ${{ secrets.PULUMI_ACCOUNT }}/${{ secrets.PULUMI_PROJECT }}/hub
# fi
# cat stacks/Pulumi.${{ matrix.arrays.stack.name }}.yaml
- name: Setup Node LTS ✨
uses: actions/setup-node@v4
with:
node-version: lts/*
# cache: npm
# cache-dependency-path: pulumi/src/package-lock.json
- name: Installing dependencies 📦️
run: |
cd ./pulumi
npm install
- name: Destroy infrastructure 🚀
uses: pulumi/actions@v5
with:
command: destroy
work-dir: ./pulumi
stack-name: ${{ matrix.arrays.stack.name }}
comment-on-summary: true
diff: true
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
GITHUB_TOKEN: ${{ secrets.PULUMI_GITHUB_TOKEN }}
PULUMI_K8S_DELETE_UNREACHABLE: true