-
Notifications
You must be signed in to change notification settings - Fork 0
105 lines (95 loc) · 4.29 KB
/
undeploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Undeploy
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
on:
workflow_dispatch:
inputs:
aws_environment:
type: choice
description: AWS Environment
required: true
default: dev
options:
- dev
- test
- prod
aws_region:
type: choice
description: AWS Region
required: true
default: us-east-1
options:
- us-east-1
- us-east-2
- us-west-1
- us-west-2
snowflake_warehouse:
type: string
description: Snowflake Warehouse
required: true
service_account_user:
type: string
description: Snowflake Service Account User
required: true
run-name: ${{ github.workflow }} ${{ github.ref_name }} branch to the ${{ github.event.inputs.aws_region }} ${{ github.event.inputs.aws_environment }} environment
jobs:
deploy:
name: "Undeploy terraform configuration"
runs-on: ${{ github.event.inputs.aws_environment }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Get AWS Environment Info
id: aws-environment-info
uses: ./.github/actions/aws-environment-info
with:
aws_environment: ${{ github.event.inputs.aws_environment }}
aws_dev_account_id: ${{ vars.AWS_DEV_ACCOUNT_ID }}
aws_test_account_id: ${{ vars.AWS_TEST_ACCOUNT_ID }}
aws_prod_account_id: ${{ vars.AWS_PROD_ACCOUNT_ID }}
aws_region: ${{ github.event.inputs.aws_region }}
snowflake_warehouse: ${{ github.event.inputs.snowflake_warehouse }}
service_account_user: ${{ github.event.inputs.service_account_user }}
- name: Configure AWS credentials
id: aws-credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ steps.aws-environment-info.outputs.aws_account_id }}:role/GitHubActionsRole
aws-region: ${{ github.event.inputs.aws_region }}
output-credentials: true
- uses: hashicorp/setup-terraform@v3
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
- name: Terraform Init
id: terraform-init
run: terraform init
- name: Terraform Validate
id: validate
run: terraform validate -no-color
- name: Terraform Destroy Plan
id: plan_destroy
run: terraform plan -destroy
env:
TF_VAR_confluent_cloud_api_key: ${{ secrets.CONFLUENT_CLOUD_API_KEY }}
TF_VAR_confluent_cloud_api_secret: ${{ secrets.CONFLUENT_CLOUD_API_SECRET }}
TF_VAR_aws_account_id: ${{ steps.aws-environment-info.outputs.aws_account_id }}
TF_VAR_aws_region: ${{ github.event.inputs.aws_region }}
TF_VAR_aws_access_key_id: ${{ steps.aws-credentials.outputs.aws-access-key-id }}
TF_VAR_aws_secret_access_key: ${{ steps.aws-credentials.outputs.aws-secret-access-key }}
TF_VAR_aws_session_token: ${{ steps.aws-credentials.outputs.aws-session-token }}
TF_VAR_snowflake_warehouse: ${{ github.event.inputs.snowflake_warehouse }}
TF_VAR_service_account_user: ${{ github.event.inputs.service_account_user }}
- name: Terraform Destroy Apply
id: apply_destroy
run: terraform apply -destroy -auto-approve
env:
TF_VAR_confluent_cloud_api_key: ${{ secrets.CONFLUENT_CLOUD_API_KEY }}
TF_VAR_confluent_cloud_api_secret: ${{ secrets.CONFLUENT_CLOUD_API_SECRET }}
TF_VAR_aws_account_id: ${{ steps.aws-environment-info.outputs.aws_account_id }}
TF_VAR_aws_region: ${{ github.event.inputs.aws_region }}
TF_VAR_aws_access_key_id: ${{ steps.aws-credentials.outputs.aws-access-key-id }}
TF_VAR_aws_secret_access_key: ${{ steps.aws-credentials.outputs.aws-secret-access-key }}
TF_VAR_aws_session_token: ${{ steps.aws-credentials.outputs.aws-session-token }}
TF_VAR_snowflake_warehouse: ${{ github.event.inputs.snowflake_warehouse }}
TF_VAR_service_account_user: ${{ github.event.inputs.service_account_user }}