-
Notifications
You must be signed in to change notification settings - Fork 1
112 lines (102 loc) · 4.51 KB
/
destroy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: Destroy environment
on:
workflow_dispatch:
jobs:
destroy:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
runs-on: self-hosted
env:
OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
OS_APPLICATION_CREDENTIAL_NAME: ${{ secrets.OS_APPLICATION_CREDENTIAL_NAME }}
OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }}
AWS_ROUTE53_KEY_ID: ${{ secrets.AWS_ROUTE53_KEY_ID }}
AWS_ROUTE53_SECRET_KEY: ${{ secrets.AWS_ROUTE53_SECRET_KEY }}
TF_VAR_key_pair: ${{ secrets.KEY_PAIR_NAME }}
TF_VAR_extra_public_keys: '${{ vars.EXTRA_PUBLIC_KEYS }}'
TF_VAR_vm_user: ubuntu
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.6.3"
terraform_wrapper: false
- run: python --version
- name: Write private key file
run: |
import os
with open(os.environ['TF_VAR_key_file'], 'w') as fh:
fh.write(os.environ['PRIVATE_KEY_CONTENT'])
shell: python
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
PRIVATE_KEY_CONTENT: ${{ secrets.PRIVATE_KEY_CONTENT }}
- run: chmod 400 ${TF_VAR_key_file}
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
- name: Write clouds.yaml to temp dir
run: |
import os
with open(os.environ['CLOUDS_YAML_FILE'], 'w') as fh:
fh.write(os.environ['CLOUDS_YAML_CONTENT'])
shell: python
env:
CLOUDS_YAML_CONTENT: "${{ secrets.CLOUDS_YAML }}"
CLOUDS_YAML_FILE: "${{ runner.temp }}/clouds.yaml"
- name: Link clouds.yaml
run: |
mkdir -p ~/.config/openstack
ln -sf ${CLOUDS_YAML_FILE} ~/.config/openstack/clouds.yaml
env:
CLOUDS_YAML_FILE: "${{ runner.temp }}/clouds.yaml"
- run: echo "GITHUB_REF = $GITHUB_REF"
- run: echo "GITHUB_REF_NAME = $GITHUB_REF_NAME"
- run: echo "GITHUB_HEAD_REF = $GITHUB_HEAD_REF"
- run: echo "GITHUB_BASE_REF = $GITHUB_BASE_REF"
- run: echo "GITHUB_EVENT_NAME = $GITHUB_EVENT_NAME"
- name: Write ansible config file to temp dir
run: |
cp ondemand-config.yml.example ${ONDEMAND_CONFIG_FILE}
sed -i'' "s/CHANGEME_KEYCLOAK_ADMIN_PASSWORD/$KEYCLOAK_ADMIN_PASSWORD/" ${ONDEMAND_CONFIG_FILE}
sed -i'' "s/CHANGEME_LDAP_ADMIN_PASSWORD/$LDAP_ADMIN_PASSWORD/" ${ONDEMAND_CONFIG_FILE}
sed -i'' "s/CHANGEME_OIDC_CRYPTO_PASSPHRASE/$OIDC_CRYPTO_PASSPHRASE/" ${ONDEMAND_CONFIG_FILE}
sed -i'' "s/CHANGEME_OPENSTACK_SSH_KEY_NAME/$KEY_PAIR_NAME/" ${ONDEMAND_CONFIG_FILE}
working-directory: vars
env:
KEYCLOAK_ADMIN_PASSWORD: '${{ secrets.KEYCLOAK_ADMIN_PASSWORD }}'
LDAP_ADMIN_PASSWORD: '${{ secrets.LDAP_ADMIN_PASSWORD }}'
OIDC_CRYPTO_PASSPHRASE: '${{ secrets.OIDC_CRYPTO_PASSPHRASE }}'
KEY_PAIR_NAME: '${{ secrets.KEY_PAIR_NAME }}'
ONDEMAND_CONFIG_FILE: '${{ runner.temp }}/ondemand-config.yml'
- name: Link ondemand config
run: |
ln -sf ${ONDEMAND_CONFIG_FILE} ondemand-config.yml
working-directory: vars
env:
ONDEMAND_CONFIG_FILE: '${{ runner.temp }}/ondemand-config.yml'
- name: Install ansible dependencies
run: ansible-galaxy install --force -r requirements.yml
- name: Terraform initialise
run: terraform init -input=false
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
working-directory: terraform
- name: Switch terraform workspace (making sure it exists)
run: terraform workspace select -or-create=true ${GITHUB_BASE_REF:-$GITHUB_REF_NAME}
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
working-directory: terraform
- name: Install required Python library (botocore and boto3)
run: |
pip install botocore
pip install boto3
working-directory: terraform
- name: Destroy the environment
run: ./deployment.sh destroy ${GITHUB_BASE_REF:-$GITHUB_REF_NAME}
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
CLOUDS_YAML_BASE64: "${{ secrets.CLOUDS_YAML_BASE64 }}"
KUBE_CONFIG_BASE64: "${{ secrets.KUBE_CONFIG_BASE64 }}"