-
Notifications
You must be signed in to change notification settings - Fork 41
117 lines (105 loc) · 5.04 KB
/
dev_on_pull_request_closed.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
name: "1 [on_pull_request] Delete PR deployment"
on:
pull_request:
types:
- closed
jobs:
# Delete pcapi preview deployment
delete-pcapi-preview-deployment:
name: "Delete pcapi preview deployment"
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4.2.1
- name: "Authentification to Google"
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
- name: "Get secrets"
id: 'secrets'
uses: 'google-github-actions/get-secretmanager-secrets@v2'
with:
secrets: |-
API_TOKEN_GITHUB:passculture-metier-ehp/passculture-main-sa-access-token
FIREBASE_SERVICE_ACCOUNT_TESTING:passculture-metier-ehp/pc_pro_testing_firebase_json
DEPLOYMENT_SA:passculture-metier-ehp/pcapi-testing_deploy-service-account
DEPLOYMENT_WORKLOAD_IDENTITY_PROVIDER:passculture-metier-ehp/gcp_metier_ehp_workload_identity_provider
# Checkout rendered-manifests repository
- uses: actions/checkout@v4.2.1
with:
repository: pass-culture/rendered-manifests
token: ${{ steps.secrets.outputs.API_TOKEN_GITHUB }}
path: ./rendered-manifests
ref: 'pcapi/pullrequests'
- name: "Delete PR deployment"
run: |
git config --global user.email "PassCulture-SA@passculture.team"
git config --global user.name "PassCulture-SA"
cd ./rendered-manifests
files_modified=false
[[ -d "pcapi-pr-${{ github.event.pull_request.number }}" ]] && { git rm -r pcapi-pr-${{ github.event.pull_request.number }}; files_modified=true; } || echo "path pcapi-pr-${{ github.event.pull_request.number }} does not exist"
[[ -d "postgresql-pr-${{ github.event.pull_request.number }}" ]] && { git rm -r postgresql-pr-${{ github.event.pull_request.number }}; files_modified=true; } || echo "path postgresql-pr-${{ github.event.pull_request.number }} does not exist"
[[ -d "redis-pr-${{ github.event.pull_request.number }}" ]] && { git rm -r redis-pr-${{ github.event.pull_request.number }}; files_modified=true; } || echo "path redis-pr-${{ github.event.pull_request.number }} does not exist"
if [ "$files_modified" = true ]; then
git add .
git commit -m "[PR-${{ github.event.pull_request.number }}] Delete deployment"
git push
fi
- name: "Authentification to Google"
uses: 'google-github-actions/auth@v2'
with:
service_account : ${{ steps.secrets.outputs.DEPLOYMENT_SA }}
workload_identity_provider: ${{ steps.secrets.outputs.DEPLOYMENT_WORKLOAD_IDENTITY_PROVIDER }}
- name: "Connect to cluster"
uses: pass-culture/common-workflows/actions/pc-k8s-connect@pc-k8s-connect/v0.1.0
with:
cluster_scope: metier
cluster_environment: ehp
api_token_github: ${{ steps.secrets.outputs.API_TOKEN_GITHUB }}
- name: "Wait for argocd applications to be deleted; delete namespace"
continue-on-error: true
run: |
set +e
while true; do
kubectl get application -n argocd | grep ${{ github.event.pull_request.number }}
[[ $? -eq 0 ]] && sleep 5 || break
done
# Check for PR namespace and delete it
kubectl get ns pcapi-pr-${{ github.event.pull_request.number }}
[[ $? -eq 0 ]] && kubectl delete ns pcapi-pr-${{ github.event.pull_request.number }} || echo "namespace pcapi-pr-${{ github.event.pull_request.number }} does not exist"
# Delete pro preview deployment
delete-pro-firebase-preview-deployment:
name: "Delete pro preview deployment"
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4.2.1
- name: "Authentification to Google"
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
- name: "Get secrets"
id: 'secrets'
uses: 'google-github-actions/get-secretmanager-secrets@v2'
with:
secrets: |-
FIREBASE_SERVICE_ACCOUNT_TESTING:passculture-metier-ehp/pc_pro_testing_firebase_json
- name: "Get pro channel name"
id: pro-channel-name
run: |
shortname=$(echo "${{ github.head_ref }}" | cut -c1-20)
echo "channel-name=pr${{ github.event.pull_request.number }}-$shortname" >> $GITHUB_OUTPUT
# Delete pro firebase deployment
- uses: w9jds/firebase-action@v13.29.1
with:
args: hosting:channel:delete ${{ steps.pro-channel-name.outputs.channel-name }} --force
env:
GCP_SA_KEY: ${{ steps.secrets.outputs.FIREBASE_SERVICE_ACCOUNT_TESTING }}
PROJECT_ID: pc-pro-testing
PROJECT_PATH: ./pro