MLPAB-2445 Update progress tracker items #1553

Workflow file for this run

.github/workflows/workflow_destroy_pr_environment.yml at 7cabb92

	name: "[Workflow] Destroy PR Environment"

	on:
	pull_request:
	branches:
	- main
	types:
	- closed

	permissions:
	id-token: write
	contents: read
	security-events: none
	pull-requests: read
	actions: none
	checks: none
	deployments: none
	issues: none
	packages: none
	repository-projects: none
	statuses: none

	defaults:
	run:
	shell: bash

	jobs:
	fetch_s3_av_version:
	name: Fetch the S3 AV Zip version tag
	runs-on: ubuntu-latest
	steps:
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4.0.2
	with:
	aws-region: eu-west-1
	role-to-assume: arn:aws:iam::311462405659:role/modernising-lpa-github-actions-ssm-get-parameter
	role-duration-seconds: 900
	role-session-name: GithubActionsSSMGetParameter
	- name: Pull S3 AV Zip tag
	id: pull_s3_av_tag
	run: \|
	key="/opg-s3-antivirus/zip-version-main"
	value=$(aws ssm get-parameter --name "$key" --query 'Parameter.Value' --output text 2>/dev/null \|\| true)
	echo "Using $key: $value"
	echo "tag=${value}" >> $GITHUB_OUTPUT
	outputs:
	s3_av_scanner_zip_tag: ${{ steps.pull_s3_av_tag.outputs.tag }}

	generate_environment_workspace_name:
	runs-on: ubuntu-latest
	steps:
	- name: Generate workspace name
	id: name_workspace
	run: \|
	workspace=${{ github.event.pull_request.number }}
	workspace=${workspace//-}
	workspace=${workspace//_}
	workspace=${workspace//\/}
	workspace=${workspace:0:11}
	workspace=$(echo ${workspace} \| tr '[:upper:]' '[:lower:]')
	echo "name=${workspace}" >> $GITHUB_OUTPUT
	echo ${workspace}
	outputs:
	environment_workspace_name: ${{ steps.name_workspace.outputs.name }}

	cleanup_workspace:
	runs-on: ubuntu-latest
	needs: [ generate_environment_workspace_name, fetch_s3_av_version ]
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: get lambda function zips
	working-directory: ./terraform/environment/region/modules/s3_antivirus/
	run: \|
	echo "Pulling AV lambda version: ${{ needs.fetch_s3_av_version.outputs.s3_av_scanner_zip_tag }}" >> $GITHUB_STEP_SUMMARY
	wget https://github.com/ministryofjustice/opg-s3-antivirus/releases/download/${{ needs.fetch_s3_av_version.outputs.s3_av_scanner_zip_tag }}/lambda_layer-amd64.zip -O lambda_layer.zip
	wget https://github.com/ministryofjustice/opg-s3-antivirus/releases/download/${{ needs.fetch_s3_av_version.outputs.s3_av_scanner_zip_tag }}/lambda_layer-amd64.zip.sha256sum -O lambda_layer.zip.sha256sum
	sha256sum -c "lambda_layer.zip.sha256sum"
	echo "Lambda Layer Zip SHA256 Hash: $(cat lambda_layer.zip.sha256sum)" >> $GITHUB_STEP_SUMMARY

	wget https://github.com/ministryofjustice/opg-s3-antivirus/releases/download/${{ needs.fetch_s3_av_version.outputs.s3_av_scanner_zip_tag }}/myFunction-amd64.zip -O myFunction.zip
	wget https://github.com/ministryofjustice/opg-s3-antivirus/releases/download/${{ needs.fetch_s3_av_version.outputs.s3_av_scanner_zip_tag }}/myFunction-amd64.zip.sha256sum -O myFunction.zip.sha256sum
	sha256sum -c "myFunction.zip.sha256sum"
	echo "Lambda Function Zip SHA256 Hash: $(cat myFunction.zip.sha256sum)" >> $GITHUB_STEP_SUMMARY

	- name: Configure AWS Credentials For Terraform
	uses: aws-actions/configure-aws-credentials@v4.0.2
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
	aws-region: eu-west-1
	role-duration-seconds: 3600
	role-session-name: OPGModernisingLPATerraformGithubAction

	- uses: webfactory/ssh-agent@v0.9.0
	with:
	ssh-private-key: ${{ secrets.OPG_MODERNISING_LPA_DEPLOY_KEY_PRIVATE_KEY }}

	- name: Setup Workspace Manager
	run: \|
	wget https://github.com/ministryofjustice/opg-terraform-workspace-manager/releases/download/v0.3.2/opg-terraform-workspace-manager_Linux_x86_64.tar.gz -O $HOME/terraform-workspace-manager.tar.gz
	sudo tar -xvf $HOME/terraform-workspace-manager.tar.gz -C /usr/local/bin
	sudo chmod +x /usr/local/bin/terraform-workspace-manager
	terraform-workspace-manager -register-workspace=${{ needs.generate_environment_workspace_name.outputs.environment_workspace_name }} -time-to-protect=1 -aws-account-id=653761790766 -aws-iam-role=modernising-lpa-ci

	- name: Parse terraform version
	id: tf_version_setup
	working-directory: ./terraform/environment
	run: \|
	if [ -f ./versions.tf ]; then
	terraform_version=$(cat ./versions.tf \| ../../scripts/terraform-version.sh)
	echo "- Terraform version: [${terraform_version}]" >> $GITHUB_STEP_SUMMARY
	echo "TERRAFORM_VERSION=${terraform_version}" >> $GITHUB_OUTPUT
	fi

	- name: "Terraform version [${{ steps.tf_version_setup.outputs.TERRAFORM_VERSION }}]"
	run: echo "terraform version [${{ steps.tf_version_setup.outputs.TERRAFORM_VERSION }}]"
	working-directory: ./terraform/environment
	- uses: hashicorp/setup-terraform@v3.1.2
	with:
	terraform_version: ${{ steps.tf_version_setup.outputs.TERRAFORM_VERSION }}
	terraform_wrapper: false

	- name: Terraform Init
	run: terraform init -input=false
	working-directory: ./terraform/environment

	- name: Destroy PR environment and Terraform workspace
	working-directory: ./terraform/environment
	env:
	TF_VAR_pagerduty_api_key: ${{ secrets.PAGERDUTY_API_KEY }}

	run: \|
	terraform workspace select -or-create=true ${{ needs.generate_environment_workspace_name.outputs.environment_workspace_name }}
	terraform destroy -auto-approve
	terraform workspace select default
	terraform workspace delete ${{ needs.generate_environment_workspace_name.outputs.environment_workspace_name }}
	- name: Remove protection for environment workspace
	run: \|
	terraform-workspace-manager -register-workspace=${{ needs.generate_environment_workspace_name.outputs.environment_workspace_name }} -time-to-protect=0 -aws-account-id=653761790766 -aws-iam-role=modernising-lpa-ci
	- name: Configure AWS Credentials For AWS CLI
	uses: aws-actions/configure-aws-credentials@v4.0.2
	with:
	role-to-assume: arn:aws:iam::653761790766:role/modernising-lpa-github-actions-cloudwatch-log-group-delete
	aws-region: eu-west-1
	role-duration-seconds: 900
	role-session-name: OPGModernisingLPALogGroupDeleteGithubAction
	- name: Remove container insights log group
	run: \|
	aws logs delete-log-group --log-group-name /aws/ecs/containerinsights/${{ needs.generate_environment_workspace_name.outputs.environment_workspace_name }}/performance
	- name: Configure AWS Credentials For opensearch
	uses: aws-actions/configure-aws-credentials@v4.0.2
	with:
	role-to-assume: arn:aws:iam::653761790766:role/modernising-lpa-github-actions-opensearch-delete-index
	aws-region: eu-west-1
	role-duration-seconds: 900
	role-session-name: OPGModernisingOpensearchIndexDeleteGithubAction
	- name: Delete opensearch index lpas_v2_${{ needs.generate_environment_workspace_name.outputs.environment_workspace_name }}
	run: \|
	pip install awscurl==0.33
	response=$(awscurl \
	"${{ secrets.DEVELOPMENT_OPENSEARCH_COLLECTION_ENDPOINT }}/lpas_v2_${{ needs.generate_environment_workspace_name.outputs.environment_workspace_name }}" \
	--request DELETE \
	--region eu-west-1 \
	--service aoss)
	if [[ $response == '"acknowledged":true' ]]; then
	echo "Request successful."
	elif [[ $response == '"status":404' ]]; then
	echo "Request successful but index not found."
	else
	exit 1
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MLPAB-2445 Update progress tracker items #1553

Workflow file

MLPAB-2445 Update progress tracker items #1553

Jobs

Run details

Workflow file for this run