Tags policy permissions #1012
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pull request environment cleanup | |
on: | |
pull_request: | |
types: | |
- closed | |
env: | |
MANTAINERS: "[\"cdimonaco\", \"dottorblaster\", \"fabriziosestito\", \"rtorrero\", \"nelsonkopliku\", \"arbulu89\",\"jagabomb\",\"emaksy\",\"jamie-suse\"]" | |
PR_ENV_LABEL: env | |
PR_NUMBER: "${{ github.event.pull_request.number }}" | |
jobs: | |
check_env_creation_privilege: | |
name: Check if the environment deletion criteria are met, store in the job output | |
runs-on: ubuntu-20.04 | |
outputs: | |
create_env: ${{ steps.check.outputs.create_env }} | |
steps: | |
- id: check | |
run: echo "create_env=${{ contains(github.event.pull_request.labels.*.name, env.PR_ENV_LABEL) }}" >> "$GITHUB_OUTPUT" | |
delete-pr-image: | |
needs: check_env_creation_privilege | |
name: Build and push pull request container image | |
runs-on: ubuntu-20.04 | |
if: needs.check_env_creation_privilege.outputs.create_env == 'true' | |
permissions: | |
contents: read | |
packages: write | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_TAG: ${{ github.event.pull_request.number }}-env | |
steps: | |
- name: Cancel Previous Runs | |
uses: styfle/cancel-workflow-action@0.12.1 | |
with: | |
access_token: ${{ github.token }} | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: docker/setup-buildx-action@v3 | |
- name: Log in to the Container registry | |
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Delete the container image | |
uses: bots-house/ghcr-delete-image-action@v1.1.0 | |
with: | |
owner: ${{ github.repository_owner }} | |
name: trento-web | |
tag: ${{ env.IMAGE_TAG }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
delete_pr_environment: | |
name: Delete the pr environment | |
runs-on: ubuntu-20.04 | |
needs: delete-pr-image | |
steps: | |
- name: Checkout ansible repo | |
uses: actions/checkout@v4 | |
with: | |
repository: trento-project/ansible | |
path: ansible | |
- name: Add pipx_bin to path | |
if: ${{ env.ACT }} | |
run: echo '/opt/pipx_bin' >> $GITHUB_PATH | |
- name: Install galaxy deps | |
run: ansible-galaxy install -r ansible/requirements.yml | |
- name: Run playbook | |
uses: dawidd6/action-ansible-playbook@v2 | |
with: | |
playbook: ansible/playbook.cleanup.yml | |
key: ${{ secrets.SSH_PR_MACHINE_KEY }} | |
inventory: | | |
all: | |
vars: | |
ansible_user: ec2-user | |
ansible_python_interpreter: /usr/bin/python3 | |
children: | |
trento-server: | |
hosts: | |
server: | |
ansible_host: ${{ secrets.PR_ENV_MACHINE_IP }} | |
postgres-hosts: | |
hosts: | |
server: | |
ansible_host: ${{ secrets.PR_ENV_MACHINE_IP }} | |
rabbitmq-hosts: | |
hosts: | |
server: | |
ansible_host: ${{ secrets.PR_ENV_MACHINE_IP }} | |
options: | | |
--extra-vars "web_postgres_db='${{ env.PR_NUMBER }}db' \ | |
web_postgres_event_store='${{ env.PR_NUMBER }}edb' \ | |
wanda_postgres_db='${{ env.PR_NUMBER }}wandadb' \ | |
web_postgres_user='${{ env.PR_NUMBER }}web' \ | |
wanda_postgres_user='${{ env.PR_NUMBER }}wanda' \ | |
web_container_name='${{ env.PR_NUMBER }}web' \ | |
web_container_image='ghcr.io/trento-project/trento-web:${{ env.PR_NUMBER }}-env' \ | |
wanda_container_name='${{ env.PR_NUMBER }}wanda' \ | |
docker_network_name='${{ env.PR_NUMBER }}net' \ | |
nginx_vhost_filename='${{ env.PR_NUMBER }}' \ | |
trento_server_name='${{ env.PR_BASE_URL }}' \ | |
web_postgres_password='trento' \ | |
wanda_postgres_password='wanda' \ | |
rabbitmq_vhost='${{ env.PR_NUMBER }}' \ | |
rabbitmq_password='trento' \ | |
rabbitmq_username='${{ env.PR_NUMBER }}rabbitusr' \ | |
remove_wanda_container_image='false' \ | |
install_method='docker'" |