Update AWS creds action to v4 / retry PR close #117
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Cleanup Merged PR | |
| on: | |
| pull_request: | |
| types: | |
| - closed | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| # Limit concurrency to 1, with queueing, per workflow | |
| # Limit concurrency to 1, with queueing, per workflow per PR | |
| concurrency: | |
| group: build-${{ github.workflow }}-${{ github.event.pull_request.number }} | |
| cancel-in-progress: false | |
| env: | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| NODE_ENV: prod | |
| AWS_REGION: us-east-2 | |
| jobs: | |
| cleanup-pr: | |
| if: github.actor != 'dependabot[bot]' | |
| environment: | |
| name: ghpublic | |
| strategy: | |
| matrix: | |
| deployName: | |
| - microapps-core | |
| - microapps-basic | |
| - microapps-basic-prefix | |
| name: deploy-${{ matrix.deployName }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| # | |
| # Cleanup the Lambda Resource Policy allowing Child Deployer | |
| # to invoke the Parent Deployer, when applicable | |
| # | |
| - name: Change to Parent Account | |
| if: ${{ matrix.deployName == 'microapps-core' }} | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: microapps-ghpublic-build | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Destroy Parent Privilege CDK Stack for Child Deploy | |
| if: ${{ matrix.deployName == 'microapps-core' }} | |
| run: | | |
| aws cloudformation delete-stack --stack-name "${{ matrix.deployName }}-ghchild-priv-${NODE_ENV}-pr-${PR_NUMBER}" | |
| aws cloudformation wait stack-delete-complete --output text --stack-name "${{ matrix.deployName }}-ghchild-priv-${NODE_ENV}-pr-${PR_NUMBER}" | |
| # | |
| # Cleanup the Child Deployer, when applicable | |
| # | |
| - name: Change to Child Account | |
| if: ${{ matrix.deployName == 'microapps-core' }} | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: microapps-ghpublic-build | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_CHILD }}:role/builder-writeRole | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Destroy Child CDK Stack | |
| if: ${{ matrix.deployName == 'microapps-core' }} | |
| run: | | |
| aws cloudformation delete-stack --stack-name "${{ matrix.deployName }}-ghchild-${NODE_ENV}-pr-${PR_NUMBER}" | |
| aws cloudformation wait stack-delete-complete --output text --stack-name "${{ matrix.deployName }}-ghchild-${NODE_ENV}-pr-${PR_NUMBER}" | |
| # | |
| # Cleanup the Lambda Resource Policy allowing Child Deployer | |
| # to invoke the Parent Deployer, when applicable | |
| # | |
| - name: Change to Parent Account | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: microapps-ghpublic-build | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Destroy Parent CDK Stack | |
| run: | | |
| set +e | |
| aws cloudformation delete-stack --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" | |
| aws cloudformation wait stack-delete-complete --output text --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" | |
| if [ $? -ne 0 ]; then | |
| echo "Stack deletion failed. Checking if it's due to non-empty S3 bucket..." | |
| STACK_STATUS=$(aws cloudformation describe-stacks --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" --query "Stacks[0].StackStatus" --output text) | |
| if [ "$STACK_STATUS" = "DELETE_FAILED" ]; then | |
| BUCKET_NAME=$(aws cloudformation describe-stack-resource --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" --logical-resource-id microappss3logsC4FFF4AE --query "StackResourceDetail.PhysicalResourceId" --output text) | |
| echo "Emptying S3 bucket $BUCKET_NAME..." | |
| aws s3 rm s3://$BUCKET_NAME --recursive | |
| echo "Retrying stack deletion..." | |
| aws cloudformation delete-stack --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" | |
| aws cloudformation wait stack-delete-complete --output text --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" | |
| fi | |
| fi | |
| set -e | |
| # TODO - Need to get the stack name from the parent stack export | |
| # - name: Destroy Parent Edge to Origin Stack | |
| # run: | | |
| # aws cloudformation delete-stack --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" | |
| # aws cloudformation wait stack-delete-complete --output text --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" | |
| # Example: | |
| # microapps-core-ghpublic-prod-pr-303-edge-role | |
| # - name: Destroy Parent Edge to Origin Stack | |
| # run: | | |
| # aws cloudformation delete-stack --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}-edge-role" | |
| # aws cloudformation wait stack-delete-complete --output text --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}-edge-role" |