Clean #18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Clean | |
on: | |
workflow_dispatch: | |
inputs: | |
workspaces: | |
description: Space separated list of workspaces to clean (leave blank to clean all) | |
required: false | |
regex: | |
description: Regex string to use to find the resources to remove from the state | |
required: false | |
default: .* | |
dry-run: | |
description: Whether to only print out what would've been removed | |
required: false | |
default: "true" | |
lock: | |
description: Whether to acquire terraform state lock during clean | |
required: false | |
default: "true" | |
jobs: | |
prepare: | |
name: Prepare | |
runs-on: ubuntu-latest | |
outputs: | |
workspaces: ${{ steps.workspaces.outputs.this }} | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Discover workspaces | |
id: workspaces | |
env: | |
WORKSPACES: ${{ github.event.inputs.workspaces }} | |
run: | | |
if [[ -z "${WORKSPACES}" ]]; then | |
workspaces="$(ls github | jq --raw-input '[.[0:-4]]' | jq -sc add)" | |
else | |
workspaces="$(echo "${WORKSPACES}" | jq --raw-input 'split(" ")')" | |
fi | |
echo "this=${workspaces}" >> $GITHUB_OUTPUT | |
clean: | |
needs: [prepare] | |
if: needs.prepare.outputs.workspaces != '' | |
permissions: | |
contents: write | |
strategy: | |
fail-fast: false | |
matrix: | |
workspace: ${{ fromJson(needs.prepare.outputs.workspaces) }} | |
name: Prepare | |
runs-on: ubuntu-latest | |
env: | |
TF_IN_AUTOMATION: 1 | |
TF_INPUT: 0 | |
TF_LOCK: ${{ github.event.inputs.lock }} | |
TF_WORKSPACE_OPT: ${{ matrix.workspace }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.RW_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.RW_AWS_SECRET_ACCESS_KEY }} | |
GITHUB_APP_ID: ${{ secrets.RW_GITHUB_APP_ID }} | |
GITHUB_APP_INSTALLATION_ID: ${{ secrets[format('RW_GITHUB_APP_INSTALLATION_ID_{0}', matrix.workspace)] || secrets.RW_GITHUB_APP_INSTALLATION_ID }} | |
GITHUB_APP_PEM_FILE: ${{ secrets.RW_GITHUB_APP_PEM_FILE }} | |
TF_VAR_write_delay_ms: 300 | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup terraform | |
uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3 | |
with: | |
terraform_version: 1.2.9 | |
terraform_wrapper: false | |
- name: Initialize terraform | |
run: terraform init -upgrade | |
working-directory: terraform | |
- name: Select terraform workspace | |
run: | | |
terraform workspace select "${TF_WORKSPACE_OPT}" || terraform workspace new "${TF_WORKSPACE_OPT}" | |
echo "TF_WORKSPACE=${TF_WORKSPACE_OPT}" >> $GITHUB_ENV | |
working-directory: terraform | |
- name: Clean | |
env: | |
DRY_RUN: ${{ github.event.inputs.dry-run }} | |
REGEX: ^${{ github.event.inputs.regex }}$ | |
run: | | |
dryRunFlag='' | |
if [[ "${DRY_RUN}" == 'true' ]]; then | |
dryRunFlag='-dry-run' | |
fi | |
terraform state list | grep -E "${REGEX}" | sed 's/"/\\"/g' | xargs -I {} terraform state rm -lock="${TF_LOCK}" ${dryRunFlag} {} | |
working-directory: terraform |