Skip to content

Commit

Permalink
Optionally delay destroy in github actions to allow investigation time
Browse files Browse the repository at this point in the history
  • Loading branch information
linda.nasredin committed Apr 25, 2024
1 parent 3dd72a9 commit 776b2e6
Show file tree
Hide file tree
Showing 6 changed files with 30 additions and 12 deletions.
7 changes: 5 additions & 2 deletions .github/workflows/dsf_poc_cli.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ env:
TF_INPUT: 0
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DESTORY_DELAY_SECONDS: 1800
DESTROY_DELAY_SECONDS: 1800

permissions:
contents: read
Expand Down Expand Up @@ -227,7 +227,10 @@ jobs:
# This step allows time for investigation of the failed resources before destroying them
- name: Conditional Delay
if: ${{ failure() && github.event.inputs.delay_destory == 'true' }}
run: sleep $DESTORY_DELAY_SECONDS
run: |
destroy_delay_minutes = $DESTROY_DELAY_SECONDS / 60
curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*DSF Single Account ${{ inputs.workspace }} automation Failed*\nYou have $destroy_delay_minutes minutes to investigate the environment before it is destroyed.\n<https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|Please check the job!>\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#edsf_automation"}' ${{ secrets.SLACK_WEBHOOK_URL }}
sleep $DESTROY_DELAY_SECONDS
- name: Terraform Destroy
id: destroy
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/dsf_poc_cli_azure.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ env:
ARM_CLIENT_ID: ${{ vars.ARM_CLIENT_ID }}
ARM_TENANT_ID: ${{ vars.ARM_TENANT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
DESTORY_DELAY_SECONDS: 1800
DESTROY_DELAY_SECONDS: 1800
permissions:
contents: read

Expand Down Expand Up @@ -254,7 +254,10 @@ jobs:
# This step allows time for investigation of the failed resources before destroying them
- name: Conditional Delay
if: ${{ failure() && github.event.inputs.delay_destory == 'true' }}
run: sleep $DESTORY_DELAY_SECONDS
run: |
destroy_delay_minutes = $DESTROY_DELAY_SECONDS / 60
curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*DSF Single Account ${{ inputs.workspace }} automation Failed*\nYou have $destroy_delay_minutes minutes to investigate the environment before it is destroyed.\n<https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|Please check the job!>\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#edsf_automation"}' ${{ secrets.SLACK_WEBHOOK_URL }}
sleep $DESTROY_DELAY_SECONDS
- name: Terraform Destroy
id: destroy
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/dsf_single_account_cli.yml
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ env:
AWS_SECRET_ACCESS_KEY_STAGE: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }}
JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }}
AWS_KEY_PATH: "aws_key.cer"
DESTORY_DELAY_SECONDS: 1800
DESTROY_DELAY_SECONDS: 1800

permissions:
contents: read
Expand Down Expand Up @@ -229,7 +229,10 @@ jobs:
# This step allows time for investigation of the failed resources before destroying them
- name: Conditional Delay
if: ${{ failure() && github.event.inputs.delay_destory == 'true' }}
run: sleep $DESTORY_DELAY_SECONDS
run: |
destroy_delay_minutes = $DESTROY_DELAY_SECONDS / 60
curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*DSF Single Account ${{ inputs.workspace }} automation Failed*\nYou have $destroy_delay_minutes minutes to investigate the environment before it is destroyed.\n<https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|Please check the job!>\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#edsf_automation"}' ${{ secrets.SLACK_WEBHOOK_URL }}
sleep $DESTROY_DELAY_SECONDS
- name: Terraform Destroy
if: always()
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/sonar_multi_account_cli.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ env:
TF_WORKSPACE: "multi_account"
JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }}
AWS_KEY_PATH: "aws_key.cer"
DESTORY_DELAY_SECONDS: 1800
DESTROY_DELAY_SECONDS: 1800

permissions:
contents: read
Expand Down Expand Up @@ -163,7 +163,10 @@ jobs:
# This step allows time for investigation of the failed resources before destroying them
- name: Conditional Delay
if: ${{ failure() && github.event.inputs.delay_destory == 'true' }}
run: sleep $DESTORY_DELAY_SECONDS
run: |
destroy_delay_minutes = $DESTROY_DELAY_SECONDS / 60
curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*DSF Single Account ${{ inputs.workspace }} automation Failed*\nYou have $destroy_delay_minutes minutes to investigate the environment before it is destroyed.\n<https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|Please check the job!>\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#edsf_automation"}' ${{ secrets.SLACK_WEBHOOK_URL }}
sleep $DESTROY_DELAY_SECONDS
- name: Terraform Destroy
if: always()
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/sonar_poc_cli.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ env:
TF_VAR_allowed_ssh_cidrs: "[\"82.0.0.0/8\", \"62.0.0.0/8\", \"94.0.0.0/8\"]"
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DESTORY_DELAY_SECONDS: 1800
DESTROY_DELAY_SECONDS: 1800

permissions:
contents: read
Expand Down Expand Up @@ -193,7 +193,10 @@ jobs:
# This step allows time for investigation of the failed resources before destroying them
- name: Conditional Delay
if: ${{ failure() && github.event.inputs.delay_destory == 'true' }}
run: sleep $DESTORY_DELAY_SECONDS
run: |
destroy_delay_minutes = $DESTROY_DELAY_SECONDS / 60
curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*DSF Single Account ${{ inputs.workspace }} automation Failed*\nYou have $destroy_delay_minutes minutes to investigate the environment before it is destroyed.\n<https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|Please check the job!>\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#edsf_automation"}' ${{ secrets.SLACK_WEBHOOK_URL }}
sleep $DESTROY_DELAY_SECONDS
- name: Terraform Destroy
id: destroy
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/sonar_single_account_cli.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ env:
JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }}
AWS_REGION: ap-southeast-1
TF_WORKSPACE: single_account
DESTORY_DELAY_SECONDS: 1800
DESTROY_DELAY_SECONDS: 1800

permissions:
contents: read
Expand Down Expand Up @@ -236,7 +236,10 @@ jobs:
# This step allows time for investigation of the failed resources before destroying them
- name: Conditional Delay
if: ${{ failure() && github.event.inputs.delay_destory == 'true' }}
run: sleep $DESTORY_DELAY_SECONDS
run: |
destroy_delay_minutes = $DESTROY_DELAY_SECONDS / 60
curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*DSF Single Account ${{ inputs.workspace }} automation Failed*\nYou have $destroy_delay_minutes minutes to investigate the environment before it is destroyed.\n<https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|Please check the job!>\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#edsf_automation"}' ${{ secrets.SLACK_WEBHOOK_URL }}
sleep $DESTROY_DELAY_SECONDS
- name: Terraform Destroy
# if: always()
Expand Down

0 comments on commit 776b2e6

Please sign in to comment.