my PR change #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Teardown Preevy environment | |
| on: | |
| pull_request: | |
| types: | |
| - closed | |
| permissions: | |
| id-token: write | |
| contents: read | |
| concurrency: preevy-${{ github.event.number }} | |
| jobs: | |
| teardown: | |
| permissions: write-all | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: 'Authenticate to Google Cloud' | |
| id: gcloud_auth | |
| uses: 'google-github-actions/auth@v1' | |
| with: | |
| token_format: access_token | |
| credentials_json: '${{ secrets.PREEVY_SA_KEY }}' | |
| # required by imjasonh/gke-auth | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: 1.18 | |
| # this is a lot faster than installing gcloud and gke-gcloud-auth-plugin | |
| - uses: imjasonh/gke-auth@v0.2.0 | |
| with: | |
| project: ${{ vars.GOOGLE_CLOUD_PROJECT }} | |
| location: ${{ vars.GOOGLE_CLOUD_KUBE_CLUSTER_LOCATION }} | |
| cluster: ${{ vars.GOOGLE_CLOUD_KUBE_CLUSTER_NAME }} | |
| # use a preexisting kubernetes builder which already has cached layers | |
| - name: Find pod of existing kubernetes builder | |
| id: find_pod | |
| run: | | |
| pod=$(kubectl get pod --selector=app='${{ vars.GOOGLE_CLOUD_KUBE_CLUSTER_BUILDER }}' -o jsonpath='{.items[0].metadata.name}') | |
| echo "pod=${pod}" >> $GITHUB_OUTPUT | |
| - name: Configure buildx to use the existing kubernetes builder | |
| id: buildx_setup | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver: remote | |
| # https://github.com/moby/buildkit/tree/master/examples/kubernetes#pod | |
| # uses the kube-pod connection helper: https://github.com/moby/buildkit/pull/951 | |
| endpoint: kube-pod://${{ steps.find_pod.outputs.pod }} | |
| - uses: livecycle/preevy-down-action@f94196c17c7d53dcde0f0bb158be20fd3e08a62f | |
| with: | |
| profile-url: ${{ vars.PREEVY_PROFILE_URL }} | |
| args: "--wait --force --driver kube-pod" | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| # | |
| # OPTIONAL: delete GH deployments and environments | |
| # Requires a custom GH app installed on this repo. | |
| # See https://github.com/marketplace/actions/delete-deployment-environment#how-to-obtain-the-proper-token | |
| # To disable this feature, remove the rest of the steps starting here | |
| # | |
| # Points to a recent commit instead of `main` to avoid supply chain attacks. (The latest tag is very old.) | |
| - name: 🎟 Get GitHub App token | |
| uses: navikt/github-app-token-generator@a3831f44404199df32d8f39f7c0ad9bb8fa18b1c | |
| id: get-token | |
| with: | |
| app-id: ${{ vars.GH_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
| - name: 🗑 Delete deployment environment | |
| uses: strumwolf/delete-deployment-environment@v2.2.3 | |
| with: | |
| # Use a JWT created with your GitHub App's private key | |
| token: ${{ steps.get-token.outputs.token }} | |
| environment: pr-${{ github.event.number }} | |
| ref: ${{ github.ref_name }} |