This repository has been archived by the owner on Feb 23, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add delete cloud run service workflow
- Loading branch information
Showing
5 changed files
with
280 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| name: Delete Cloud Run | ||
|
|
||
| # TODO | ||
| # docs | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| # <---------- SELECT AUTHENTICATION METHOD ---------> | ||
| gcp-sa-auth: | ||
| required: false | ||
| type: boolean | ||
| description: "Set to true to enable GCP Service Account Key authentication" | ||
| default: false | ||
| gcp-oidc-auth: | ||
| required: false | ||
| type: boolean | ||
| description: "Set to true to enable GCP OIDC authentication" | ||
| default: false | ||
| # <--------------- CLOUD RUN OPTIONS ---------------> | ||
| cr-service-name: | ||
| required: true | ||
| type: string | ||
| description: "The name of the cloud run service to delete" | ||
| cr-region: | ||
| required: true | ||
| type: string | ||
| description: "The GCP region in which to delete the service" | ||
| # <-------------------- GENERAL --------------------> | ||
| fail-job: | ||
| required: false | ||
| type: "string" | ||
| description: "The exit code to use if service to delete is not found. Setting 1 will produce a job failure." | ||
| default: 0 | ||
| # <------------------ GITHUB ENV -------------------> | ||
| gh-env-delete: | ||
| required: false | ||
| type: boolean | ||
| description: "Should the job also attempt to delete the associated environment in Github" | ||
| default: true | ||
| gh-env-name: | ||
| required: false | ||
| type: string | ||
| description: "The name of the github environment to delete if gh-env-delete is enabled" | ||
| secrets: | ||
| # <------------------ OIDC AUTH --------------------> | ||
| wip: | ||
| required: false | ||
| description: "The workfload identity provider to use for OIDC auth" | ||
| service-account: | ||
| required: false | ||
| description: "The service account to impersonate when using OIDC auth" | ||
| # <----------------- SA KEY AUTH -------------------> | ||
| service-account-key: | ||
| required: false | ||
| description: "The service account key to use for authentication" | ||
| # <------------------ CLOUD RUN --------------------> | ||
| cr-project-id: | ||
| required: true | ||
| description: "The GCP project in which to deploy your Cloud Run service" | ||
| # <----------------- GITHUB AUTH -------------------> | ||
| token: | ||
| required: false | ||
| description: "The Github token to use for github environment deletion if gh-env-delete is enabled." | ||
|
|
||
| jobs: | ||
| delete: | ||
| # <------------- DELETE CLOUDRUN SERVICE -------------> | ||
| name: Delete Cloud Run Service | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Authenticate to GCP (SA Key) | ||
| if: ${{ inputs.gcp-sa-auth }} | ||
| uses: google-github-actions/auth@v0 | ||
| with: | ||
| credentials_json: ${{ secrets.service-account-key }} | ||
|
|
||
| - name: Authenticate to GCP (OIDC) | ||
| if: ${{ inputs.gcp-oidc-auth }} | ||
| uses: google-github-actions/auth@v0 | ||
| with: | ||
| workload_identity_provider: ${{ secrets.wip }} | ||
| service_account: ${{ secrets.service-account }} | ||
|
|
||
| - name: Delete Service | ||
| run: | | ||
| if gcloud run services describe --platform managed ${{ inputs.cr-service-name }} --region ${{ inputs.cr-region }} --project ${{ secrets.cr-project-id }}; then | ||
| gcloud run services delete --quiet --platform managed ${{ inputs.cr-service-name }} --region ${{ inputs.cr-region }} --project ${{ secrets.cr-project-id }} && \ | ||
| echo "Cloud Run service ${{ inputs.cr-service-name }} in ${{ inputs.cr-region }} was successfully deleted from ${{ secrets.cr-project-id }}." | ||
| else | ||
| echo "SERVICE: ${{ env.SERVICE_NAME }} could not be found in ${{ inputs.cr-region }} for ${{ secrets.cr-project-id }}" && exit ${{ inputs.fail-job }} | ||
| fi | ||
| # <------------- DELETE GITHUB ENVIRONMENT -------------> | ||
| delete-gh-env: | ||
| name: Delete Github Environment | ||
| runs-on: ubuntu-latest | ||
| if: ${{ inputs.gh-env-delete }} | ||
| steps: | ||
| - name: Checkout the code | ||
| uses: actions/checkout@v2 | ||
|
|
||
| - uses: strumwolf/delete-deployment-environment@v2 | ||
| with: | ||
| token: ${{ secrets.token }} | ||
| environment: ${{ inputs.gh-env-name }} | ||
| continue-on-error: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,162 @@ | ||
| # Delete Cloud Run Workflow Overview | ||
|
|
||
| ## Purpose | ||
|
|
||
| This workflow simply removes a Cloud Run deployment along with any Github environment created with it. It's most commonly used in branch cleanup context where you wish to delete a preview environment after merge or closing of the branch. | ||
|
|
||
| - Deletes the named Cloud Run service | ||
| - Supports either OIDC or GCP Service Account key for authentication | ||
| - By default the job doesn't fail if it finds no service with the name | ||
| - Option (default true) to delete an associated Github environment | ||
|
|
||
| ## Included Jobs | ||
|
|
||
| ```mermaid | ||
| %%{init: {'theme': 'neutral'}}%% | ||
| flowchart LR | ||
| subgraph Pre-Requisites | ||
| subgraph Mandatory | ||
| sa-auth>"GCP Service \n Account Key"]-.-|one_of|oidc-auth>"GPC OIDC \n Auth"] | ||
| end | ||
| subgraph Optional | ||
| github-token>"Github Token"] | ||
| end | ||
| end | ||
| subgraph Jobs | ||
| subgraph Deploy to Cloud Run | ||
| deletecr{"Delete Cloud \n Run Service"} | ||
| deletegh{"Delete Github \n Environment"} | ||
| end | ||
| end | ||
| subgraph Artifacts | ||
| none | ||
| end | ||
| %% dependencies -> Jobs | ||
| sa-auth-->deletecr | ||
| oidc-auth-->deletecr | ||
| github-token-.->deletegh | ||
| %% Jobs -> Artifacts | ||
| deletecr-->none | ||
| deletegh-->none | ||
| ``` | ||
|
|
||
| ### Delete Cloud Run Service | ||
|
|
||
| Uses simple gcloud commands to check if service exists and delete it if found. | ||
|
|
||
| **Uses:** | ||
| - [google-github-actions/auth@v0](https://github.com/google-github-actions/auth) | ||
| - `gcloud run services delete --quiet --platform managed ${{ inputs.cr-service-name }} --region ${{ inputs.cr-region }} --project ${{ secrets.cr-project-id }}` | ||
|
|
||
| ### Delete Github Environment | ||
|
|
||
| Simple job that removes any environment by name from the Github UI. | ||
|
|
||
| **Uses:** [strumwolf/delete-deployment-environment@v2](https://github.com/strumwolf/delete-deployment-environment) | ||
|
|
||
|
|
||
| ## Usage | ||
|
|
||
| !> You must select a type of authentication using either `gcp-sa-auth: true` or `gcp-oidc-auth: true` | ||
|
|
||
| ### Basic (OIDC Authentication) | ||
|
|
||
| Essentially the job just needs authentication plus the name & region of the service. | ||
|
|
||
| ```yaml | ||
| delete: | ||
| uses: erzz/workflows/.github/workflows/delete-cloudrun.yml@main | ||
| with: | ||
| gcp-oidc-auth: true | ||
| cr-service-name: ${{ github.ref_name }}-${{ github.event.repository.name }} | ||
| cr-region: europe-north1 | ||
| gh-env-name: test-branch1 | ||
| secrets: | ||
| wip: projects/012345678901/locations/global/workloadIdentityPools/github/providers/github | ||
| service-account: [email protected] | ||
| cr-project-id: my-gcp-project | ||
| token: ${{ secrets.GITHUB_PAT }} | ||
| ``` | ||
| ### Basic (SA Key Authentication) | ||
| If using SA Key authentication then replace `gcp-oidc-auth: true` with `gcp-sa-auth: true` and provide the service account's JSON key as a secret | ||
|
|
||
| ```yaml | ||
| delete: | ||
| uses: erzz/workflows/.github/workflows/delete-cloudrun.yml@main | ||
| with: | ||
| gcp-sa-auth: true | ||
| cr-service-name: ${{ github.ref_name }}-${{ github.event.repository.name }} | ||
| cr-region: europe-north1 | ||
| gh-env-name: test-branch1 | ||
| secrets: | ||
| service-account-key: ${{ secrets.DEV_GCP_DEPLOY_SA }} | ||
| cr-project-id: my-gcp-project | ||
| token: ${{ secrets.GITHUB_PAT }} | ||
| ``` | ||
|
|
||
| ## Secrets | ||
|
|
||
| | Input | Required | Details | | ||
| | --------------------- | ------------- | --------------------------------------------------------------------------------------------------- | | ||
| | `wip` | for OIDC auth | The workload identity provider to use if OIDC Authentication with GCP is required to run unit tests | | ||
| | `service-account` | for OIDC auth | The service account to impersonate if OIDC Authentication with GCP is required to run unit tests | | ||
| | `service-account-key` | for SA auth | The service account JSON to use if SA JSON key auth with GCP is required to run unit tests | | ||
| | `cr-project-id` | true | The GCP project in which to delete your Cloud Run service | | ||
| | `token` | false | The Github token to use for github environment deletion if `gh-env-delete` is enabled. | | ||
|
|
||
| ## Inputs | ||
|
|
||
| | Input | Required | Default | Details | | ||
| | ----------------- | -------- | -------------- | ----------------------------------------------------------------------------------------------- | | ||
| | `gcp-sa-auth` | depends | `false` | Set to `true` to enable GCP Service Account Key authentication | | ||
| | `gcp-oidc-auth` | depends | `false` | Set to `true` to enable GCP OIDC authentication | | ||
| | `cr-service-name` | true | N/A - Required | The name of the cloud run service to delete | | ||
| | `cr-region` | true | N/A - Required | The GCP region in which to delete the service | | ||
| | `gh-env-delete` | false | `true` | Should the job also attempt to delete the associated environment in Github | | ||
| | `gh-env-name` | false | `""` | The name of the github environment to delete if gh-env-delete is enabled | | ||
| | `fail-job` | false | `0` | The exit code to use if service to delete is not found. Setting `1` will produce a job failure. | | ||
|
|
||
| ## Outputs | ||
|
|
||
| None at this time | ||
|
|
||
| ## Advanced Examples | ||
|
|
||
| ### Without Github Environment deletion | ||
|
|
||
| ```yaml | ||
| delete: | ||
| uses: erzz/workflows/.github/workflows/delete-cloudrun.yml@main | ||
| with: | ||
| gcp-oidc-auth: true | ||
| cr-service-name: ${{ github.ref_name }}-${{ github.event.repository.name }} | ||
| cr-region: europe-north1 | ||
| gh-env-delete: false | ||
| secrets: | ||
| wip: projects/012345678901/locations/global/workloadIdentityPools/github/providers/github | ||
| service-account: [email protected] | ||
| cr-project-id: my-gcp-project | ||
| ``` | ||
|
|
||
| ### Fail if service not found | ||
|
|
||
| ```yaml | ||
| delete: | ||
| uses: erzz/workflows/.github/workflows/delete-cloudrun.yml@main | ||
| with: | ||
| gcp-oidc-auth: true | ||
| cr-service-name: ${{ github.ref_name }}-${{ github.event.repository.name }} | ||
| cr-region: europe-north1 | ||
| gh-env-name: test-branch1 | ||
| fail-job: 1 | ||
| secrets: | ||
| wip: projects/012345678901/locations/global/workloadIdentityPools/github/providers/github | ||
| service-account: [email protected] | ||
| cr-project-id: my-gcp-project | ||
| token: ${{ secrets.GITHUB_PAT }} | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters