diff --git a/.github/workflows/purge_protection_enabled.yaml b/.github/workflows/purge_protection_enabled.yaml deleted file mode 100644 index e5b8b7f873..0000000000 --- a/.github/workflows/purge_protection_enabled.yaml +++ /dev/null @@ -1,172 +0,0 @@ -# -# Copyright (c) Microsoft Corporation -# Licensed under the MIT License. -# - -name: purge_enabled_resource - -on: - pull_request: - paths-include: - - 'examples/compute/virtual_machine/100-single-linux-vm' - - 'examples/compute/virtual_machine/105-single-windows-vm-kv-admin-secrets' - - 'examples/compute/virtual_machine/212-vm-disk-encryption-set' - - 'examples/storage_accounts/100-simple-storage-account-blob-container' - -env: - TF_CLI_ARGS: '-no-color' - TF_CLI_ARGS_destroy: '-auto-approve -refresh=false' - ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} - ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} - ROVER_RUNNER: true - -jobs: - foundations: - name: foundations - runs-on: ubuntu-latest - - strategy: - fail-fast: true - max-parallel: 1 - matrix: - region: ["southeastasia"] - random_length: ['5'] - - container: - image: aztfmod/rover:0.14.10-2104.0803 - options: --user 0 - - steps: - - uses: actions/checkout@v2 - - - uses: actions/checkout@v2 - with: - repository: Azure/caf-terraform-landingzones - path: public - ref: 'patch.5.3.1' - - - name: Login azure - run: | - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' - az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - - echo "local user: $(whoami)" - - - name: launchpad - run: | - /tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/public/caf_launchpad -a apply \ - -var-folder ${GITHUB_WORKSPACE}/public/caf_launchpad/scenario/100 \ - -level level0 \ - -launchpad \ - -parallelism=30 \ - --environment ${{ github.run_id }} \ - '-var random_length=${{ matrix.random_length }}' \ - '-var prefix=g${{ github.run_id }}' \ - '-var regions={region1="${{ matrix.region }}"}' \ - '-var tags={environment="${{ github.run_id }}"}' - - - examples: - name: examples - runs-on: ubuntu-latest - - needs: foundations - - strategy: - fail-fast: false - max-parallel: 20 - matrix: - config_files: [ - "compute/virtual_machine/100-single-linux-vm", - "compute/virtual_machine/105-single-windows-vm-kv-admin-secrets", - "compute/virtual_machine/212-vm-disk-encryption-set", - "storage_accounts/100-simple-storage-account-blob-container" - ] - - container: - image: aztfmod/rover:0.14.10-2104.0803 - options: --user 0 - - steps: - - uses: actions/checkout@v2 - - - uses: actions/checkout@v2 - with: - repository: Azure/caf-terraform-landingzones - path: public - ref: 'patch.5.3.1' - - - name: Login azure - run: | - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' - az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - - - name: deploy example - run: | - /tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/public/caf_solution -a apply \ - -level level1 \ - -tfstate $(basename ${{ matrix.config_files }}).tfstate \ - -var-folder ${GITHUB_WORKSPACE}/examples/${{ matrix.config_files }} \ - -var var_folder_path="${GITHUB_WORKSPACE}/examples/${{ matrix.config_files }}" \ - --environment ${{ github.run_id }} \ - '-var tags={environment="${{ github.run_id }}"}' - - foundations_destroy: - name: foundations_destroy - runs-on: ubuntu-latest - if: always() - needs: examples - - strategy: - fail-fast: false - matrix: - region: ["southeastasia"] - - container: - image: aztfmod/rover:0.14.10-2104.0803 - options: --user 0 - - steps: - - uses: actions/checkout@v2 - - - uses: actions/checkout@v2 - with: - repository: Azure/caf-terraform-landingzones - path: public - ref: 'patch.5.3.1' - - - name: Login azure - run: | - az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}' - az account set -s ${{ env.ARM_SUBSCRIPTION_ID }} - - echo "local user: $(whoami)" - - - name: Remove launchpad - run: | - - /tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/public/caf_launchpad/ -a destroy \ - -level level0 \ - -var-folder ${GITHUB_WORKSPACE}/public/caf_launchpad/scenario/100 \ - -launchpad \ - --environment ${{ github.run_id }} \ - -parallelism=30 \ - '-var prefix=g${{ github.run_id }}' \ - '-var regions={region1="${{ matrix.region }}"}' \ - '-var tags={environment="${{ github.run_id }}"}' \ - -auto-approve - - - - name: Complete purge - if: ${{ always() }} - run: | - for i in `az monitor diagnostic-settings subscription list -o tsv --query "value[?contains(name, '${{ github.run_id }}' )].name"`; do echo "purging subscription diagnostic-settings: $i" && $(az monitor diagnostic-settings subscription delete --name $i --yes); done - for i in `az monitor log-profiles list -o tsv --query '[].name'`; do az monitor log-profiles delete --name $i; done - for i in `az ad group list --query "[?contains(displayName, '${{ github.run_id }}')].objectId" -o tsv`; do echo "purging Azure AD group: $i" && $(az ad group delete --verbose --group $i || true); done - for i in `az ad app list --query "[?contains(displayName, '${{ github.run_id }}')].appId" -o tsv`; do echo "purging Azure AD app: $i" && $(az ad app delete --verbose --id $i || true); done - for i in `az keyvault list-deleted --query "[?tags.environment=='${{ github.run_id }}'].name" -o tsv`; do az keyvault purge --name $i; done - for i in `az group list --query "[?tags.environment=='${{ github.run_id }}'].name" -o tsv`; do echo "purging resource group: $i" && $(az group delete -n $i -y --no-wait || true); done - for i in `az role assignment list --query "[?contains(roleDefinitionName, '${{ github.run_id }}')].roleDefinitionName" -o tsv`; do echo "purging role assignment: $i" && $(az role assignment delete --role $i || true); done - for i in `az role definition list --query "[?contains(roleName, '${{ github.run_id }}')].roleName" -o tsv`; do echo "purging custom role definition: $i" && $(az role definition delete --name $i || true); done