From 00cb2273b7afe032184531a69c81a76cb11ea6aa Mon Sep 17 00:00:00 2001
From: Branislav Kojic <branislav.kojic@ethernal.tech>
Date: Thu, 18 Jan 2024 20:07:52 +0100
Subject: [PATCH] Destory Network (#5)

* Deploy Network
* Add Permissions
* Minor changes
* Concurrency change
* Destroy Network
---
 .github/workflows/deploy-network.yml  |  9 +--
 .github/workflows/destroy-network.yml | 99 +++++++++++++++++++++++++++
 2 files changed, 104 insertions(+), 4 deletions(-)
 create mode 100644 .github/workflows/destroy-network.yml

diff --git a/.github/workflows/deploy-network.yml b/.github/workflows/deploy-network.yml
index ccc81171cc..86dd8ba229 100644
--- a/.github/workflows/deploy-network.yml
+++ b/.github/workflows/deploy-network.yml
@@ -22,7 +22,8 @@ permissions:
   security-events: write
 
 jobs:
-  deploy:
+  deploy_network:
+    name: Deploy ${{ inputs.environment }} Network
     runs-on: ubuntu-latest
     environment: ${{ inputs.environment }}
     steps:
@@ -32,7 +33,7 @@ jobs:
           repository: Ethernal-Tech/blade-deployment
           ref: changes
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v3
         with:
           aws-region: ${{ secrets.AWS_REGION }}
           role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
@@ -40,7 +41,7 @@ jobs:
         uses: hashicorp/setup-terraform@v2.0.3
         with:
           terraform_version: 1.4.5
-      - name: "Configure Terraform for ${{ inputs.environment }} build"
+      - name: Configure Terraform for ${{ inputs.environment }}
         run: |
           sed 's/# backend "s3" {}/backend "s3" {}/' main.tf > main.tf.tmp && mv main.tf.tmp main.tf
       - name: Terraform Init
@@ -71,7 +72,7 @@ jobs:
         run: |
           python3 -m pip install --user ansible
           python3 -m pip install boto3 botocore
-      - name: Configure Ansible for ${{ inputs.environment }} build
+      - name: Configure Ansible for ${{ inputs.environment }}
         working-directory: ansible
         run: |
           echo "${{ secrets.VAULT_PASSWORD }}" > password.txt
diff --git a/.github/workflows/destroy-network.yml b/.github/workflows/destroy-network.yml
new file mode 100644
index 0000000000..a781464d1c
--- /dev/null
+++ b/.github/workflows/destroy-network.yml
@@ -0,0 +1,99 @@
+---
+concurrency: ci-$
+name: Destroy Network
+on:  # yamllint disable-line rule:truthy
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: The environment to run against
+        type: choice
+        options: [dev, test]
+        required: true
+      logs:
+        description: Do you want to upload logs from hosts?
+        type: boolean
+        default: false
+        required: true
+  workflow_call:
+    inputs:
+      environment:
+        description: The environment to run against
+        type: string
+        required: true
+      logs:
+        description: Do you want to upload logs from hosts?
+        type: boolean
+        required: true
+
+permissions:
+  id-token: write
+  contents: read
+  security-events: write
+
+jobs:
+  upload_logs:
+    name: Upload logs from hosts
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    if: ${{ inputs.logs == 'true' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          repository: Ethernal-Tech/blade-deployment
+          ref: changes
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+      - name: Retrieve state file from s3
+        run: aws s3 cp s3://blade-github/states/${{ inputs.environment }} state.json
+      - name: Configure private keys
+        run: |
+          terraform output pk_ansible > ~/private.key
+          chmod 600 ~/private.key 
+          eval "$(ssh-agent)"
+          ssh-add ~/private.key
+      - name: Install Ansible / botocore / boto3
+        run: |
+          python3 -m pip install --user ansible
+          python3 -m pip install boto3 botocore
+      - name: Configure Ansible for ${{ inputs.environment }}
+        working-directory: ansible
+        run: |
+          echo "${{ secrets.VAULT_PASSWORD }}" > password.txt
+          sed 's/devnet/${{ inputs.environment }}/g' roles/upload-logs/tasks/logs.yml > roles/upload-logs/tasks/logs.yml.tmp && mv roles/upload-logs/tasks/logs.yml.tmp roles/upload-logs/tasks/logs.yml
+          sed 's/{{ current_datetime\.stdout }}/${{ github.run_id }}/g' roles/upload-logs/tasks/logs.yml > roles/upload-logs/tasks/logs.yml.tmp && mv roles/upload-logs/tasks/logs.yml.tmp roles/upload-logs/tasks/logs.yml
+      - name: Upload logs
+        working-directory: ansible
+        run: |
+          ansible-playbook upload-logs.yml
+
+  destroy_network:
+    name: Destroy ${{ inputs.environment }} Network
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    needs: [upload_logs]
+    if: always()
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@v2.0.3
+        with:
+          terraform_version: 1.4.5
+      - name: Configure Terraform for ${{ inputs.environment }}
+        run: |
+          sed 's/# backend "s3" {}/backend "s3" {}/' main.tf > main.tf.tmp && mv main.tf.tmp main.tf
+      - name: Terraform Init
+        id: init
+        run: terraform init -backend-config="bucket=blade-github" -backend-config="key=states/${{ inputs.environment }}" -backend-config="region=${{ secrets.AWS_REGION }}"
+      - name: Retrieve state file from s3
+        run: aws s3 cp s3://blade-github/states/${{ inputs.environment }} state.json
+      - name: Terraform Destroy
+        id: destroy
+        run: terraform destroy -auto-approve -state=state.json