Skip to content

Commit 935345c

Browse files
git-user-9git-user-9
committed
added destroy.yml workflow
1 parent be48c5d commit 935345c

File tree

3 files changed

+178
-68
lines changed

3 files changed

+178
-68
lines changed

.github/workflows/deploy.yml

Lines changed: 73 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ on:
55
branches:
66
- devops/a3
77
tags:
8-
- 'deploy-*' # Matches tags like deploy-dev, deploy-qa, deploy-prod
8+
- 'deploy-*' # Trigger on tags like deploy-dev, deploy-qa, deploy-prod
99
workflow_dispatch:
1010
inputs:
1111
stage:
@@ -26,66 +26,116 @@ jobs:
2626
runs-on: ubuntu-latest
2727

2828
steps:
29-
- name: Determine Stage
29+
# ✅ Set Stage (Simplified)
30+
- name: Set Stage
3031
id: set_stage
3132
run: |
32-
STAGE_INPUT="${{ github.event.inputs.stage }}"
33-
STAGE=""
34-
33+
# Try to detect stage from tag (e.g., deploy-prod)
3534
if [[ "${GITHUB_REF}" == refs/tags/deploy-* ]]; then
3635
STAGE="${GITHUB_REF#refs/tags/deploy-}"
37-
echo "Tag trigger detected. Stage set to: $STAGE"
38-
elif [[ -n "$STAGE_INPUT" ]]; then
39-
STAGE="$STAGE_INPUT"
40-
echo "Manual trigger detected. Stage set to: $STAGE"
36+
echo "📦 Tag trigger detected. Stage set to: $STAGE"
37+
38+
# Else use workflow_dispatch input (manual run)
39+
elif [[ -n "${{ github.event.inputs.stage }}" ]]; then
40+
STAGE="${{ github.event.inputs.stage }}"
41+
echo "⚡ Manual trigger detected. Stage set to: $STAGE"
42+
43+
# Else default to 'dev' for branch pushes
4144
else
42-
echo "Branch trigger detected (main). Defaulting stage to dev."
4345
STAGE="dev"
46+
echo "🌱 Branch push detected. Defaulting stage to: $STAGE"
4447
fi
4548
4649
# Validate stage
47-
if [[ "$STAGE" != "dev" && "$STAGE" != "qa" && "$STAGE" != "prod" ]]; then
48-
echo "Invalid stage: $STAGE. Must be dev, qa, or prod."
49-
exit 1
50-
fi
50+
case "$STAGE" in
51+
dev|qa|prod)
52+
echo "✅ Stage validated: $STAGE"
53+
;;
54+
*)
55+
echo "❌ Invalid stage: $STAGE. Must be dev, qa, or prod."
56+
exit 1
57+
;;
58+
esac
5159
5260
echo "STAGE=$STAGE" >> $GITHUB_ENV
5361
54-
# Checkout Code
62+
63+
# ✅ Checkout Repository
5564
- name: Checkout repository
5665
uses: actions/checkout@v4
5766

58-
# Configure AWS Credentials
67+
# Configure AWS Credentials
5968
- name: Configure AWS Credentials
6069
uses: aws-actions/configure-aws-credentials@v4
6170
with:
6271
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
6372
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
6473
aws-region: ${{ env.AWS_REGION }}
6574

66-
# Install Dependencies
75+
# Install Dependencies (without Terraform)
6776
- name: Install dependencies
6877
run: |
6978
sudo apt update
70-
sudo apt install -y unzip curl
71-
79+
sudo apt install -y unzip curl
80+
81+
# ✅ Install Terraform
7282
- name: Setup Terraform
7383
uses: hashicorp/setup-terraform@v2
7484
with:
75-
terraform_version: 1.6.6
85+
terraform_version: 1.6.6 # Change version if needed
7686

77-
# Setup SSH Private Key
87+
# Setup SSH Private Key for EC2 access
7888
- name: Setup SSH Private Key
7989
run: |
8090
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ec2_key.pem
8191
chmod 400 ec2_key.pem
8292
83-
# Make deploy.sh executable
93+
# Make deploy.sh executable
8494
- name: Make deploy.sh executable
8595
run: chmod +x scripts/deploy.sh
8696

87-
# Run deploy.sh with detected stage
97+
# Run deploy.sh (provisions EC2-1 & EC2-2)
8898
- name: Run deploy.sh
8999
run: |
90100
export PRIVATE_KEY_PATH="./ec2_key.pem"
91101
./scripts/deploy.sh $STAGE
102+
103+
# ✅ Fetch Terraform outputs (Bucket + Verifier EC2 IP)
104+
- name: Get Terraform outputs
105+
id: tf_outputs
106+
run: |
107+
cd terraform
108+
S3_BUCKET_NAME=$(terraform output -raw s3_bucket_name)
109+
VERIFIER_IP=$(terraform output -raw verifier_instance_public_ip)
110+
111+
echo "S3_BUCKET_NAME=$S3_BUCKET_NAME" >> $GITHUB_ENV
112+
echo "VERIFIER_IP=$VERIFIER_IP" >> $GITHUB_ENV
113+
114+
echo "📦 S3 Bucket: $S3_BUCKET_NAME"
115+
echo "🔑 Verifier EC2 IP: $VERIFIER_IP"
116+
117+
# ✅ SSH into EC2-2 and validate logs
118+
- name: Validate logs on EC2-2
119+
run: |
120+
echo "🔐 Connecting to EC2-2 ($VERIFIER_IP) to verify logs..."
121+
ssh -i ./ec2_key.pem -o StrictHostKeyChecking=no ubuntu@$VERIFIER_IP "
122+
if [ -s /mylogs/app/my-app.log ] && [ -s /mylogs/system/cloud-init.log ]; then
123+
echo '✅ Logs are present on EC2-2 (/mylogs)'
124+
else
125+
echo '❌ Logs are missing on EC2-2 (/mylogs)'
126+
exit 1
127+
fi
128+
"
129+
130+
# ✅ Pull logs from EC2-2 to GitHub runner
131+
- name: Download logs from EC2-2
132+
run: |
133+
echo "⬇️ Pulling logs from EC2-2..."
134+
scp -i ./ec2_key.pem -o StrictHostKeyChecking=no -r ubuntu@$VERIFIER_IP:/mylogs ./mylogs
135+
136+
# ✅ Upload logs as artifact
137+
- name: Upload logs as artifact
138+
uses: actions/upload-artifact@v4
139+
with:
140+
name: ec2-logs-${{ env.STAGE }}
141+
path: mylogs/

.github/workflows/destroy.yml

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
name: Destroy Infrastructure
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
stage:
7+
description: 'Environment to destroy (dev, qa, prod)'
8+
required: true
9+
default: 'dev'
10+
type: choice
11+
options:
12+
- dev
13+
- qa
14+
- prod
15+
16+
env:
17+
AWS_REGION: ap-south-1
18+
19+
jobs:
20+
destroy:
21+
runs-on: ubuntu-latest
22+
steps:
23+
- name: Set Stage
24+
run: echo "STAGE=${{ github.event.inputs.stage }}" >> $GITHUB_ENV
25+
26+
- name: Checkout repository
27+
uses: actions/checkout@v4
28+
29+
- name: Configure AWS credentials
30+
uses: aws-actions/configure-aws-credentials@v4
31+
with:
32+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
33+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
34+
aws-region: ${{ vars.AWS_REGION }}
35+
36+
- name: Install Terraform
37+
uses: hashicorp/setup-terraform@v2
38+
with:
39+
terraform_version: 1.6.6
40+
41+
- name: Destroy Terraform-managed infra
42+
run: |
43+
CONFIG_FILE="${STAGE}_config.tfvars"
44+
cd terraform
45+
terraform init
46+
terraform destroy -var-file="$CONFIG_FILE" -auto-approve

scripts/deploy.sh

Lines changed: 59 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -1,78 +1,92 @@
11
#!/bin/bash
22

3-
# Check for environment argument
3+
4+
# ----------------------------
5+
# ✅ Input Validation
6+
# ----------------------------
47
if [ -z "$1" ]; then
58
echo "[Error] Usage: $0 <environment>"
69
exit 1
710
fi
811

912
ENV="$1"
1013
ENV_LOWER=$(echo "$ENV" | tr '[:upper:]' '[:lower:]')
14+
15+
# ----------------------------
16+
# ✅ Paths
17+
# ----------------------------
1118
SCRIPT_DIR="$(dirname "$(realpath "$0")")"
12-
TERRAFORM_DIR="$SCRIPT_DIR/../terraform"
19+
ROOT_DIR="$(realpath "$SCRIPT_DIR/..")"
20+
TERRAFORM_DIR="$ROOT_DIR/terraform"
21+
LOGS_DIR="$ROOT_DIR/mylogs"
1322
CONFIG_FILE="${ENV_LOWER}_config.tfvars"
1423

15-
# Move to the Terraform directory
16-
cd "$TERRAFORM_DIR" || {
17-
echo "[Error] Failed to change directory to Terraform folder."
18-
exit 1
19-
}
20-
24+
# ----------------------------
25+
# ✅ Terraform: App EC2
26+
# ----------------------------
27+
cd "$TERRAFORM_DIR"
2128
echo "[+] Initializing Terraform..."
2229
terraform init
2330

24-
echo "[+] Applying configuration for environment: $ENV"
31+
echo "[+] Applying config for environment: $ENV"
2532
terraform apply -var-file="$CONFIG_FILE" -auto-approve
2633

27-
echo "[+] Waiting 30 seconds for app to deploy in ec2 instance"
34+
echo "[+] Waiting for EC2 instance to boot..."
2835
sleep 30
2936

30-
# Get the public IP from Terraform output
3137
RAW_INSTANCE_IP=$(terraform output -raw instance_public_ip)
32-
33-
echo -e "\n"
34-
echo "[+] Testing app on http://$RAW_INSTANCE_IP:80"
35-
echo -e "\n"
36-
37-
echo -e "\n"
38-
curl "http://$RAW_INSTANCE_IP:80"
39-
echo -e "\n"
40-
echo -e "\n"
41-
4238
echo "[+] Instance Public IP: $RAW_INSTANCE_IP"
4339

44-
echo "[+] Deploying Log Verification EC2 instance..."
45-
terraform apply -var-file="$CONFIG_FILE" -target=aws_instance.log_verifier -auto-approve
46-
VERIFIER_IP=$(terraform output -raw verifier_instance_public_ip)
47-
40+
echo "[+] Testing app at: http://$RAW_INSTANCE_IP"
41+
curl -s "http://$RAW_INSTANCE_IP:80" || echo "[Warning] App not responding yet."
4842

49-
echo "Verified Public IP: $VERIFIER_IP"
43+
# ----------------------------
44+
# ✅ Terraform: Log Verifier EC2
45+
# ----------------------------
46+
echo "[+] Deploying log verifier EC2..."
47+
terraform apply -var-file="$CONFIG_FILE" -target=aws_instance.log_verifier -auto-approve
5048

49+
VERIFIER_IP=$(terraform output -raw verifier_instance_public_ip)
50+
echo "[+] Verifier Public IP: $VERIFIER_IP"
5151

52-
#To verify and pull logs from ec2 to local.
53-
echo "Wait 100 seconds for verifier ec2 (read only) to pull the logs from s3 to local environment"
52+
# ----------------------------
53+
# ✅ Wait for Logs to Sync
54+
# ----------------------------
55+
echo "[+] Waiting 100s for EC2-2 to sync logs from S3..."
5456
sleep 100
55-
cd .. # to save logs at root level
57+
58+
# ----------------------------
59+
# ✅ Setup SSH Key
60+
# ----------------------------
5661
if [ -n "$GITHUB_ACTIONS" ]; then
57-
PRIVATE_KEY_PATH="./ec2_key.pem"
62+
PRIVATE_KEY_PATH="$ROOT_DIR/ec2_key.pem"
5863
else
59-
PRIVATE_KEY_PATH="/Users/default/CS/DevOps/AWS/ssh-key-ec2.pem"
64+
PRIVATE_KEY_PATH="$HOME/.ssh/your-local-ec2-key.pem" # Change this locally
6065
fi
6166

62-
# PRIVATE_KEY_PATH="/Users/default/CS/DevOps/AWS/ssh-key-ec2.pem" #change this to your ssh private key path, also make sure to use `chmod 400` on your key before using
63-
echo "trying to scp logs to local"
64-
scp -r -i "$PRIVATE_KEY_PATH" -o StrictHostKeyChecking=no ubuntu@$VERIFIER_IP:/mylogs/ . #to pull logs from readonly ec2 to your local directory /mylogs/
65-
cd $TERRAFORM_DIR # to run destroy need to go to terraform directory
67+
# ----------------------------
68+
# ✅ Pull Logs from Verifier EC2
69+
# ----------------------------
70+
echo "[+] Checking SSH connection..."
71+
ssh -i "$PRIVATE_KEY_PATH" -o StrictHostKeyChecking=no -q ubuntu@$VERIFIER_IP "echo 'SSH OK'" || {
72+
echo "[❌] SSH connection failed!"
73+
exit 1
74+
}
6675

67-
echo -e "\n"
68-
echo "[+] Using curl on app at http://$RAW_INSTANCE_IP:80"
69-
echo -e "\n"
70-
curl "http://$RAW_INSTANCE_IP:80"
71-
echo -e "\n"
72-
echo -e "\n"
76+
echo "[+] Pulling logs from EC2-2..."
77+
mkdir -p "$LOGS_DIR"
78+
scp -i "$PRIVATE_KEY_PATH" -o StrictHostKeyChecking=no -r ubuntu@$VERIFIER_IP:/mylogs/* "$LOGS_DIR/"
7379

74-
echo "Terraform destroy will run after 5 minutes..."
75-
echo "You can press ctrl+c and do it earlier as well"
76-
sleep 300
80+
# ----------------------------
81+
# ✅ Re-test app (Optional)
82+
# ----------------------------
83+
echo "[+] Rechecking application availability..."
84+
curl -s "http://$RAW_INSTANCE_IP:80" || echo "[Warning] App still not responding."
7785

78-
TF_LOG=DEBUG terraform destroy -var-file="$CONFIG_FILE" -auto-approve
86+
# ----------------------------
87+
# ✅ Export Outputs to GitHub Actions
88+
# ----------------------------
89+
if [ -n "$GITHUB_ACTIONS" ]; then
90+
echo "verifier_ip=$VERIFIER_IP" >> "$GITHUB_OUTPUT"
91+
echo "instance_ip=$RAW_INSTANCE_IP" >> "$GITHUB_OUTPUT"
92+
fi

0 commit comments

Comments
 (0)