Skip to content

Commit d4c8f4c

Browse files
git-user-9git-user-9
committed
added destroy.yml workflow
1 parent be48c5d commit d4c8f4c

File tree

3 files changed

+170
-57
lines changed

3 files changed

+170
-57
lines changed

.github/workflows/deploy.yml

Lines changed: 65 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ on:
55
branches:
66
- devops/a3
77
tags:
8-
- 'deploy-*' # Matches tags like deploy-dev, deploy-qa, deploy-prod
8+
- 'deploy-*' # Trigger on tags like deploy-dev, deploy-qa, deploy-prod
99
workflow_dispatch:
1010
inputs:
1111
stage:
@@ -26,66 +26,107 @@ jobs:
2626
runs-on: ubuntu-latest
2727

2828
steps:
29-
- name: Determine Stage
29+
# ✅ Set Stage (Simplified)
30+
- name: Set Stage
3031
id: set_stage
3132
run: |
32-
STAGE_INPUT="${{ github.event.inputs.stage }}"
33-
STAGE=""
34-
3533
if [[ "${GITHUB_REF}" == refs/tags/deploy-* ]]; then
3634
STAGE="${GITHUB_REF#refs/tags/deploy-}"
37-
echo "Tag trigger detected. Stage set to: $STAGE"
38-
elif [[ -n "$STAGE_INPUT" ]]; then
39-
STAGE="$STAGE_INPUT"
40-
echo "Manual trigger detected. Stage set to: $STAGE"
35+
echo "📦 Tag trigger detected. Stage set to: $STAGE"
4136
else
42-
echo "Branch trigger detected (main). Defaulting stage to dev."
43-
STAGE="dev"
37+
STAGE="${{ github.event.inputs.stage }}"
38+
echo "⚡ Manual/branch trigger. Stage set to: $STAGE"
4439
fi
4540
4641
# Validate stage
47-
if [[ "$STAGE" != "dev" && "$STAGE" != "qa" && "$STAGE" != "prod" ]]; then
48-
echo "Invalid stage: $STAGE. Must be dev, qa, or prod."
49-
exit 1
50-
fi
42+
case "$STAGE" in
43+
dev|qa|prod)
44+
echo "✅ Stage validated: $STAGE"
45+
;;
46+
*)
47+
echo "❌ Invalid stage: $STAGE. Must be dev, qa, or prod."
48+
exit 1
49+
;;
50+
esac
5151
5252
echo "STAGE=$STAGE" >> $GITHUB_ENV
5353
54-
# Checkout Code
54+
# Checkout Repository
5555
- name: Checkout repository
5656
uses: actions/checkout@v4
5757

58-
# Configure AWS Credentials
58+
# Configure AWS Credentials
5959
- name: Configure AWS Credentials
6060
uses: aws-actions/configure-aws-credentials@v4
6161
with:
6262
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
6363
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
6464
aws-region: ${{ env.AWS_REGION }}
6565

66-
# Install Dependencies
66+
# Install Dependencies (without Terraform)
6767
- name: Install dependencies
6868
run: |
6969
sudo apt update
70-
sudo apt install -y unzip curl
71-
70+
sudo apt install -y unzip curl
71+
72+
# ✅ Install Terraform
7273
- name: Setup Terraform
7374
uses: hashicorp/setup-terraform@v2
7475
with:
75-
terraform_version: 1.6.6
76+
terraform_version: 1.6.6 # Change version if needed
7677

77-
# Setup SSH Private Key
78+
# Setup SSH Private Key for EC2 access
7879
- name: Setup SSH Private Key
7980
run: |
8081
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ec2_key.pem
8182
chmod 400 ec2_key.pem
8283
83-
# Make deploy.sh executable
84+
# Make deploy.sh executable
8485
- name: Make deploy.sh executable
8586
run: chmod +x scripts/deploy.sh
8687

87-
# Run deploy.sh with detected stage
88+
# Run deploy.sh (provisions EC2-1 & EC2-2)
8889
- name: Run deploy.sh
8990
run: |
9091
export PRIVATE_KEY_PATH="./ec2_key.pem"
9192
./scripts/deploy.sh $STAGE
93+
94+
# ✅ Fetch Terraform outputs (Bucket + Verifier EC2 IP)
95+
- name: Get Terraform outputs
96+
id: tf_outputs
97+
run: |
98+
cd terraform
99+
S3_BUCKET_NAME=$(terraform output -raw s3_bucket_name)
100+
VERIFIER_IP=$(terraform output -raw verifier_instance_public_ip)
101+
102+
echo "S3_BUCKET_NAME=$S3_BUCKET_NAME" >> $GITHUB_ENV
103+
echo "VERIFIER_IP=$VERIFIER_IP" >> $GITHUB_ENV
104+
105+
echo "📦 S3 Bucket: $S3_BUCKET_NAME"
106+
echo "🔑 Verifier EC2 IP: $VERIFIER_IP"
107+
108+
# ✅ SSH into EC2-2 and validate logs
109+
- name: Validate logs on EC2-2
110+
run: |
111+
echo "🔐 Connecting to EC2-2 ($VERIFIER_IP) to verify logs..."
112+
ssh -i ./ec2_key.pem -o StrictHostKeyChecking=no ubuntu@$VERIFIER_IP "
113+
if [ -s /mylogs/app/my-app.log ] && [ -s /mylogs/system/cloud-init.log ]; then
114+
echo '✅ Logs are present on EC2-2 (/mylogs)'
115+
else
116+
echo '❌ Logs are missing on EC2-2 (/mylogs)'
117+
exit 1
118+
fi
119+
"
120+
121+
# ✅ Pull logs from EC2-2 to GitHub runner
122+
- name: Download logs from EC2-2
123+
run: |
124+
echo "⬇️ Pulling logs from EC2-2..."
125+
scp -i ./ec2_key.pem -o StrictHostKeyChecking=no -r ubuntu@$VERIFIER_IP:/mylogs ./mylogs
126+
127+
# ✅ Upload logs as artifact
128+
- name: Upload logs as artifact
129+
uses: actions/upload-artifact@v4
130+
with:
131+
name: ec2-logs-${{ env.STAGE }}
132+
path: mylogs/

.github/workflows/destroy.yml

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
name: Destroy Infrastructure
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
stage:
7+
description: 'Environment to destroy (dev, qa, prod)'
8+
required: true
9+
default: 'dev'
10+
type: choice
11+
options:
12+
- dev
13+
- qa
14+
- prod
15+
16+
env:
17+
AWS_REGION: ap-south-1
18+
19+
jobs:
20+
destroy:
21+
runs-on: ubuntu-latest
22+
steps:
23+
- name: Set Stage
24+
run: echo "STAGE=${{ github.event.inputs.stage }}" >> $GITHUB_ENV
25+
26+
- name: Checkout repository
27+
uses: actions/checkout@v4
28+
29+
- name: Configure AWS credentials
30+
uses: aws-actions/configure-aws-credentials@v4
31+
with:
32+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
33+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
34+
aws-region: ${{ env.AWS_REGION }}
35+
36+
- name: Install Terraform
37+
uses: hashicorp/setup-terraform@v2
38+
with:
39+
terraform_version: 1.6.6
40+
41+
- name: Destroy Terraform-managed infra
42+
run: |
43+
CONFIG_FILE="${STAGE}_config.tfvars"
44+
cd terraform
45+
terraform init
46+
terraform destroy -var-file="$CONFIG_FILE" -auto-approve

scripts/deploy.sh

Lines changed: 59 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,28 @@
11
#!/bin/bash
22

3+
set -e # Exit on error
4+
35
# Check for environment argument
46
if [ -z "$1" ]; then
57
echo "[Error] Usage: $0 <environment>"
68
exit 1
79
fi
810

11+
# ----------------------------
12+
# ✅ Path Setup
13+
# ----------------------------
914
ENV="$1"
1015
ENV_LOWER=$(echo "$ENV" | tr '[:upper:]' '[:lower:]')
16+
1117
SCRIPT_DIR="$(dirname "$(realpath "$0")")"
12-
TERRAFORM_DIR="$SCRIPT_DIR/../terraform"
18+
ROOT_DIR="$(realpath "$SCRIPT_DIR/..")"
19+
TERRAFORM_DIR="$ROOT_DIR/terraform"
20+
LOGS_DIR="$ROOT_DIR/mylogs"
1321
CONFIG_FILE="${ENV_LOWER}_config.tfvars"
1422

15-
# Move to the Terraform directory
23+
# ----------------------------
24+
# ✅ Terraform Apply
25+
# ----------------------------
1626
cd "$TERRAFORM_DIR" || {
1727
echo "[Error] Failed to change directory to Terraform folder."
1828
exit 1
@@ -24,55 +34,71 @@ terraform init
2434
echo "[+] Applying configuration for environment: $ENV"
2535
terraform apply -var-file="$CONFIG_FILE" -auto-approve
2636

27-
echo "[+] Waiting 30 seconds for app to deploy in ec2 instance"
37+
echo "[+] Waiting 30 seconds for app to deploy in EC2 instance..."
2838
sleep 30
2939

30-
# Get the public IP from Terraform output
3140
RAW_INSTANCE_IP=$(terraform output -raw instance_public_ip)
41+
echo "[+] Instance Public IP: $RAW_INSTANCE_IP"
3242

33-
echo -e "\n"
34-
echo "[+] Testing app on http://$RAW_INSTANCE_IP:80"
35-
echo -e "\n"
36-
37-
echo -e "\n"
43+
echo -e "\n[+] Testing app on http://$RAW_INSTANCE_IP:80\n"
3844
curl "http://$RAW_INSTANCE_IP:80"
3945
echo -e "\n"
40-
echo -e "\n"
41-
42-
echo "[+] Instance Public IP: $RAW_INSTANCE_IP"
4346

47+
# ----------------------------
48+
# ✅ Deploy Log Verifier EC2
49+
# ----------------------------
4450
echo "[+] Deploying Log Verification EC2 instance..."
4551
terraform apply -var-file="$CONFIG_FILE" -target=aws_instance.log_verifier -auto-approve
46-
VERIFIER_IP=$(terraform output -raw verifier_instance_public_ip)
47-
48-
49-
echo "Verified Public IP: $VERIFIER_IP"
5052

53+
VERIFIER_IP=$(terraform output -raw verifier_instance_public_ip)
54+
echo "[+] Verified Public IP: $VERIFIER_IP"
5155

52-
#To verify and pull logs from ec2 to local.
53-
echo "Wait 100 seconds for verifier ec2 (read only) to pull the logs from s3 to local environment"
56+
# ----------------------------
57+
# ✅ Wait for Logs to Sync
58+
# ----------------------------
59+
echo "[+] Waiting 100 seconds for log sync (S3 → EC2)..."
5460
sleep 100
55-
cd .. # to save logs at root level
61+
62+
# ----------------------------
63+
# ✅ Setup SSH Key Path
64+
# ----------------------------
5665
if [ -n "$GITHUB_ACTIONS" ]; then
57-
PRIVATE_KEY_PATH="./ec2_key.pem"
66+
PRIVATE_KEY_PATH="$ROOT_DIR/ec2_key.pem"
5867
else
59-
PRIVATE_KEY_PATH="/Users/default/CS/DevOps/AWS/ssh-key-ec2.pem"
68+
PRIVATE_KEY_PATH="/Users/default/CS/DevOps/AWS/ssh-key-ec2.pem" # Change for your local setup
6069
fi
6170

62-
# PRIVATE_KEY_PATH="/Users/default/CS/DevOps/AWS/ssh-key-ec2.pem" #change this to your ssh private key path, also make sure to use `chmod 400` on your key before using
63-
echo "trying to scp logs to local"
64-
scp -r -i "$PRIVATE_KEY_PATH" -o StrictHostKeyChecking=no ubuntu@$VERIFIER_IP:/mylogs/ . #to pull logs from readonly ec2 to your local directory /mylogs/
65-
cd $TERRAFORM_DIR # to run destroy need to go to terraform directory
71+
# ----------------------------
72+
# ✅ SCP Logs from Verifier EC2
73+
# ----------------------------
74+
echo "[+] Checking SSH access..."
75+
ssh -i "$PRIVATE_KEY_PATH" -o StrictHostKeyChecking=no -q ubuntu@$VERIFIER_IP "echo 'SSH OK'" || {
76+
echo "[❌] SSH failed. Check key or user."
77+
exit 1
78+
}
6679

67-
echo -e "\n"
68-
echo "[+] Using curl on app at http://$RAW_INSTANCE_IP:80"
69-
echo -e "\n"
80+
echo "[+] Pulling logs to: $LOGS_DIR"
81+
mkdir -p "$LOGS_DIR"
82+
scp -i "$PRIVATE_KEY_PATH" -o StrictHostKeyChecking=no -r ubuntu@$VERIFIER_IP:/mylogs/* "$LOGS_DIR/"
83+
84+
# ----------------------------
85+
# ✅ Re-Test Application (optional)
86+
# ----------------------------
87+
echo "[+] Retesting application..."
7088
curl "http://$RAW_INSTANCE_IP:80"
7189
echo -e "\n"
72-
echo -e "\n"
7390

74-
echo "Terraform destroy will run after 5 minutes..."
75-
echo "You can press ctrl+c and do it earlier as well"
76-
sleep 300
91+
# ----------------------------
92+
# ✅ GitHub Output Export
93+
# ----------------------------
94+
if [ -n "$GITHUB_ACTIONS" ]; then
95+
echo "verifier_ip=$VERIFIER_IP" >> "$GITHUB_OUTPUT"
96+
echo "instance_ip=$RAW_INSTANCE_IP" >> "$GITHUB_OUTPUT"
97+
fi
7798

78-
TF_LOG=DEBUG terraform destroy -var-file="$CONFIG_FILE" -auto-approve
99+
# ----------------------------
100+
# ❌ Destroy Step (Optional)
101+
# ----------------------------
102+
# echo "Terraform destroy will run after 5 minutes..."
103+
# sleep 120
104+
# terraform destroy -var-file="$CONFIG_FILE" -auto-approve

0 commit comments

Comments
 (0)