Update delete_stack.yml #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy and Delete Security Services | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| services: | ||
| description: 'Specify the services to deploy or delete (access-analyser, guard-duty, inspector, macie, securityhub, detective, config). Use a comma to separate multiple services.' | ||
| required: true | ||
| action: | ||
| description: 'Choose action (deploy or delete)' | ||
| required: true | ||
| default: 'deploy' | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| jobs: | ||
| validate-services: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| services: ${{ steps.set-services.outputs.services }} | ||
| steps: | ||
| - name: Set services from input | ||
| id: set-services | ||
| run: | | ||
| if [[ -z "${{ github.event.inputs.services }}" ]]; then | ||
| echo "No services selected. Skipping deployment." | ||
| echo "::set-output name=services::none" | ||
| else | ||
| echo "::set-output name=services::${{ github.event.inputs.services }}" | ||
| fi | ||
| deploy-services: | ||
| if: needs.validate-services.outputs.services != 'none' && github.event.inputs.action == 'deploy' | ||
| runs-on: ubuntu-latest | ||
| needs: validate-services | ||
| steps: | ||
| # Add deployment steps here (similar to your original deployment jobs) | ||
| delete-services: | ||
| if: needs.validate-services.outputs.services != 'none' && github.event.inputs.action == 'delete' | ||
| runs-on: ubuntu-latest | ||
| needs: validate-services | ||
| steps: | ||
| - name: Set services to delete | ||
| id: set-delete-services | ||
| run: | | ||
| services_to_delete="${{ github.event.inputs.services }}" | ||
| IFS=',' read -r -a service_list <<< "$services_to_delete" | ||
| for service in "${service_list[@]}"; do | ||
| if [[ "$service" == "access-analyser" ]]; then | ||
| echo "Deleting Access Analyser stack and stack-set instances..." | ||
| aws cloudformation delete-stack-set --stack-set-name "Access-analyser" | ||
| aws cloudformation delete-stack-instances \ | ||
| --stack-set-name "Access-analyser" \ | ||
| --regions us-east-1 \ | ||
| --accounts ${{ secrets.ACCOUNT_IDS }} \ | ||
| --no-retain | ||
| fi | ||
| if [[ "$service" == "guard-duty" ]]; then | ||
| echo "Deleting GuardDuty stack and stack-set instances..." | ||
| aws cloudformation delete-stack-set --stack-set-name "GuardDuty" | ||
| aws cloudformation delete-stack-instances \ | ||
| --stack-set-name "GuardDuty" \ | ||
| --regions us-east-1 \ | ||
| --accounts ${{ secrets.ACCOUNT_IDS }} \ | ||
| --no-retain | ||
| fi | ||
| # Add more services deletion logic as needed | ||
| done | ||
