OpenStaticFish/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: allow intentional destroy without backup
Deploy Cluster / Terraform (push) Successful in 31s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details

Browse Source
This commit is contained in:
MichaelFisher1997
2026-04-26 22:01:39 +00:00
parent 50752ca4b0
commit 2bde45e106
1 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/destroy.yml
+23 -1
View File
@@ -7,6 +7,14 @@ on:
description: 'Type "destroy" to confirm' description: 'Type "destroy" to confirm'
required: true required: true
default: '' default: ''
require_rancher_backup:
description: 'Require an existing Rancher B2 backup before destroy'
required: true
default: 'true'
type: choice
options:
- 'true'
- 'false'
concurrency: concurrency:
group: prod-cluster group: prod-cluster
@@ -61,10 +69,19 @@ jobs:
-backend-config="skip_requesting_account_id=true" -backend-config="skip_requesting_account_id=true"
- name: Verify Rancher backup exists - name: Verify Rancher backup exists
if: github.event.inputs.require_rancher_backup == 'true'
run: | run: |
set -euo pipefail set -euo pipefail
if [ -z "${B2_ACCOUNT_ID}" ] || [ -z "${B2_APPLICATION_KEY}" ]; then
echo "B2 credentials are not available in this workflow/environment; cannot verify Rancher backups." >&2
exit 1
fi
CREDS=$(printf '%s:%s' "${B2_ACCOUNT_ID}" "${B2_APPLICATION_KEY}" | base64 -w0) CREDS=$(printf '%s:%s' "${B2_ACCOUNT_ID}" "${B2_APPLICATION_KEY}" | base64 -w0)
AUTH_RESP=$(curl -fsS -H "Authorization: Basic ${CREDS}" https://api.backblazeb2.com/b2api/v2/b2_authorize_account) AUTH_RESP=$(curl -fsS -H "Authorization: Basic ${CREDS}" https://api.backblazeb2.com/b2api/v2/b2_authorize_account) || {
echo "Failed to authorize with B2; check B2_ACCOUNT_ID/B2_APPLICATION_KEY in the destroy environment." >&2
exit 1
}
API_URL=$(printf '%s' "${AUTH_RESP}" | python3 -c "import json,sys; print(json.load(sys.stdin)['apiUrl'])") API_URL=$(printf '%s' "${AUTH_RESP}" | python3 -c "import json,sys; print(json.load(sys.stdin)['apiUrl'])")
AUTH_TOKEN=$(printf '%s' "${AUTH_RESP}" | python3 -c "import json,sys; print(json.load(sys.stdin)['authorizationToken'])") AUTH_TOKEN=$(printf '%s' "${AUTH_RESP}" | python3 -c "import json,sys; print(json.load(sys.stdin)['authorizationToken'])")
BUCKET_ID=$(printf '%s' "${AUTH_RESP}" | python3 -c "import json,sys; print(json.load(sys.stdin).get('allowed', {}).get('bucketId') or '')") BUCKET_ID=$(printf '%s' "${AUTH_RESP}" | python3 -c "import json,sys; print(json.load(sys.stdin).get('allowed', {}).get('bucketId') or '')")
@@ -88,6 +105,11 @@ jobs:
echo "Verified Rancher backup exists: ${LATEST}" echo "Verified Rancher backup exists: ${LATEST}"
- name: Skip Rancher backup verification
if: github.event.inputs.require_rancher_backup == 'false'
run: |
echo "Rancher backup verification explicitly skipped for this destroy run."
- name: Terraform Destroy - name: Terraform Destroy
id: destroy id: destroy
working-directory: terraform working-directory: terraform