name: Ephemeral environment cleanup on: pull_request: types: [unlabeled] jobs: validate-pr: name: Validate PR runs-on: ubuntu-24.04 outputs: config-exists: ${{ steps.validate-config.outputs.config-exists }} steps: - name: Checkout PR uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Validate config exists in path id: validate-config run: | if [[ -f "ephemeral-environments/$GITHUB_HEAD_REF.yaml" ]]; then echo "Ephemeral environment config found in path, continuing." echo "config-exists=true" >> $GITHUB_OUTPUT fi cleanup-config: name: Cleanup ephemeral environment runs-on: ubuntu-24.04 needs: validate-pr if: ${{ needs.validate-pr.outputs.config-exists }} steps: - name: Log in to Azure - CI subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve GitHub PAT secrets id: retrieve-secret-pat uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: "bitwarden-ci" secrets: "github-pat-bitwarden-devops-bot-repo-scope" - name: Trigger Ephemeral Environment cleanup uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }} script: | await github.rest.actions.createWorkflowDispatch({ owner: 'bitwarden', repo: 'devops', workflow_id: '_ephemeral_environment_pr_manager.yml', ref: 'main', inputs: { ephemeral_env_branch: process.env.GITHUB_HEAD_REF, cleanup_config: true, project: 'server' } })