updated workflows to segment out destruction of resources

tjsullivan1 · tjsullivan1 · commit 3cce52288334 · 2025-12-19T20:06:07.000Z
diff --git a/.github/workflows/destroy.yml b/.github/workflows/destroy.yml
@@ -0,0 +1,78 @@
+name: OpenAI Workshop Infrastructure Destruction
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        required: true
+      iac-tool:
+        type: string
+        required: false
+        default: tf
+
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: Target environment
+        default: dev
+        required: true
+      iac-tool:
+        description: "Choose your infrastructure as code tool"
+        type: choice
+        options:
+        - tf
+        - bicep
+        default: tf
+        required: true
+         
+  terraform_destroy:
+    name: Terraform Destroy
+    needs: [tf, test_prep]
+    runs-on: ubuntu-latest
+    environment: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || (github.base_ref == 'main' && 'prod') || (github.base_ref == 'int-agentic' && 'integration') || 'dev' }}
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Azure OIDC Login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ vars.AZURE_CLIENT_ID }}
+          tenant-id: ${{ vars.AZURE_TENANT_ID }}
+          subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Terraform Setup
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform Destroy
+        run: |
+          cd infra/terraform
+          export ARM_USE_OIDC=true
+          export ARM_CLIENT_ID="${{ vars.AZURE_CLIENT_ID }}"
+          export ARM_TENANT_ID="${{ vars.AZURE_TENANT_ID }}"
+          export ARM_SUBSCRIPTION_ID="${{ vars.AZURE_SUBSCRIPTION_ID }}"
+
+          terraform init -backend-config="resource_group_name=${TFSTATE_RG}" \
+                         -backend-config="key=${TFSTATE_KEY}" -backend-config="storage_account_name=${TFSTATE_ACCOUNT}" \
+                         -backend-config="container_name=${TFSTATE_CONTAINER}"
+          
+          terraform destroy -auto-approve \
+            -var project_name=${{ github.event.repository.name }} \
+            -var tenant_id=${{ vars.AZURE_TENANT_ID }} \
+            -var subscription_id=${{ vars.AZURE_SUBSCRIPTION_ID }} \
+            -var acr_name=${{ vars.ACR_NAME }} \
+            -var location=${{ vars.AZ_REGION }} \
+            -var environment=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || (github.base_ref == 'main' && 'prod') || (github.base_ref == 'int-agentic' && 'integration') || 'dev' }} \
+            -var docker_image_mcp=${{ vars.DOCKER_IMAGE_MCP }} \
+            -var docker_image_backend=${{ vars.DOCKER_IMAGE_BACKEND }} \
+            -var iteration=${{ (github.event_name != 'workflow_dispatch' && github.base_ref != 'main' && github.base_ref != 'int-agentic') && '${GITHUB_SHA:0:7}' || vars.ITERATION }}
+        env:
+          TFSTATE_RG: ${{ vars.TFSTATE_RG }}
+          TFSTATE_ACCOUNT: ${{ vars.TFSTATE_ACCOUNT }}
+          TFSTATE_CONTAINER: ${{ vars.TFSTATE_CONTAINER }}
+          TFSTATE_KEY: "${{ github.event.repository.name }}-${{ github.ref_name }}.tfstate"
+
diff --git a/.github/workflows/infrastructure.yml b/.github/workflows/infrastructure.yml
@@ -168,55 +168,3 @@ jobs:
           BACKEND_API_ENDPOINT: ${{ needs.tf.outputs.BACKEND_API_ENDPOINT }}
           KEYVAULT_NAME: ${{ needs.tf.outputs.KEY_VAULT_NAME }}
           MODEL_API_KEY_SECRET_NAME: "AZURE-OPENAI-API-KEY"
-
-  terraform_destroy:
-    name: Terraform Destroy
-    needs: [tf, test_prep]
-    if: always() && (github.event_name == 'workflow_dispatch' && github.event.inputs.iac-tool || 'tf') == 'tf' && (github.event_name == 'workflow_dispatch' && github.event.inputs.environment || (github.base_ref == 'main' && 'prod') || (github.base_ref == 'int-agentic' && 'integration') || 'dev') == 'dev' && needs.tf.result == 'success' && needs.test_prep.result == 'success'
-    runs-on: ubuntu-latest
-    environment: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || (github.base_ref == 'main' && 'prod') || (github.base_ref == 'int-agentic' && 'integration') || 'dev' }}
-    permissions:
-      id-token: write
-      contents: read
-
-    steps:
-      - uses: actions/checkout@v6
-
-      - name: Azure OIDC Login
-        uses: azure/login@v2
-        with:
-          client-id: ${{ vars.AZURE_CLIENT_ID }}
-          tenant-id: ${{ vars.AZURE_TENANT_ID }}
-          subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
-
-      - name: Terraform Setup
-        uses: hashicorp/setup-terraform@v3
-
-      - name: Terraform Destroy
-        run: |
-          cd infra/terraform
-          export ARM_USE_OIDC=true
-          export ARM_CLIENT_ID="${{ vars.AZURE_CLIENT_ID }}"
-          export ARM_TENANT_ID="${{ vars.AZURE_TENANT_ID }}"
-          export ARM_SUBSCRIPTION_ID="${{ vars.AZURE_SUBSCRIPTION_ID }}"
-
-          terraform init -backend-config="resource_group_name=${TFSTATE_RG}" \
-                         -backend-config="key=${TFSTATE_KEY}" -backend-config="storage_account_name=${TFSTATE_ACCOUNT}" \
-                         -backend-config="container_name=${TFSTATE_CONTAINER}"
-          
-          terraform destroy -auto-approve \
-            -var project_name=${{ github.event.repository.name }} \
-            -var tenant_id=${{ vars.AZURE_TENANT_ID }} \
-            -var subscription_id=${{ vars.AZURE_SUBSCRIPTION_ID }} \
-            -var acr_name=${{ vars.ACR_NAME }} \
-            -var location=${{ vars.AZ_REGION }} \
-            -var environment=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || (github.base_ref == 'main' && 'prod') || (github.base_ref == 'int-agentic' && 'integration') || 'dev' }} \
-            -var docker_image_mcp=${{ vars.DOCKER_IMAGE_MCP }} \
-            -var docker_image_backend=${{ vars.DOCKER_IMAGE_BACKEND }} \
-            -var iteration=${{ (github.event_name != 'workflow_dispatch' && github.base_ref != 'main' && github.base_ref != 'int-agentic') && '${GITHUB_SHA:0:7}' || vars.ITERATION }}
-        env:
-          TFSTATE_RG: ${{ vars.TFSTATE_RG }}
-          TFSTATE_ACCOUNT: ${{ vars.TFSTATE_ACCOUNT }}
-          TFSTATE_CONTAINER: ${{ vars.TFSTATE_CONTAINER }}
-          TFSTATE_KEY: "${{ github.event.repository.name }}-${{ github.ref_name }}.tfstate"
-
diff --git a/.github/workflows/orchestrate.yml b/.github/workflows/orchestrate.yml
@@ -49,3 +49,11 @@ jobs:
     with:
       environment: ${{ inputs.target_env || (github.ref_name == 'tjs-test-infra' && 'dev') || (github.ref_name == 'int-agentic' && 'integration') || (github.ref_name == 'main' && 'prod') || 'dev' }}
     secrets: inherit
+
+  destroy-infrastructure:
+    needs: [ deploy-infrastructure ]
+    if: always() && (github.event_name == 'workflow_dispatch' && github.event.inputs.iac-tool || 'tf') == 'tf' && (github.event_name == 'workflow_dispatch' && github.event.inputs.environment || (github.base_ref == 'main' && 'prod') || (github.base_ref == 'int-agentic' && 'integration') || 'dev') == 'dev' && needs.tf.result == 'success' && needs.test_prep.result == 'success'
+    uses: ./.github/workflows/destroy.yml
+    with:
+      environment: ${{ inputs.target_env || (github.ref_name == 'tjs-test-infra' && 'dev') || (github.ref_name == 'int-agentic' && 'integration') || (github.ref_name == 'main' && 'prod') || 'dev' }}
+    secrets: inherit
