delete-deployment-environment

GitHub action that will find and delete all deployments by deployment name as well as the GitHub environment they are deployed to. It will first find and mark all deployments as inactive and then delete all deployments and then the environment.

If you want to only delete deployments and the not environment, add onlyRemoveDeployments: true.

If you want to keep deployments but inactivate all deployments, add onlyDeactivateDeployments: true

If you want to only delete a deployment ref and not all deployments of a given environment, add ref: my-branch

Note if you pass onlyDeactivateDeployments: true and onlyRemoveDeployments: true, onlyRemoveDeployments will override onlyDeactivateDeployments and all deployments will be removed.

Also note that if you are planning on deleting a created environment, your GITHUB_TOKEN must have permissions with repo scope. The token provided by the workflow, github.token does not have the permissions to delete created environments. (See Delete an environment REST API docs)

If you see a Resource not accessible by integration error, you'll likely need to follow the instructions below to obtain the proper token.

How to obtain the proper token

For certain operations (like deleting an environment), your GitHub Action will need additional permissions that your github.token simply doesn't have.

In this case, a GitHub App can be created to assume the required permissions, and ultimately your own Actions will use a Private Key to later exchange for a JWT token, which this Action can use to execute operations.

The required permissions for your GitHub App depend on the options you pass to this action.

• With the default options:
  1. Deployments: Read & Write
  2. Environments: Read & Write
• With the onlyRemoveDeployments option enabled:
  1. Deployments: Read & Write

1. Create a GitHub app.

2. Generate a Private Key

3. Add your GitHub App's "App ID" to your repo's Actions Secrets (ex: GH_APP_ID)

4. Add your Private Key to your repo's Actions Secrets (ex: GH_APP_PRIVATE_KEY)

5. Use navikt/github-app-token-generator before using this action to generate a JWT

6. Ensure your GitHub App has these permissions; Deployments: write, Environments: write

   Example

   cleanup-pr.yml

   #
   # Cleans up a GitHub PR
   #
   name: 🧼 Clean up environment
   on:
   pull_request:
     types:
       - closed
   
   jobs:
     cleanup:
       runs-on: ubuntu-latest
       permissions: write-all
   
       steps:
         - uses: actions/checkout@v3
   
         # Points to a recent commit instead of `main` to avoid supply chain attacks. (The latest tag is very old.)
         - name: 🎟 Get GitHub App token
           uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1
           id: get-token
           with:
             app-id: ${{ secrets.GH_APP_ID }}
             private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
   
         - name: 🗑 Delete deployment environment
           uses: strumwolf/[email protected]
           with:
             # Use a JWT created with your GitHub App's private key
             token: ${{ steps.get-token.outputs.token }}
             environment: pr-${{ github.event.number }}
             ref: ${{ github.ref_name }}

Inputs

name	description
token	GitHub token like ${{ github.token }} or ${{ secrets.GITHUB_TOKEN }}
environment	The Name of the environment to delete
onlyRemoveDeployments	Delete deployments and not the environment. Default false
onlyDeactivateDeployments	Deactivate the deployments but don't remove deployments or environment. Default false
ref	The name of the deployment ref to delete

Usage

Deactives and removes deployment environment (also from settings)

The example below will be triggered on a delete event.

• ✔️ Deactivates deployment
• ✔️ Removes from deployments tab
• ✔️ Removes from environment tab in settings

name: Delete Environment (default settings)

on:
  delete:
    branches-ignore:
      - main

jobs:
  delete:
    runs-on: ubuntu-latest
    steps:
      - uses: strumwolf/delete-deployment-environment@v2
        with:
          # ⚠️ The provided token needs permission for admin write:org
          token: ${{ secrets.GITHUB_TOKEN }}
          environment: my-environment-name

Deactivates and removes deployment environment

The example below will be triggered on a delete event.

• ✔️ Deactivates deployment
• ✔️ Removes from deployments tab
• ❌ Removes from environment tab in settings

name: Delete Deployments

on:
  delete:
    branches-ignore:
      - main

jobs:
  delete:
    runs-on: ubuntu-latest
    steps:
      - uses: strumwolf/delete-deployment-environment@v2
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          environment: my-environment-name
          onlyRemoveDeployments: true

Deactivates and removes a deployment ref of a given environment

The example below will be triggered on a delete event.

• ✔️ Deactivates deployment
• ✔️ Removes from deployments tab
• ✔️ Removes only a deployment ref
• ❌ Removes from environment tab in settings

name: Delete Deployments Ref

on:
  delete:
    branches-ignore:
      - main

jobs:
  delete:
    runs-on: ubuntu-latest
    steps:
      - uses: strumwolf/delete-deployment-environment@v2
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          environment: my-environment-name
          ref: my-branch
          onlyRemoveDeployments: true

Deactivates deployment environment

The example below will be triggered on a delete event.

• ✔️ Deactivates deployment
• ❌ Removes from deployments tab
• ❌ Removes from environment tab in settings

name: Set deployements to inactive

on:
  delete:
    branches-ignore:
      - main

jobs:
  delete:
    runs-on: ubuntu-latest
    steps:
      - uses: strumwolf/delete-deployment-environment@v2
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          environment: my-environment-name
          onlyDeactivateDeployments: true