Skip to content

Daily cleanup cluster #319

Daily cleanup cluster

Daily cleanup cluster #319

Workflow file for this run

---
name: Daily cleanup cluster
on:
workflow_dispatch:
inputs:
max_age_hours_cluster:
description: Maximum age of clusters in hours
required: true
default: '20'
pull_request:
# the paths should be synced with ../labeler.yml
paths:
- .github/workflows/daily-cleanup.yml
- .github/actions/rosa-cleanup-clusters/**
schedule:
- cron: 0 1 * * * # At 01:00 everyday.
env:
MAX_AGE_HOURS_CLUSTER: ${{ github.event.inputs.max_age_hours_cluster || '20' }}
AWS_PROFILE: infex
# please keep those variables synced with tests.yml
TESTS_AWS_REGION: eu-west-2
TF_S3_BUCKET: tests-rosa-tf-state-eu-central-1
TF_S3_REGION: eu-central-1
jobs:
cleanup-clusters:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ github.head_ref }}
fetch-depth: 0
- name: Install tooling using asdf
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
- name: Use repo .tool-version as global version
run: cp .tool-versions ~/.tool-versions
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
exportEnv: false
secrets: |
secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY;
secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY;
secret/data/products/infrastructure-experience/ci/common RH_OPENSHIFT_TOKEN;
# Official action does not support profiles
- name: Add profile credentials to ~/.aws/credentials
run: |
aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set region ${{ env.TESTS_AWS_REGION }} --profile ${{ env.AWS_PROFILE }}
- name: Delete clusters
id: delete_clusters
timeout-minutes: 125
uses: ./.github/actions/rosa-cleanup-clusters
env:
RH_TOKEN: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
AWS_REGION: ${{ env.TESTS_AWS_REGION }}
with:
tf-bucket: ${{ env.TF_S3_BUCKET }}
tf-bucket-region: ${{ env.TF_S3_REGION }}
max-age-hours-cluster: ${{ env.MAX_AGE_HOURS_CLUSTER }}
# There are cases where the deletion of resources fails due to dependencies.
- name: Retry delete clusters
id: retry_delete_clusters
if: failure() && steps.delete_clusters.outcome == 'failure'
timeout-minutes: 125
uses: ./.github/actions/rosa-cleanup-clusters
env:
RH_TOKEN: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
AWS_REGION: ${{ env.TESTS_AWS_REGION }}
with:
tf-bucket: ${{ env.TF_S3_BUCKET }}
tf-bucket-region: ${{ env.TF_S3_REGION }}
max-age-hours-cluster: 0 # the previous step alters the age and resets it to 0
- name: Notify in Slack in case of failure
id: slack-notification
if: failure() && github.event_name == 'schedule' && steps.retry_delete_clusters.outcome == 'failure'
uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@d809dbc4cd95c04cb3a00fc043aa31ef6b590515 # 1.2.7
with:
vault_addr: ${{ secrets.VAULT_ADDR }}
vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}