-
Notifications
You must be signed in to change notification settings - Fork 1
100 lines (87 loc) · 4.23 KB
/
daily-cleanup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
---
name: Daily cleanup cluster
on:
workflow_dispatch:
inputs:
max_age_hours_cluster:
description: Maximum age of clusters in hours
required: true
default: '20'
pull_request:
# the paths should be synced with ../labeler.yml
paths:
- .github/workflows/daily-cleanup.yml
- .github/actions/rosa-cleanup-clusters/**
schedule:
- cron: 0 1 * * * # At 01:00 everyday.
env:
MAX_AGE_HOURS_CLUSTER: ${{ github.event.inputs.max_age_hours_cluster || '20' }}
AWS_PROFILE: infex
# please keep those variables synced with tests.yml
TESTS_AWS_REGION: eu-west-2
TF_S3_BUCKET: tests-rosa-tf-state-eu-central-1
TF_S3_REGION: eu-central-1
jobs:
cleanup-clusters:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
ref: ${{ github.head_ref }}
fetch-depth: 0
- name: Install tooling using asdf
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
- name: Use repo .tool-version as global version
run: cp .tool-versions ~/.tool-versions
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
exportEnv: false
secrets: |
secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY;
secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY;
secret/data/products/infrastructure-experience/ci/common RH_OPENSHIFT_TOKEN;
# Official action does not support profiles
- name: Add profile credentials to ~/.aws/credentials
run: |
aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set region ${{ env.TESTS_AWS_REGION }} --profile ${{ env.AWS_PROFILE }}
- name: Delete clusters
id: delete_clusters
timeout-minutes: 125
uses: ./.github/actions/rosa-cleanup-clusters
env:
RH_TOKEN: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
AWS_REGION: ${{ env.TESTS_AWS_REGION }}
with:
tf-bucket: ${{ env.TF_S3_BUCKET }}
tf-bucket-region: ${{ env.TF_S3_REGION }}
max-age-hours-cluster: ${{ env.MAX_AGE_HOURS_CLUSTER }}
# There are cases where the deletion of resources fails due to dependencies.
- name: Retry delete clusters
id: retry_delete_clusters
if: failure() && steps.delete_clusters.outcome == 'failure'
timeout-minutes: 125
uses: ./.github/actions/rosa-cleanup-clusters
env:
RH_TOKEN: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
AWS_REGION: ${{ env.TESTS_AWS_REGION }}
with:
tf-bucket: ${{ env.TF_S3_BUCKET }}
tf-bucket-region: ${{ env.TF_S3_REGION }}
max-age-hours-cluster: ${{ env.MAX_AGE_HOURS_CLUSTER }}
- name: Notify in Slack in case of failure
id: slack-notification
if: failure() && github.event_name == 'schedule' && steps.retry_delete_clusters.outcome == 'failure'
uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@40267cc05c12123b0eb8aa7bad1e90217a6fb36d # main
with:
vault_addr: ${{ secrets.VAULT_ADDR }}
vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}