Skip to content
Cleanup AWS ECS Task Definitions

Cleanup AWS ECS Task Definitions #4

Sign in to view logs

Cleanup AWS ECS Task Definitions

Cleanup AWS ECS Task Definitions #4

Workflow file for this run

.github/workflows/task-defnition-cleanup.yaml at 714b907
name: Cleanup AWS ECS Task Definitions
on:
schedule:
- cron: '0 0 * * 0' # weekly -- Sunday at 00:00 UTC
workflow_dispatch:
inputs:
dry_run:
description: 'Perform a dry run without deregistering task definitions'
required: true
default: false
type: boolean
jobs:
cleanup-task-definitions:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }}
aws-region: us-gov-west-1
role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }}
role-skip-session-tagging: true
role-duration-seconds: 1800
- name: Cleanup Old ECS Task Definitions
env:
DRY_RUN: ${{ github.event.inputs.dry_run || 'false' }}
run: |
#!/bin/bash
set -e
# Configuration
MAX_REV=10
REGION="us-gov-west-1"
DRY_RUN=$DRY_RUN
echo "Starting ECS Task Definitions cleanup..."
echo "Dry run mode: $DRY_RUN"
# Function to deregister task definitions or perform dry run
deregister_task_definition() {
local task_def=$1
if [ "$DRY_RUN" = "true" ]; then
echo "[Dry Run] Would deregister task definition: $task_def"
else
echo "Deregistering task definition: $task_def"
aws ecs deregister-task-definition --task-definition "$task_def" --region "$REGION"
echo "Deregistered $task_def"
fi
}
# Function to list all task definitions with pagination
list_all_task_definitions() {
local family_filter=$1
local next_token=""
local task_defs=()
while true; do
if [ -z "$family_filter" ]; then
response=$(aws ecs list-task-definitions \
--region "$REGION" \
--output json \
--query 'taskDefinitionArns' \
--max-items 1000)
else
response=$(aws ecs list-task-definitions \
--region "$REGION" \
--family-prefix "$family_filter" \
--sort DESC \
--output json \
--query 'taskDefinitionArns' \
--max-items 1000)
fi
# Extract task definitions
current_batch=$(echo "$response" | jq -r '.taskDefinitionArns[]')
task_defs+=($current_batch)
# Check for NextToken
next_token=$(echo "$response" | jq -r '.NextToken // empty')
if [ -z "$next_token" ]; then
break
fi
done
echo "${task_defs[@]}"
}
# Retrieve all task definitions ARNs
echo "Fetching all ECS Task Definitions..."
TASK_DEFINITIONS=$(list_all_task_definitions)
declare -A TASK_FAMILY_MAP
# Organize task definitions by family, filtering only families with "api" in their name
for TD in $TASK_DEFINITIONS; do
FAMILY=$(echo $TD | awk -F':' '{print $7}' | awk -F'/' '{print $2}')
# Check if the family name contains "api" (case-insensitive)
if [[ "$FAMILY" =~ [Aa][Pp][Ii] ]]; then
TASK_FAMILY_MAP["$FAMILY"]+="$TD "
fi
done
# Iterate over each filtered family and deregister older revisions
for FAMILY in "${!TASK_FAMILY_MAP[@]}"; do
echo "Processing Task Family: $FAMILY"
# List all revisions for the family with pagination
REVISIONS=$(list_all_task_definitions "$FAMILY")
REV_COUNT=0
for REV in $REVISIONS; do
REV_COUNT=$((REV_COUNT + 1))
if [ "$REV_COUNT" -le "$MAX_REV" ]; then
echo "Keeping revision $REV_COUNT: $REV"
else
deregister_task_definition "$REV"
fi
done
done
echo "ECS Task Definitions cleanup completed successfully."