diff --git a/.github/workflows/task-defnition-cleanup.yaml b/.github/workflows/task-defnition-cleanup.yaml index e6c1c950d6..086b91062b 100644 --- a/.github/workflows/task-defnition-cleanup.yaml +++ b/.github/workflows/task-defnition-cleanup.yaml @@ -19,5 +19,133 @@ jobs: - name: Checkout Repository uses: actions/checkout@v3 - - name: echo hello - run: echo hello + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }} + aws-region: us-gov-west-1 + role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }} + role-skip-session-tagging: true + role-duration-seconds: 1800 + + - name: Cleanup Old ECS Task Definitions + env: + AWS_REGION: "us-gov-west-1" + DRY_RUN: ${{ github.event.inputs.dry_run || 'false' }} + run: | + #!/bin/bash + set -e + + # Configuration + MAX_REV=10 + REGION=$AWS_REGION + DRY_RUN=$DRY_RUN + + echo "Starting ECS Task Definitions cleanup in region: $REGION" + echo "Dry run mode: $DRY_RUN" + + # Function to deregister task definitions or perform dry run + deregister_task_definition() { + local task_def=$1 + if [ "$DRY_RUN" = "true" ]; then + echo "[Dry Run] Would deregister task definition: $task_def" + else + echo "Deregistering task definition: $task_def" + aws ecs deregister-task-definition --task-definition "$task_def" --region "$REGION" + echo "Deregistered $task_def" + fi + } + + # Function to list all task definitions with pagination + list_all_task_definitions() { + local family_filter=$1 + local next_token="" + local task_defs=() + + while : ; do + if [ -z "$family_filter" ]; then + if [ -z "$next_token" ]; then + response=$(aws ecs list-task-definitions \ + --region "$REGION" \ + --max-items 1000 \ + --output json \ + --query '{taskDefinitionArns: taskDefinitionArns, nextToken: nextToken}') + else + response=$(aws ecs list-task-definitions \ + --region "$REGION" \ + --max-items 1000 \ + --starting-token "$next_token" \ + --output json \ + --query '{taskDefinitionArns: taskDefinitionArns, nextToken: nextToken}') + fi + else + if [ -z "$next_token" ]; then + response=$(aws ecs list-task-definitions \ + --region "$REGION" \ + --family-prefix "$family_filter" \ + --sort DESC \ + --max-items 1000 \ + --output json \ + --query '{taskDefinitionArns: taskDefinitionArns, nextToken: nextToken}') + else + response=$(aws ecs list-task-definitions \ + --region "$REGION" \ + --family-prefix "$family_filter" \ + --sort DESC \ + --max-items 1000 \ + --starting-token "$next_token" \ + --output json \ + --query '{taskDefinitionArns: taskDefinitionArns, nextToken: nextToken}') + fi + fi + + # Extract task definitions + current_batch=$(echo "$response" | jq -r '.taskDefinitionArns[]') + task_defs+=($current_batch) + + # Extract nextToken (note correct case) + next_token=$(echo "$response" | jq -r '.nextToken // empty') + + if [ -z "$next_token" ]; then + break + fi + done + + echo "${task_defs[@]}" + } + + # Retrieve all task definitions ARNs + echo "Fetching all ECS Task Definitions..." + TASK_DEFINITIONS=$(list_all_task_definitions) + + declare -A TASK_FAMILY_MAP + + # Organize task definitions by family, filtering only families with "api" in their name + for TD in $TASK_DEFINITIONS; do + FAMILY=$(echo $TD | awk -F':' '{print $7}' | awk -F'/' '{print $2}') + # Check if the family name contains "api" (case-insensitive) + if [[ "$FAMILY" =~ [Aa][Pp][Ii] ]]; then + TASK_FAMILY_MAP["$FAMILY"]+="$TD " + fi + done + + # Iterate over each filtered family and deregister older revisions + for FAMILY in "${!TASK_FAMILY_MAP[@]}"; do + echo "Processing Task Family: $FAMILY" + + # List all revisions for the family with pagination + REVISIONS=$(list_all_task_definitions "$FAMILY") + + REV_COUNT=0 + for REV in $REVISIONS; do + REV_COUNT=$((REV_COUNT + 1)) + if [ "$REV_COUNT" -le "$MAX_REV" ]; then + echo "Keeping revision $REV_COUNT: $REV" + else + deregister_task_definition "$REV" + fi + done + done + + echo "ECS Task Definitions cleanup completed successfully." \ No newline at end of file