-
Notifications
You must be signed in to change notification settings - Fork 4
76 lines (65 loc) · 2.82 KB
/
scheduled-workspace-cleanup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
name: "[Scheduled] Cleanup PR Workspaces"
on:
schedule:
# 6am and 6pm every day except Sundays
- cron: '0 6,18 * * 0-6'
workflow_call:
permissions:
contents: read
security-events: none
pull-requests: none
actions: none
checks: none
deployments: none
issues: none
packages: none
repository-projects: none
statuses: none
jobs:
terraform_environment_cleanup:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v3
- name: Set Terraform version
working-directory: ./terraform/environment
id: set-terraform-version
run: |
TF_VERSION=$(cat .terraform-version)
echo "TF_VERSION=$TF_VERSION" >> $GITHUB_OUTPUT
- uses: hashicorp/setup-terraform@7f4493e15578a47490e79892b308bf23dee56c45 # pin@v2
with:
terraform_version: ${{ steps.set-terraform-version.outputs.TF_VERSION }}
terraform_wrapper: false
- uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # [email protected]
with:
ssh-private-key: ${{ secrets.USE_AN_LPA_DEPLOY_KEY_PRIVATE_KEY }}
- name: configure AWS credentials for getting pagerduty token
uses: aws-actions/configure-aws-credentials@a78e788c51463a506fbaaec784bab37f73afb4e8 # [email protected]
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
role-to-assume: arn:aws:iam::367815980639:role/opg-use-an-lpa-ci
aws-region: eu-west-1
role-duration-seconds: 1800
role-session-name: OPGUseAnLPADevAssumeGithubAction
- name: set pagerduty token
run: |
export TF_VAR_pagerduty_token=$(aws secretsmanager get-secret-value --secret-id \
pagerduty_api_key --region eu-west-1 | jq -r '.SecretString' 2>/dev/null)
echo "::add-mask::$TF_VAR_pagerduty_token"
echo TF_VAR_pagerduty_token=$TF_VAR_pagerduty_token >> $GITHUB_ENV
- name: configure AWS credentials for terraform
uses: aws-actions/configure-aws-credentials@a78e788c51463a506fbaaec784bab37f73afb4e8 # [email protected]
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
aws-region: eu-west-1
role-duration-seconds: 3600
role-session-name: OPGUseAnLPATerraformGithubAction
- name: terraform init
working-directory: ./terraform/environment
run: terraform init -input=false
- name: clean up ephemeral environments
working-directory: ./terraform/environment
run: |
../../scripts/pipeline/workspace_cleanup/workspace_cleanup.sh $(../../scripts/pipeline/workspace_cleanup/get_workspaces_linux)