-
Notifications
You must be signed in to change notification settings - Fork 2
84 lines (71 loc) · 3.01 KB
/
cleanup-resource-groups.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# cleanup - (useful after failed build/destroy workflows)
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
# https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions
name: cleanup
# name of GitHub event that triggers workflow
# https://help.github.com/en/actions/reference/events-that-trigger-workflows#watch-event-watch
on:
# trigger via webhook
# https://github.com/adamrushuk/devops-lab/blob/master/TriggerCustomAction.ps1#L28
repository_dispatch:
types: [cleanup]
# enable manual workflow
# https://docs.github.com/en/actions/configuring-and-managing-workflows/configuring-a-workflow#manually-running-a-workflow
workflow_dispatch:
inputs: {}
# permissions for oidc login
# https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
# global environment variables
# https://help.github.com/en/actions/configuring-and-managing-workflows/using-environment-variables
env:
# prefix: used for some globally unique name requirements
PREFIX: arshz
# azure creds (used with OIDC auth)
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
jobs:
cleanup:
# always pin versions
# view installed software: https://help.github.com/en/actions/reference/software-installed-on-github-hosted-runners
runs-on: ubuntu-22.04
# https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idenvironment
environment:
name: dev
# only run if owner triggered action
if: github.actor == github.event.repository.owner.login
steps:
# Checkout
# Reference the major version of a release
# https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#example-using-versioned-actions
- uses: actions/checkout@v4
# Init tasks
- name: Init
run: |
chmod -R +x ./scripts/
# Login
# https://github.com/Azure/login
- name: Login via OIDC to Azure Public Cloud (az cli and az powershell)
uses: azure/login@v1
with:
client-id: ${{ secrets.ARM_CLIENT_ID }}
tenant-id: ${{ secrets.ARM_TENANT_ID }}
subscription-id: ${{ secrets.ARM_SUBSCRIPTION_ID }}
enable-AzPSSession: true
# Cleanup
- name: Delete all resource groups
uses: azure/powershell@v1
with:
azPSVersion: "latest"
inlineScript: |
./scripts/cleanup.ps1 -ResourceGroupPrefix "${{ env.PREFIX }}"
# Notify
- name: Notify slack
continue-on-error: true
env:
SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
run: ./scripts/send_slack_message.sh "[devops-lab] Cleanup complete"