Nightly AWS Region Cleanup #66
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Nightly AWS Region Cleanup | |
| on: | |
| schedule: | |
| - cron: '0 5 * * 1-5' | |
| workflow_dispatch: | |
| env: | |
| AWS_PROFILE: infex | |
| jobs: | |
| aws-nightly-cleanup: | |
| runs-on: ubuntu-latest | |
| # Other dependencies from hosted runner | |
| # AWS CLI | |
| # indirectly node used by actions | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 | |
| - name: Install tooling using asdf | |
| uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3 | |
| - name: Print used versions | |
| shell: bash | |
| run: | | |
| asdf current | |
| - name: Import Secrets | |
| id: secrets | |
| uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3 | |
| with: | |
| url: ${{ secrets.VAULT_ADDR }} | |
| method: approle | |
| roleId: ${{ secrets.VAULT_ROLE_ID }} | |
| secretId: ${{ secrets.VAULT_SECRET_ID }} | |
| exportEnv: false | |
| secrets: | | |
| secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY; | |
| secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY; | |
| # Official action does not support profiles | |
| - name: Add profile credentials to ~/.aws/credentials | |
| run: | | |
| aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }} | |
| aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }} | |
| aws configure set region eu-west-2 --profile ${{ env.AWS_PROFILE }} | |
| - name: Install Cloud Nuke | |
| run: | | |
| wget "https://github.com/gruntwork-io/cloud-nuke/releases/download/${CLOUD_NUKE_VERSION}/cloud-nuke_linux_amd64" | |
| chmod +x cloud-nuke_linux_amd64 | |
| env: | |
| # renovate: datasource=github-tags depName=gruntwork-io/cloud-nuke | |
| CLOUD_NUKE_VERSION: v0.35.0 | |
| # This is likely to fail, therefore we ignore the error | |
| # We're ignoring ec2_dhcp_option as they couldn't be deleted | |
| # cloudtrail is managed by IT and can't be deleted either | |
| - name: Run Cloud Nuke | |
| timeout-minutes: 45 | |
| env: | |
| DISABLE_TELEMETRY: "true" | |
| run: | | |
| ./cloud-nuke_linux_amd64 aws \ | |
| --region eu-west-2 \ | |
| --region eu-west-3 \ | |
| --force \ | |
| --newer-than 4h \ | |
| --exclude-resource-type ec2_dhcp_option \ | |
| --exclude-resource-type cloudtrail || true | |
| # Following will delete global resources and things that cloud-nuke does not support | |
| - name: Delete additional AWS resources | |
| timeout-minutes: 15 | |
| run: .github/workflows/scripts/aws_cleanup.sh | |
| # The second run should remove the remaining resources (VPCs) and fail if there's anything left | |
| - name: Run Cloud Nuke | |
| timeout-minutes: 45 | |
| env: | |
| DISABLE_TELEMETRY: "true" | |
| run: | | |
| ./cloud-nuke_linux_amd64 aws \ | |
| --region eu-west-2 \ | |
| --region eu-west-3 \ | |
| --force \ | |
| --newer-than 4h \ | |
| --exclude-resource-type ec2_dhcp_option \ | |
| --exclude-resource-type cloudtrail |