integration-cleanup #7024
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: integration-cleanup | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: "0 * * * *" | |
permissions: | |
id-token: write # Required for obtaining AWS OIDC federated credential. | |
env: | |
GCRGC_VERSION: 0.4.8 | |
jobs: | |
gcp: | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./tools/reaper | |
steps: | |
- name: Checkout | |
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
with: | |
repository: fluxcd/test-infra | |
- name: Setup Go | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: 1.23.x | |
cache-dependency-path: ./tools/reaper/go.sum | |
- name: Setup bin dir | |
run: mkdir -p ~/.local/bin | |
- name: Populate local env | |
# This is needed to be able to use the global env as local env in cache | |
# key. | |
run: echo "GCRGC_VERSION=${GCRGC_VERSION}" >> $GITHUB_ENV | |
- name: Cache gcrgc | |
id: cache-gcrgc | |
uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0 | |
with: | |
path: ~/.local/bin/gcrgc | |
key: gcrgc-${{ env.GCRGC_VERSION }} | |
- name: Install gcrgc | |
if: steps.cache-gcrgc.outputs.cache-hit != 'true' | |
run: | | |
cd $(mktemp -d) | |
wget https://github.com/graillus/gcrgc/releases/download/v${GCRGC_VERSION}/gcrgc_${GCRGC_VERSION}_linux_amd64.tar.gz -O - | tar xz | |
mv gcrgc ~/.local/bin/ | |
- name: Authenticate to Google Cloud | |
uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6 | |
with: | |
credentials_json: '${{ secrets.CLEANUP_E2E_GOOGLE_CREDENTIALS }}' | |
- name: Setup gcloud | |
uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7 # v2.1.1 | |
- name: Run gcrgc | |
# Cleanup all the GCR repositories in the project. They are not tracked | |
# by terraform used to provision test infra and are left behind. | |
run: gcrgc gcr.io/${{ vars.TF_VAR_gcp_project_id }} --retention-period 1h | |
- name: Run reaper | |
run: go run ./ -provider gcp -gcpproject ${{ vars.TF_VAR_gcp_project_id }} -retention-period 1h -tags 'ci=true' -delete | |
azure: | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./tools/reaper | |
if: false | |
steps: | |
- name: Checkout | |
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
with: | |
repository: fluxcd/test-infra | |
- name: Setup Go | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: 1.23.x | |
cache-dependency-path: ./tools/reaper/go.sum | |
- name: Authenticate to Azure | |
uses: Azure/login@a65d910e8af852a8061c627c456678983e180302 # v1.4.6 | |
with: | |
creds: '{"clientId":"${{ secrets.CLEANUP_E2E_AZ_ARM_CLIENT_ID }}","clientSecret":"${{ secrets.CLEANUP_E2E_AZ_ARM_CLIENT_SECRET }}","subscriptionId":"${{ secrets.CLEANUP_E2E_AZ_ARM_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.CLEANUP_E2E_AZ_ARM_TENANT_ID }}"}' | |
- name: Run reaper | |
run: go run ./ -provider azure -retention-period 1h -tags 'ci=true' -delete | |
aws: | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./tools/reaper | |
if: true | |
steps: | |
- name: Checkout | |
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
with: | |
repository: fluxcd/test-infra | |
- name: Setup Go | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: 1.23.x | |
cache-dependency-path: ./tools/reaper/go.sum | |
- name: Authenticate to AWS | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
with: | |
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.CLEANUP_E2E_AWS_ASSUME_ROLE_NAME }} | |
role-session-name: cleanup_GH_Actions | |
aws-region: ${{ vars.AWS_REGION }} | |
- name: Run reaper | |
run: go run ./ -provider aws-nuke -awsregions '${{ vars.AWS_REGION }},${{ vars.OCI_E2E_TF_VAR_cross_region }}' -retention-period 1h -tags 'ci=true' -delete |