airbnb/superset

name: Cleanup ephemeral envs (PR close)

on:
  pull_request_target:
    types: [closed]

jobs:
  config:
    runs-on: "ubuntu-latest"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
      - name: "Check for secrets"
        id: check
        shell: bash
        run: |
          if [ -n "${{ (secrets.AWS_ACCESS_KEY_ID != '' && secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi

  ephemeral-env-cleanup:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Cleanup ephemeral envs
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-west-2

      - name: Describe ECS service
        id: describe-services
        run: |
          echo "active=$(aws ecs describe-services --cluster superset-ci --services pr-${{ github.event.number }}-service | jq '.services[] | select(.status == "ACTIVE") | any')" >> $GITHUB_OUTPUT

      - name: Delete ECS service
        if: steps.describe-services.outputs.active == 'true'
        id: delete-service
        run: |
          aws ecs delete-service \
          --cluster superset-ci \
          --service pr-${{ github.event.number }}-service \
          --force

      - name: Login to Amazon ECR
        if: steps.describe-services.outputs.active == 'true'
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2

      - name: Delete ECR image tag
        if: steps.describe-services.outputs.active == 'true'
        id: delete-image-tag
        run: |
          aws ecr batch-delete-image \
          --registry-id $(echo "${{ steps.login-ecr.outputs.registry }}" | grep -Eo "^[0-9]+") \
          --repository-name superset-ci \
          --image-ids imageTag=pr-${{ github.event.number }}

      - name: Comment (success)
        if: steps.describe-services.outputs.active == 'true'
        uses: actions/github-script@v7
        with:
          github-token: ${{github.token}}
          script: |
            github.rest.issues.createComment({
              issue_number: ${{ github.event.number }},
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: 'Ephemeral environment shutdown and build artifacts deleted.'
            })