.github/workflows/clean-resources.yml
name: Clean resources
on:
workflow_dispatch:
schedule:
- cron: "37 01 * * *"
jobs:
clean_image_tags_prod:
runs-on: ubuntu-latest
strategy:
matrix:
app:
[
{ name: api, lifetime: "2 month" },
{ name: app, lifetime: "2 month" },
{ name: admin, lifetime: "2 month" },
{ name: antivirus, lifetime: "1 year" },
]
steps:
- name: Git checkout
uses: actions/checkout@v4
- name: Clean Images
uses: ./.github/actions/clean_image_tags
with:
registry: "${{ secrets.SCW_PROD_IMAGE_REGISTRY }}"
secret_key: "${{ secrets.SCW_PROD_DEPLOY_SECRET_KEY }}"
image_name: ${{ matrix.app.name }}
lifetime: ${{ matrix.app.lifetime }}
clean_image_tags_ci:
runs-on: ubuntu-latest
strategy:
matrix:
app_name: [admin, api, app]
steps:
- name: Git checkout
uses: actions/checkout@v4
- name: Clean Images
uses: ./.github/actions/clean_image_tags
with:
registry: "${{ secrets.SCW_CI_IMAGE_REGISTRY }}"
secret_key: "${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }}"
image_name: ${{ matrix.app_name }}
clean_ci_environments:
runs-on: ubuntu-latest
needs: clean_image_tags_ci
env:
SCW_SECRET_KEY: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }}
region: fr-par
registry: ${{ secrets.SCW_CI_IMAGE_REGISTRY }}
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
- name: Get registry ID
id: registry_id
run: |
registry_name=$(echo "${{ env.registry }}" | cut -d "/" -f 2)
echo $registry_name
registry_id=$(
curl -sX GET -H "X-Auth-Token: $SCW_SECRET_KEY" \
"https://api.scaleway.com/registry/v1/regions/${{ env.region }}/namespaces?name=${{ steps.registry_name.outputs.registry_name }}" \
| jq -r ".namespaces[0].id"
)
echo $registry_id
echo "registry_id=$registry_id" >> $GITHUB_OUTPUT
- name: Get images
working-directory: devops/terraform/environments/ci
run: |
curl -sX GET -H "X-Auth-Token: $SCW_SECRET_KEY" \
"https://api.scaleway.com/registry/v1/regions/${{ env.region }}/images?namespace_id=${{ steps.registry_id.outputs.registry_id }}&name=${{ env.image_name }}" \
| jq -r '.images[]|"\(.id) \(.name)"' \
> images.txt
cat images.txt
- name: Clean environments using deleted image
env:
SCW_ACCESS_KEY: ${{ secrets.SCW_CI_DEPLOY_ACCESS_KEY }}
SCW_SECRET_KEY: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }}
PG_CONN_STR: ${{ secrets.SCW_CI_BACKEND_CONN_STR }}
PGUSER: ${{ secrets.SCW_CI_BACKEND_USER }}
PGPASSWORD: ${{ secrets.SCW_CI_BACKEND_PASSWORD }}
project_id: 1b29c5d9-9723-400a-aa8b-0c85ae3567f7
working-directory: devops/terraform/environments/ci
run: |
# Get all CI container namespaces
# the grep excludes snu-ci namespace
namespace_id=$(
curl -sX GET -H "X-Auth-Token: $SCW_SECRET_KEY" \
"https://api.scaleway.com/containers/v1beta1/regions/${{env.region}}/namespaces?project_id=${{env.project_id}}&name=snu-custom" \
| jq -r '.namespaces[].id'
)
# Get containers
# [27:] truncates "rg.fr-par.scw.cloud/snu-ci/"
curl -sX GET -H "X-Auth-Token: $SCW_SECRET_KEY" \
"https://api.scaleway.com/containers/v1beta1/regions/${{env.region}}/containers?namespace_id=$namespace_id" \
| jq -r '.containers[]|"\(.name) \(.registry_image[27:])"' \
> containers.txt
touch env_names.txt
cat containers.txt \
| while read container
do
name=$(echo "$container" | cut -d " " -f 1)
registry=$(echo "$container" | cut -d " " -f 2)
app_name=$(echo "$registry" | cut -d ":" -f 1)
image_tag=$(echo "$registry" | cut -d ":" -f 2)
image_id=$(cat images.txt | grep $app_name | cut -d " " -f 1)
env_name=$(echo $name | sed 's/^\(.*\)-.*$/\1/')
tag_exists=$(
curl -sX GET -H "X-Auth-Token: $SCW_SECRET_KEY" \
"https://api.scaleway.com/registry/v1/regions/${{ env.region }}/images/$image_id/tags?name=$image_tag" \
| jq -r ".total_count"
)
if [[ $tag_exists == 0 ]]
then
echo "Image $app_name:$image_tag does not exist for environment $env_name."
echo $env_name >> env_names.txt
else
echo "Image $app_name:$image_tag exists for environment $env_name."
fi
done
uniq env_names.txt \
| while read env_name
do
echo "Deleting environment $env_name"
cp -R custom $env_name
cd $env_name
sed -i".bak" "s|###___ENV_NAME___###|$env_name|g" main.tf
terraform init
terraform apply -no-color -input=false -lock-timeout=15m -auto-approve -destroy \
-var="api_image_tag=latest" \
-var="admin_image_tag=latest" \
-var="app_image_tag=latest" || true
cd ..
done