betagouv/service-national-universel

name: Clean resources

on:
  workflow_dispatch:
  schedule:
    - cron: "37 01 * * *"

jobs:
  clean_image_tags_prod:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        app:
          [
            { name: api, lifetime: "2 month" },
            { name: app, lifetime: "2 month" },
            { name: admin, lifetime: "2 month" },
            { name: antivirus, lifetime: "1 year" },
          ]

    steps:
      - name: Git checkout
        uses: actions/checkout@v4

      - name: Clean Images
        uses: ./.github/actions/clean_image_tags
        with:
          registry: "${{ secrets.SCW_PROD_IMAGE_REGISTRY }}"
          secret_key: "${{ secrets.SCW_PROD_DEPLOY_SECRET_KEY }}"
          image_name: ${{ matrix.app.name }}
          lifetime: ${{ matrix.app.lifetime }}

  clean_image_tags_ci:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        app_name: [admin, api, app]

    steps:
      - name: Git checkout
        uses: actions/checkout@v4

      - name: Clean Images
        uses: ./.github/actions/clean_image_tags
        with:
          registry: "${{ secrets.SCW_CI_IMAGE_REGISTRY }}"
          secret_key: "${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }}"
          image_name: ${{ matrix.app_name }}

  clean_ci_environments:
    runs-on: ubuntu-latest
    needs: clean_image_tags_ci
    env:
      SCW_SECRET_KEY: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }}
      region: fr-par
      registry: ${{ secrets.SCW_CI_IMAGE_REGISTRY }}
    steps:
      - uses: actions/checkout@v4
      - uses: hashicorp/setup-terraform@v3

      - name: Get registry ID
        id: registry_id
        run: |
          registry_name=$(echo "${{ env.registry }}" | cut -d "/" -f 2)
          echo $registry_name
          registry_id=$(
            curl -sX GET -H "X-Auth-Token: $SCW_SECRET_KEY" \
              "https://api.scaleway.com/registry/v1/regions/${{ env.region }}/namespaces?name=${{ steps.registry_name.outputs.registry_name }}" \
            | jq -r ".namespaces[0].id"
          )
          echo $registry_id
          echo "registry_id=$registry_id" >> $GITHUB_OUTPUT

      - name: Get images
        working-directory: terraform/environments/ci
        run: |
          curl -sX GET -H "X-Auth-Token: $SCW_SECRET_KEY" \
            "https://api.scaleway.com/registry/v1/regions/${{ env.region }}/images?namespace_id=${{ steps.registry_id.outputs.registry_id }}&name=${{ env.image_name }}" \
            | jq -r '.images[]|"\(.id) \(.name)"' \
            > images.txt
          cat images.txt

      - name: Clean environments using deleted image
        env:
          SCW_ACCESS_KEY: ${{ secrets.SCW_CI_DEPLOY_ACCESS_KEY }}
          SCW_SECRET_KEY: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }}
          PG_CONN_STR: ${{ secrets.SCW_CI_BACKEND_CONN_STR }}
          PGUSER: ${{ secrets.SCW_CI_BACKEND_USER }}
          PGPASSWORD: ${{ secrets.SCW_CI_BACKEND_PASSWORD }}
          project_id: 1b29c5d9-9723-400a-aa8b-0c85ae3567f7
        working-directory: terraform/environments/ci
        run: |
          # Get all CI container namespaces
          # the grep excludes snu-ci namespace
          namespace_id=$(
            curl -sX GET -H "X-Auth-Token: $SCW_SECRET_KEY" \
              "https://api.scaleway.com/containers/v1beta1/regions/${{env.region}}/namespaces?project_id=${{env.project_id}}&name=snu-custom" \
            | jq -r '.namespaces[].id'
          )

          # Get containers
          # [27:] truncates "rg.fr-par.scw.cloud/snu-ci/"
          curl -sX GET -H "X-Auth-Token: $SCW_SECRET_KEY" \
            "https://api.scaleway.com/containers/v1beta1/regions/${{env.region}}/containers?namespace_id=$namespace_id" \
            | jq -r '.containers[]|"\(.name) \(.registry_image[27:])"' \
            > containers.txt

          touch env_names.txt

          cat containers.txt \
          | while read container
          do
            name=$(echo "$container" | cut -d " " -f 1)
            registry=$(echo "$container" | cut -d " " -f 2)

            app_name=$(echo "$registry" | cut -d ":" -f 1)
            image_tag=$(echo "$registry" | cut -d ":" -f 2)
            image_id=$(cat images.txt | grep $app_name | cut -d " " -f 1)

            env_name=$(echo $name | sed 's/^\(.*\)-.*$/\1/')

            tag_exists=$(
              curl -sX GET -H "X-Auth-Token: $SCW_SECRET_KEY" \
                "https://api.scaleway.com/registry/v1/regions/${{ env.region }}/images/$image_id/tags?name=$image_tag" \
              | jq -r ".total_count"
            )
            if [[ $tag_exists == 0 ]]
            then
              echo "Image $app_name:$image_tag does not exist for environment $env_name."
              echo $env_name >> env_names.txt
            else
              echo "Image $app_name:$image_tag exists for environment $env_name."
            fi

          done

          uniq env_names.txt \
          | while read env_name
          do
            echo "Deleting environment $env_name"
            cp -R custom $env_name
            cd $env_name
            sed -i".bak" "s|###___ENV_NAME___###|$env_name|g" main.tf
            terraform init
            terraform apply -no-color -input=false -lock-timeout=15m -auto-approve -destroy \
              -var="api_image_tag=latest" \
              -var="admin_image_tag=latest" \
              -var="app_image_tag=latest" || true
            cd ..
          done