.github/workflows/cleanup-auto-deploy.yml #102
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Auto-Deploy Cleanup | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| ttl: | ||
| description: 'Hours a PR/issue has to be closed for before its deploys are cleaned up' | ||
| required: true | ||
| type: number | ||
| default: 24 | ||
| schedule: | ||
| # run around midnight australia/nz time | ||
| - cron: '0 12 * * *' | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.event_name }} | ||
| cancel-in-progress: false | ||
| permissions: | ||
| contents: write # to checkout the repo | ||
| pull-requests: write # to parse PRs for config and update them | ||
| issues: write # to parse special deploy issues and update them | ||
| jobs: | ||
| config: | ||
| name: Workflow config | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| down: ${{ steps.config.outputs.down }} | ||
| go-down: ${{ steps.config.outputs.go-down == 'true' }} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - id: setup | ||
| uses: ./.github/actions/setup-cd | ||
| with: | ||
| ops-ssh-key: ${{ secrets.TAMANU_OPS_SSH }} | ||
| tailscale-oauth: ${{ secrets.TAILSCALE_DBPROXY_ACCESS_OAUTH }} | ||
| - name: List all controlled deploys from K8s | ||
| id: list | ||
| run: | | ||
| list="" | ||
| for core in $(tailscale status --json | jq '.Peer[].HostName | select(. | test("k8s-operator-.*"))' -r); do | ||
| tailscale configure kubeconfig $core || true | ||
| if kubectl get namespace/tamanu-system; then | ||
| for ns in $(kubectl get namespace -o json | jq '.items[].metadata.name | select(. | test("tamanu-.*")) | select(. | test("tamanu-(super|system)") | not)' -r); do | ||
| control=$(kubectl -n "$ns" get configmap auto-deploy -o json | jq '.data.control' -r) | ||
| list="$list $core=$ns=$control" | ||
| done | ||
| fi | ||
| done | ||
| echo "list=$list" | tee -a "$GITHUB_OUTPUT" | ||
| - name: Figure out which deploys to clean up | ||
| id: config | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| const cwd = '${{ github.workspace }}'; | ||
| const { findDeploysToCleanUp } = await import(`${cwd}/packages/scripts/src/gha-cd-helpers.mjs`); | ||
| const controls = ${{ toJson(steps.list.outputs.list) }}; | ||
| const down = await findDeploysToCleanUp(controls, ${{ github.event.inputs.ttl || 24 }}, context, github); | ||
| console.log(down); | ||
| core.setOutput('down', JSON.stringify(down)); | ||
| core.setOutput('go-down', !!down.length); | ||
| deploy-down: | ||
| needs: config | ||
| if: needs.config.outputs.go-down == 'true' | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| include: ${{ fromJson(needs.config.outputs.down) }} | ||
| name: Undeploy ${{ matrix.name }} | ||
| uses: ./.github/workflows/cd-down.yml | ||
|
Check failure on line 77 in .github/workflows/cleanup-auto-deploy.yml
|
||
| with: | ||
| deploy-name: ${{ matrix.name }} | ||
| options: ${{ matrix.options }} | ||
| check-branch: false | ||
| ref: not needed as check branch is false | ||
| secrets: | ||
| PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | ||
| TAILSCALE_OAUTH: ${{ secrets.TAILSCALE_DBPROXY_ACCESS_OAUTH }} | ||
| TAMANU_OPS_SSH: ${{ secrets.TAMANU_OPS_SSH }} | ||
