AEA-3233 add action to delete old stacks (#91)

Author: anthony-nhs

.github/workflows/delete_old_cloudformation_stacks.yml

@@ -0,0 +1,54 @@
+name: 'Delete old cloudformation stacks'
+
+# Controls when the action will run - in this case triggered manually
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * *"
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "combine-prs"
+  delete-old-cloudformation-stacks:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    permissions:
+        id-token: write
+        contents: read
+  
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
+          role-session-name: github-actions
+
+      - name: delete stacks
+        shell: bash
+        run: |
+            ACTIVE_STACKS=$(aws cloudformation list-stacks |
+            jq -r '.StackSummaries[] | 
+            select ( .StackStatus != "DELETE_COMPLETE" ) |
+            select( .StackName | capture("^PR-(sandbox-)?(\\d+)$") ) 
+            | .StackName ')
+
+            ACTIVE_STACKS_ARRAY=( $ACTIVE_STACKS )
+
+            for i in "${ACTIVE_STACKS_ARRAY[@]}"
+            do 
+                echo "Checking if stack $i has open pull request"
+                PULL_REQUEST=${i//PR-/}
+                PULL_REQUEST=${PULL_REQUEST//sandbox-/}
+                echo "Checking pull request id ${PULL_REQUEST}"
+                URL="https://api.github.com/repos/NHSDigital/prescriptionsforpatients/pulls/${PULL_REQUEST}"
+                RESPONSE=$(curl ${URL} 2>/dev/null)
+                STATE=$(echo ${RESPONSE} | jq -r .state)
+                if [ "$STATE" == "closed" ]; then
+                    echo "** going to delete stack $i as state is ${STATE} **"
+                    aws cloudformation delete-stack --stack-name ${i}
+                else
+                    echo "not going to delete stack $i as state is ${STATE}"
+                fi
+            done

cloudformation/ci_resources.yml

@@ -50,6 +50,7 @@ Resources:
                   - "cloudformation:ExecuteChangeSet"
                   - "cloudformation:DescribeStackEvents"
                   - "cloudformation:GetTemplateSummary"
+                  - "cloudformation:ListStacks"
                 Resource: "*"
         - PolicyName: AssumeExecutionRole
           PolicyDocument: