Cleanup Azure self hosted runners #26
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Cleanup Azure self hosted runners | |
run-name: Cleanup Azure self hosted runners | |
on: | |
schedule: | |
# Run every 6 hours | |
- cron: "0 */6 * * *" | |
workflow_dispatch: | |
# The following secrets are required for this workflow to run: | |
# AZURE_CLIENT_ID - Service Principal Client ID | |
# AZURE_CLIENT_SECRET - Service Principal Client Secret | |
# AZURE_TENANT_ID - Service Principal Tenant ID (it's fine if the Service Principal is bound to a single tenant only) | |
# AZURE_SUBSCRIPTION_ID - Azure Subscription ID | |
# You can run this command to generate the required credentials:: | |
# az ad sp create-for-rbac --name "{YOUR_DESCRIPTIVE_NAME_HERE}" --role contributor \ | |
# --scopes /subscriptions/{SUBSCRIPTION_ID_HERE}/resourceGroups/{RESOURCE_GROUP_HERE} \ | |
# --sdk-auth | |
# AZURE_RESOURCE_GROUP - Resource group to find the runner(s) in. It's recommended to set up a resource | |
# group specifically for self-hosted Actions Runners. | |
jobs: | |
delete-runner: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Discover VMs to delete | |
env: | |
GH_APP_ID: ${{ secrets.GH_APP_ID }} | |
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
run: | | |
az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} | |
az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
active_vms=$(az vm list -g ${{ secrets.AZURE_RESOURCE_GROUP }} | jq -c '.[] | {name,timeCreated}') | |
current_time=$(date +%s) | |
one_hour_ago=$(($current_time - 3600)) | |
if [ -z "$active_vms" ]; then | |
echo "No active VMs found, nothing to do." | |
exit 0 | |
else | |
echo "Found these active VMs:" | |
echo $active_vms | |
fi | |
for active_vm in ${active_vms[@]}; do | |
vm_name=$(echo $active_vm | jq '.name') | |
# Use jq to extract and format the date-time string | |
vm_creation_time_string="$(echo $active_vm | | |
jq -r '.timeCreated | sub("\\.[0-9]+[+-][0-9]+:[0-9]+$"; "") | sub("T"; " ")')" | |
vm_creation_time=$(TZ=UTC date -d "$vm_creation_time_string" +%s) | |
if [ "$one_hour_ago" -lt "$vm_creation_time" ]; then | |
echo "::notice::The VM ${vm_name} was created less then 1 hour ago and shouldn't be deleted yet. Skipping." | |
elif test true = "$(if test ! -f .cli-authenticated; then | |
./gh-cli-auth-as-app.sh && | |
>.cli-authenticated # only authenticate once | |
fi && | |
gh api repos/$GITHUB_REPOSITORY/actions/runners \ | |
--jq '.runners[] | select(.name == "'$vm_name'") | .busy')"; then | |
echo "::notice::The VM ${vm_name} is still busy." | |
else | |
echo "::warning::The VM ${vm_name} was created more than 3 hours ago and wasn't deleted. Let's do that now." | |
az vm delete -n "$vm_name" -g ${{ secrets.AZURE_RESOURCE_GROUP }} --yes | |
az network nsg delete -n "$vm_name"-nsg -g ${{ secrets.AZURE_RESOURCE_GROUP }} | |
az network vnet delete -n "$vm_name"-vnet -g ${{ secrets.AZURE_RESOURCE_GROUP }} | |
az network public-ip delete -n "$vm_name"-ip -g ${{ secrets.AZURE_RESOURCE_GROUP }} | |
fi | |
done |