Skip to content

Commit 8afe8ea

Browse files
james00012james00012
committed
docs: add concise comments to nuke-account.yml
1 parent d98fb62 commit 8afe8ea

File tree

1 file changed

+9
-2
lines changed

1 file changed

+9
-2
lines changed

.github/workflows/nuke-account.yml

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
# Reusable workflow for nuking resources in a single AWS account.
2+
# Called by nuke.yml with account-specific parameters.
13
name: Nuke Account
24

35
on:
@@ -19,6 +21,7 @@ on:
1921

2022
env:
2123
MISE_VERSION: '2025.12.10'
24+
# Resources excluded across all accounts to prevent breaking infrastructure
2225
COMMON_EXCLUDES: >-
2326
--exclude-resource-type iam
2427
--exclude-resource-type iam-group
@@ -35,6 +38,7 @@ env:
3538
--exclude-resource-type ec2-subnet
3639
3740
jobs:
41+
# Nuke global resources (IAM, S3, Route53, etc.) - runs in us-east-1
3842
global:
3943
name: "${{ inputs.account_name }}: Global"
4044
runs-on: ubuntu-latest
@@ -71,6 +75,7 @@ jobs:
7175
--delete-unaliased-kms-keys --log-level info 2>&1 | tee /tmp/nuke-global.log
7276
EXIT_CODE=${PIPESTATUS[0]}
7377
78+
# Count deleted/failed resources for reporting
7479
DELETED=$(grep -c "\[Deleted\]" /tmp/nuke-global.log 2>/dev/null) || DELETED=0
7580
ERRORS=$(grep -c "\[Failed\]" /tmp/nuke-global.log 2>/dev/null) || ERRORS=0
7681
echo "deleted_count=${DELETED}" >> $GITHUB_OUTPUT
@@ -85,12 +90,13 @@ jobs:
8590
path: /tmp/nuke-global.log
8691
retention-days: 7
8792

93+
# Nuke regional resources across all supported regions in parallel
8894
regional:
8995
name: "${{ inputs.account_name }}: ${{ matrix.region }}"
9096
runs-on: ubuntu-latest
9197
timeout-minutes: 20
9298
strategy:
93-
fail-fast: false
99+
fail-fast: false # Continue other regions even if one fails
94100
matrix:
95101
region:
96102
- ap-northeast-1
@@ -157,13 +163,14 @@ jobs:
157163
path: /tmp/nuke-${{ matrix.region }}.log
158164
retention-days: 7
159165

166+
# Aggregate results and send Slack notification
160167
notify:
161168
name: "${{ inputs.account_name }}: Notify"
162169
runs-on: ubuntu-latest
163170
if: always()
164171
needs: [global, regional]
165172
steps:
166-
# Always use PhxDevOps role - Slack webhook is stored in PhxDevOps Secrets Manager
173+
# Use PhxDevOps role to access Slack webhook stored in Secrets Manager
167174
- uses: aws-actions/configure-aws-credentials@v4
168175
with:
169176
role-to-assume: arn:aws:iam::087285199408:role/cloud-nuke-gha

0 commit comments

Comments
 (0)