seqeralabs · mp-seqera · Apr 25, 2025 · Apr 25, 2025 · May 6, 2025
diff --git a/009_define_file_templates.tf b/009_define_file_templates.tf
@@ -66,6 +66,7 @@ locals {
       tower_smtp_starttls_enable    = var.tower_smtp_starttls_enable,
       tower_smtp_starttles_required = var.tower_smtp_starttls_required,
       tower_smtp_ssl_protocols      = var.tower_smtp_ssl_protocols,
+      tower_workflow_cleanup_enabled = var.tower_workflow_cleanup_enabled,
 
       flag_disable_email_login = var.flag_disable_email_login,
 

diff --git a/assets/src/tower_config/tower.yml.tpl b/assets/src/tower_config/tower.yml.tpl
@@ -80,14 +80,19 @@ micronaut:
 
 ### The tower scope is used for providing config for your Tower Enterprise installation
 tower:
-
 %{ if flag_disable_email_login == true }
   # As of Tower v23.4.5, the email login option can be disabled.
   # Note: There must be an active OIDC integration configured or else this flag will be ignored.
   auth:
     disable-email: true
 %{ endif ~}
 
+%{ if tower_workflow_cleanup_enabled == true }
+  # As of Tower v25.1.0, the workflow cleanup can be enabled for AWS Batch.
+  workflow-cleanup:
+    enabled: true
+%{ endif ~}
+
   admin:
     # Control user access to personal (i.e. non-Org-based) Workspace.
     user-workspace-enabled: true

diff --git a/scripts/installer/validation/check_configuration.py b/scripts/installer/validation/check_configuration.py
@@ -223,6 +223,14 @@ def verify_email_login_disablement(data: SimpleNamespace):
                 "Seqerakit step cannot execute if email login is not active."
             )
 
+def verify_workflow_cleanup_enabled(data: SimpleNamespace):
+    """Check workflow cleanup enablement scenarios."""
+    if data.tower_workflow_cleanup_enabled:
+
+        if data.tower_container_version < "v25.1.0":
+            log_error_and_exit(
+                "Workflow cleanup can only be enabled on Platform v25.1.0+"
+            )
 
 def verify_subnet_privacy(data: SimpleNamespace):
     """Check that the assigned subnets in tfvars match the intended privacy of the Tower instance."""
@@ -630,6 +638,7 @@ def verify_redis_version(data: SimpleNamespace):
     verify_tower_groundswell(data)
     verify_docker_daemon_loggin(data)
     verify_email_login_disablement(data)
+    verify_workflow_cleanup_enabled(data)
 
     # Verify AWS integrations
     print("\n")

diff --git a/templates/TEMPLATE_terraform.tfvars b/templates/TEMPLATE_terraform.tfvars
@@ -662,6 +662,7 @@ tower_email_trusted_orgs                = "REPLACE_ME"
 tower_email_trusted_users               = "REPLACE_ME"
 
 tower_audit_retention_days              = 1095      # 3 years (value in days)
+tower_workflow_cleanup_enabled          = true      # only applicable for AWS Batch
 
 
 /*

diff --git a/variables.tf b/variables.tf
@@ -295,6 +295,7 @@ variable "tower_email_trusted_orgs" { type = string }
 variable "tower_email_trusted_users" { type = string }
 
 variable "tower_audit_retention_days" { type = number }
+variable "tower_workflow_cleanup_enabled" { type = bool }
 
 # ------------------------------------------------------------------------------------
 ## TOWER CONFIGURATION - OIDC
-Original file line number
+Diff line change
@@ Expand Up / @@ -662,6 +662,7 @@ tower_email_trusted_orgs = "REPLACE_ME" @@
     tower_email_trusted_users               = "REPLACE_ME"
     tower_audit_retention_days              = 1095      # 3 years (value in days)
+    tower_workflow_cleanup_enabled          = true      # only applicable for AWS Batch
     /*
@@ Expand Down @@