Cloud infrastructure Cleanup #1570
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Destroys any cloud infrastructure that was deployed for the purpose of E2E testing. | |
| name: Cloud infrastructure Cleanup | |
| on: | |
| workflow_dispatch: | |
| repository_dispatch: | |
| types: [cleanup-infrastructure] | |
| schedule: | |
| - cron: "0 2 * * *" # Every day at 2AM. | |
| jobs: | |
| aws-nuke: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::726952677045:role/GitHubActionsWebinyJsAdminAccess | |
| aws-region: eu-central-1 | |
| role-duration-seconds: 7200 | |
| # We need this step because of the `aws-nuke.yml` config which is stored in our repo. | |
| - uses: actions/checkout@v4 | |
| - name: Login to GHCR | |
| run: | | |
| echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Pull aws-nuke image | |
| run: docker pull ghcr.io/ekristen/aws-nuke:v3.61.0 | |
| - name: Run AWS Nuke | |
| run: | | |
| docker run --rm \ | |
| -v ${{ github.workspace }}:/work \ | |
| -w /work \ | |
| -e AWS_ACCESS_KEY_ID="${{ env.AWS_ACCESS_KEY_ID }}" \ | |
| -e AWS_SECRET_ACCESS_KEY="${{ env.AWS_SECRET_ACCESS_KEY }}" \ | |
| -e AWS_SESSION_TOKEN="${{ env.AWS_SESSION_TOKEN }}" \ | |
| ghcr.io/ekristen/aws-nuke:v3.61.0 \ | |
| run \ | |
| --config ./.github/workflows/cleanup/aws-nuke.yml \ | |
| --no-dry-run \ | |
| --no-alias-check \ | |
| --force \ | |
| --force-sleep 3 \ | |
| --max-wait-retries 100 |