Integrate ROSA repo in the reference arch #27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Tests - Daily Cleanup - AWS OpenShift ROSA HCP Single Region | |
| # TODO: this should be rewrote to use the same module as tests do | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| max_age_hours_cluster: | |
| description: Maximum age of clusters in hours | |
| required: true | |
| default: '20' | |
| pull_request: | |
| paths: | |
| - .github/workflows/aws_openshift_rosa_hcp_single_region_daily_cleanup.yml | |
| schedule: | |
| - cron: 0 1 * * * # At 01:00 everyday. | |
| env: | |
| MAX_AGE_HOURS_CLUSTER: ${{ github.event.inputs.max_age_hours_cluster || '20' }} | |
| # please keep those variables synced with aws_rosa_hcp_tests.yml | |
| AWS_PROFILE: infex | |
| S3_BACKEND_BUCKET: tests-ra-aws-rosa-hcp-tf-state-eu-central-1 | |
| S3_BUCKET_REGION: eu-central-1 | |
| AWS_REGION: eu-west-2 | |
| jobs: | |
| cleanup-clusters: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| ref: ${{ github.head_ref }} | |
| fetch-depth: 0 | |
| - name: Install asdf tools with cache | |
| uses: camunda/infraex-common-config/./.github/actions/asdf-install-tooling@e9a9f33ab193348a82a79bd9250fdf12f708390a # 1.2.19 | |
| - name: Use repo .tool-version as global version | |
| run: cp .tool-versions ~/.tool-versions | |
| - name: Import Secrets | |
| id: secrets | |
| uses: hashicorp/vault-action@a1b77a09293a4366e48a5067a86692ac6e94fdc0 # v3 | |
| with: | |
| url: ${{ secrets.VAULT_ADDR }} | |
| method: approle | |
| roleId: ${{ secrets.VAULT_ROLE_ID }} | |
| secretId: ${{ secrets.VAULT_SECRET_ID }} | |
| exportEnv: false | |
| secrets: | | |
| secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY; | |
| secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY; | |
| secret/data/products/infrastructure-experience/ci/common RH_OPENSHIFT_TOKEN; | |
| # Official action does not support profiles | |
| - name: Add profile credentials to ~/.aws/credentials | |
| run: | | |
| aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }} | |
| aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }} | |
| aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }} | |
| - name: Delete clusters | |
| id: delete_clusters | |
| timeout-minutes: 125 | |
| uses: ./.github/actions/aws-openshift-rosa-hcp-single-region-cleanup | |
| env: | |
| RHCS_TOKEN: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} | |
| with: | |
| tf-bucket: ${{ env.S3_BACKEND_BUCKET }} | |
| tf-bucket-region: ${{ env.S3_BUCKET_REGION }} | |
| max-age-hours-cluster: ${{ env.MAX_AGE_HOURS_CLUSTER }} | |
| # There are cases where the deletion of resources fails due to dependencies. | |
| - name: Retry delete clusters | |
| id: retry_delete_clusters | |
| if: failure() && steps.delete_clusters.outcome == 'failure' | |
| timeout-minutes: 125 | |
| uses: ./.github/actions/aws-openshift-rosa-hcp-single-region-cleanup | |
| env: | |
| RHCS_TOKEN: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} | |
| with: | |
| tf-bucket: ${{ env.S3_BACKEND_BUCKET }} | |
| tf-bucket-region: ${{ env.S3_BUCKET_REGION }} | |
| max-age-hours-cluster: 0 # the previous step alters the age and resets it to 0 | |
| - name: Notify in Slack in case of failure | |
| id: slack-notification | |
| if: failure() && github.event_name == 'schedule' && steps.retry_delete_clusters.outcome == 'failure' | |
| uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@e9a9f33ab193348a82a79bd9250fdf12f708390a # 1.2.19 | |
| with: | |
| vault_addr: ${{ secrets.VAULT_ADDR }} | |
| vault_role_id: ${{ secrets.VAULT_ROLE_ID }} | |
| vault_secret_id: ${{ secrets.VAULT_SECRET_ID }} |