cleanup.yml

# Destroys any cloud infrastructure that was deployed for the purpose of E2E testing.
name: Cloud infrastructure Cleanup

on:
  workflow_dispatch:
  repository_dispatch:
    types: [cleanup-infrastructure]
  schedule:
    - cron: "0 2 * * *" # Every day at 2AM.

jobs:
  aws-nuke:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
    container:
      image: rebuy/aws-nuke
      options: --user root -v ${{ github.workspace }}:/workspace
    steps:
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: arn:aws:iam::726952677045:role/GitHubActionsWebinyJs
          aws-region: eu-central-1

      # We need this step because of the `aws-nuke.yml` config which is stored in our repo.
      - uses: actions/checkout@v4

      - name: Run AWS Nuke
        run: >
          aws-nuke
          --config ./.github/workflows/cleanup/aws-nuke.yml
          --no-dry-run
          --force
          --force-sleep 3
          --max-wait-retries 100
          --access-key-id ${{ env.AWS_ACCESS_KEY_ID }}
          --secret-access-key ${{ env.AWS_SECRET_ACCESS_KEY }}
          --session-token ${{ env.AWS_SESSION_TOKEN }}

  aws-cloudfront-functions-cleanup:
    runs-on: ubuntu-latest
    needs: [aws-nuke]
    env:
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    steps:
      - uses: actions/setup-node@v4
        with:
          node-version: 18

      - uses: actions/checkout@v4

      - name: Install dependencies
        run: yarn --immutable

      - name: Run Cloudfront Functions Cleanup
        run: node ./.github/workflows/cleanup/cleanupCloudfrontFunctions.js