Skip to content

2 [on_schedule] Delete pullrequest deployments #1022

2 [on_schedule] Delete pullrequest deployments

2 [on_schedule] Delete pullrequest deployments #1022

name: "2 [on_schedule] Delete pullrequest deployments"
on:
schedule:
- cron: "0 */1 * * *"
permissions: write-all
jobs:
delete-pullrequest-deployment:
name: "Delete PR deployment"
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
steps:
- uses: actions/[email protected]
- name: "Authentification to Google"
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
# Get github api token
- name: "Get secrets (github)"
id: 'secrets'
uses: 'google-github-actions/get-secretmanager-secrets@v2'
with:
secrets: |-
API_TOKEN_GITHUB:passculture-metier-ehp/passculture-main-sa-access-token
DEPLOYMENT_SA:passculture-metier-ehp/pcapi-testing_deploy-service-account
DEPLOYMENT_WORKLOAD_IDENTITY_PROVIDER:passculture-metier-ehp/gcp_metier_ehp_workload_identity_provider
# Checkout rendered-manifests repository
- uses: actions/[email protected]
with:
repository: pass-culture/rendered-manifests
token: ${{ steps.secrets.outputs.API_TOKEN_GITHUB }}
path: ./rendered-manifests
ref: 'pcapi/pullrequests'
- name: "Authentification to Google"
uses: 'google-github-actions/auth@v2'
with:
service_account : ${{ steps.secrets.outputs.DEPLOYMENT_SA }}
workload_identity_provider: ${{ steps.secrets.outputs.DEPLOYMENT_WORKLOAD_IDENTITY_PROVIDER }}
- name: "Connect to cluster"
uses: pass-culture/common-workflows/actions/pc-k8s-connect@pc-k8s-connect/v0.1.0
with:
cluster_scope: metier
cluster_environment: ehp
api_token_github: ${{ steps.secrets.outputs.API_TOKEN_GITHUB }}
- name: "Delete PR deployments"
run: |
set +e
git config --global user.email "[email protected]"
git config --global user.name "PassCulture-SA"
cd ./rendered-manifests
# Look for deployments older than 4 hours by looking at pcapi-pr namespaces created prior that delay
pullrequests_ids=$(kubectl get ns -o go-template --template '{{range .items}}{{.metadata.name}} {{.metadata.creationTimestamp}}{{"\n"}}{{end}}' | awk '{if ($1 ~ "pcapi-pr") print $0}' | awk '$2 <= "'$(date -d'now-12 hours' -Ins --utc | sed 's/+0000/Z/')'" { print $1 }' | cut -d "-" -f3)
files_modified=false
for id in $pullrequests_ids; do
[[ -d "pcapi-pr-$id" ]] && { git rm -r pcapi-pr-$id; files_modified=true; } || echo "path pcapi-pr-$id does not exist"
[[ -d "postgresql-pr-$id" ]] && { git rm -r postgresql-pr-$id; files_modified=true; } || echo "path postgresql-pr-$id does not exist"
[[ -d "redis-pr-$id" ]] && { git rm -r redis-pr-$id; files_modified=true; } || echo "path redis-pr-$id does not exist"
done
if [ "$files_modified" = true ]; then
git add .
git commit -m "Scheduled delete of pullrequests deployments"
git push
fi
for id in $pullrequests_ids; do
while true; do
kubectl get application -n argocd | grep $id
[[ $? -eq 0 ]] && sleep 5 || break
done
# Check for PR namespace and delete it
kubectl get ns pcapi-pr-$id
[[ $? -eq 0 ]] && kubectl delete ns pcapi-pr-$id || echo "namespace pcapi-pr-$id does not exist"
done