forked from Azure/ResourceModules
-
Notifications
You must be signed in to change notification settings - Fork 0
131 lines (114 loc) · 4.45 KB
/
platform.deployment.history.cleanup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: '.Platform: Clean up deployment history'
on:
workflow_dispatch:
inputs:
handleSubscriptionScope:
type: boolean
description: 'Include Subscription deployments'
required: false
default: true # Note: This requires your service principal to have permissions on the subscription scope.
handleManagementGroupScope:
type: boolean
description: 'Include Management Group deployments'
required: false
default: true # Note: This requires your service principal to have permissions on the management group scope.
maxDeploymentRetentionInDays:
type: string
description: 'The number of days to keep deployments with status [failed]' # 'Running' are always excluded
required: false
default: '14'
schedule:
- cron: '0 0 * * *'
env:
variablesPath: 'settings.yml'
workflowPath: '.github/workflows/platform.deployment.history.cleanup.yml'
jobs:
###########################
# Initialize pipeline #
###########################
job_initialize_pipeline:
runs-on: ubuntu-latest
name: 'Initialize pipeline'
steps:
- name: 'Checkout'
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: 'Set input parameters to output variables'
id: get-workflow-param
uses: ./.github/actions/templates/getWorkflowInput
with:
workflowPath: '${{ env.workflowPath}}'
outputs:
workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }}
###############
# Removal #
###############
job_cleanup_subscription_deployments:
runs-on: ubuntu-latest
name: 'Remove Subscription deployments'
needs:
- job_initialize_pipeline
if: ${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).handleSubscriptionScope == 'true' }}
steps:
- name: 'Checkout'
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set environment
uses: ./.github/actions/templates/setEnvironment
with:
variablesPath: ${{ env.variablesPath }}
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
enable-AzPSSession: true
- name: Remove deployments
uses: azure/powershell@v1
with:
inlineScript: |
# Load used functions
. (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'deploymentRemoval' 'Clear-SubscriptionDeploymentHistory.ps1')
$functionInput = @{
SubscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}'
maxDeploymentRetentionInDays = '${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).maxDeploymentRetentionInDays }}'
}
Write-Verbose "Invoke task with" -Verbose
Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose
Clear-SubscriptionDeploymentHistory @functionInput
azPSVersion: 'latest'
job_cleanup_managementGroup_deployments:
runs-on: ubuntu-latest
name: 'Remove Management Group deployments'
needs:
- job_initialize_pipeline
if: ${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).handleManagementGroupScope == 'true' }}
steps:
- name: 'Checkout'
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set environment
uses: ./.github/actions/templates/setEnvironment
with:
variablesPath: ${{ env.variablesPath }}
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
enable-AzPSSession: true
- name: Remove deployments
uses: azure/powershell@v1
with:
inlineScript: |
# Load used functions
. (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'deploymentRemoval' 'Clear-ManagementGroupDeploymentHistory.ps1')
$functionInput = @{
ManagementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}'
maxDeploymentRetentionInDays = '${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).maxDeploymentRetentionInDays }}'
}
Write-Verbose "Invoke task with" -Verbose
Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose
Clear-ManagementGroupDeploymentHistory @functionInput
azPSVersion: 'latest'