2 [on_schedule] Delete pullrequest deployments

2 [on_schedule] Delete pullrequest deployments #4925

Workflow file for this run

.github/workflows/dev_on_schedule_delete_pullrequest_deployments.yml at 91b33ad

	name: "2 [on_schedule] Delete pullrequest deployments"

	on:
	workflow_dispatch:
	schedule:
	# This cron is defined in UTC timezone. It means that it will run :
	# - during summer hours between 7:26am - 7:26pm
	# - during winter hours between 6:26am - 6:26pm
	# we cannot yet specify timezone :
	# https://github.com/orgs/community/discussions/13454
	# Why 26? Choosing an exact hour or half-hour is discouraged by GitHub due to high load.
	# Cron jobs might be delayed or even completely skipped.
	- cron: "26 5-17 * * *"

	permissions: write-all

	jobs:
	delete-pullrequest-deployment:
	name: "Delete PR deployment"
	runs-on: ubuntu-22.04
	permissions:
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@v6
	- name: "Authentification to Google"
	uses: "google-github-actions/auth@v3"
	with:
	workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	# Get github api token
	- name: "Get secrets (github)"
	id: "secrets"
	uses: "google-github-actions/get-secretmanager-secrets@v3"
	with:
	secrets: \|-
	DEPLOYMENT_SA:passculture-metier-ehp/pcapi-testing_deploy-service-account
	DEPLOYMENT_WORKLOAD_IDENTITY_PROVIDER:passculture-metier-ehp/gcp_metier_ehp_workload_identity_provider

	- name: Authenticate through github app ghactionci
	uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
	id: github-token
	with:
	app-id: ${{ secrets.PASSCULTURE_GITHUB_ACTION_APP_ID }}
	private-key: ${{ secrets.PASSCULTURE_GITHUB_ACTION_APP_PRIVATE_KEY }}
	owner: ${{ github.repository_owner }}
	# Liste des repositories à cloner
	repositories: \|
	pass-culture-deployment
	pass-culture-main
	rendered-manifests
	pc-connect
	pc-firestore-cli
	permission-contents: write

	# Checkout rendered-manifests repository
	- uses: actions/checkout@v6
	with:
	repository: pass-culture/rendered-manifests
	token: ${{ steps.github-token.outputs.token }}
	path: ./rendered-manifests
	ref: "pcapi/pullrequests"

	- name: "Authentification to Google"
	uses: "google-github-actions/auth@v3"
	with:
	service_account: ${{ steps.secrets.outputs.DEPLOYMENT_SA }}
	workload_identity_provider: ${{ steps.secrets.outputs.DEPLOYMENT_WORKLOAD_IDENTITY_PROVIDER }}

	# Set up Cloud SDK
	- name: "Set up Cloud SDK"
	uses: "google-github-actions/setup-gcloud@v3"
	with:
	version: ">= 363.0.0"

	- name: "Connect to cluster"
	uses: pass-culture/common-workflows/actions/pc-k8s-connect@pc-k8s-connect/v0.2.0
	with:
	cluster_scope: metier
	cluster_environment: ehp
	api_token_github: ${{ steps.github-token.outputs.token }}

	- name: "Delete PR deployments"
	run: \|
	set -xe
	git config --global user.email "[email protected]"
	git config --global user.name "PassCulture-SA"
	cd ./rendered-manifests
	# Look for deployments older than 24 hours by looking at pcapi-pr namespaces created prior that delay
	pullrequests_ids=$(kubectl get ns -o go-template --template '{{range .items}}{{.metadata.name}} {{.metadata.creationTimestamp}}{{"\n"}}{{end}}' \| awk '{if ($1 ~ "pcapi-pr") print $0}' \| awk '$2 <= "'$(date -d'now-24 hours' -Ins --utc \| sed 's/+0000/Z/')'" { print $1 }' \| cut -d "-" -f3)

	files_modified=false
	for id in $pullrequests_ids; do
	[[ -d "testing-pr-$id" ]] && { git rm -r testing-pr-$id; files_modified=true; } \|\| echo "path testing-pr-$id does not exist"
	[[ -d "postgresql-pr-$id" ]] && { git rm -r postgresql-pr-$id; files_modified=true; } \|\| echo "path postgresql-pr-$id does not exist"
	[[ -d "redis-pr-$id" ]] && { git rm -r redis-pr-$id; files_modified=true; } \|\| echo "path redis-pr-$id does not exist"
	done
	if [ "$files_modified" = true ]; then
	git add .
	git commit -m "Scheduled delete of pullrequests deployments"
	git push
	fi

	#Set active project for DNS entry deletion
	gcloud config set project passculture-metier-ehp

	for id in $pullrequests_ids; do
	while true; do
	kubectl get application -n argocd \| grep $id && sleep 5 \|\| echo "application with id $id is deleted, continuing"; break
	done
	# Check for PR namespace and delete it
	kubectl get ns pcapi-pr-$id
	[[ $? -eq 0 ]] && kubectl delete ns pcapi-pr-$id \|\| echo "namespace pcapi-pr-$id does not exist"
	# Delete DNS entry
	gcloud dns record-sets delete backend-$id.testing.passculture.team. --type=A --zone=testing-passculture-team \|\| echo "record A backend-$id.testing.passculture.team does not exist"
	gcloud dns record-sets delete backoffice-$id.testing.passculture.team. --type=A --zone=testing-passculture-team \|\| echo "record A backoffice-$id.testing.passculture.team does not exist"
	gcloud dns record-sets delete a-backend-$id.testing.passculture.team. --type=TXT --zone=testing-passculture-team \|\| echo "record TXT backend-$id.testing.passculture.team does not exist"
	gcloud dns record-sets delete a-backoffice-$id.testing.passculture.team. --type=TXT --zone=testing-passculture-team \|\| echo "record TXT backoffice-$id.testing.passculture.team does not exist"
	done

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

2 [on_schedule] Delete pullrequest deployments #4925

Workflow file

2 [on_schedule] Delete pullrequest deployments #4925

Uh oh!

Jobs

Run details

Workflow file for this run