Merge branch 'main' into task/rollout-aurora-db-part-two/CDD-1750

.github/actions/configure-aws-credentials/action.yml

@@ -9,6 +9,9 @@ inputs:
   aws-region:
     description: "The AWS region to configure credentials in."
     required: true
+  role-duration-seconds:
+    description: "The assumed role duration in seconds. Defaults to 1 hour."
+    default: "3600"
 
   # Note that the roles are optional by default.
   # When using this composite action, you must pass in the role you need
@@ -38,6 +41,7 @@ runs:
       with:
         role-to-assume: ${{ inputs.tools-account-role }}
         aws-region: ${{ inputs.aws-region }}
+        role-duration-seconds: ${{ inputs.role-duration-seconds }}
 
     - name: Configure AWS credentials for prod account
       uses: aws-actions/configure-aws-credentials@v4
@@ -46,6 +50,7 @@ runs:
         role-to-assume: ${{ inputs.prod-account-role }}
         aws-region: ${{ inputs.aws-region }}
         role-chaining: true
+        role-duration-seconds: ${{ inputs.role-duration-seconds }}
 
     - name: Configure AWS credentials for dev account
       uses: aws-actions/configure-aws-credentials@v4
@@ -54,6 +59,7 @@ runs:
         role-to-assume: ${{ inputs.dev-account-role }}
         aws-region: ${{ inputs.aws-region }}
         role-chaining: true
+        role-duration-seconds: ${{ inputs.role-duration-seconds }}
 
     - name: Configure AWS credentials for test account
       uses: aws-actions/configure-aws-credentials@v4
@@ -62,6 +68,7 @@ runs:
         role-to-assume: ${{ inputs.test-account-role }}
         aws-region: ${{ inputs.aws-region }}
         role-chaining: true
+        role-duration-seconds: ${{ inputs.role-duration-seconds }}
 
     - name: Configure AWS credentials for uat account
       uses: aws-actions/configure-aws-credentials@v4
@@ -70,3 +77,4 @@ runs:
         role-to-assume: ${{ inputs.uat-account-role }}
         aws-region: ${{ inputs.aws-region }}
         role-chaining: true
+        role-duration-seconds: ${{ inputs.role-duration-seconds }}

.github/workflows/cleanup-ci-test-environments.yml

@@ -26,6 +26,8 @@ jobs:
         with:
           aws-region: ${{ env.AWS_REGION }}
           tools-account-role: ${{ secrets.UHD_TERRAFORM_ROLE }}
+          # Timeout after 6 hours
+          role-duration-seconds: "21600"
 
       - name: Terraform cleanup
         run: |

scripts/_terraform.sh

@@ -28,7 +28,8 @@ function _terraform_help() {
     echo
     echo "  cleanup                                         - destroys all CI test environments"
     echo "  force-unlock <layer> <lock id>                  - releases the lock on a workspace"
-    echo 
+    echo "  workspace-list                                  - lists all terraform workspaces"
+    echo
     return 1
 }
 
@@ -51,6 +52,7 @@ function _terraform() {
         "output-file:layer") _terraform_output_layer_file $args ;;
         "destroy:layer") _terraform_destroy_layer $args ;;
         "force-unlock") _terraform_force_unlock $args ;;
+        "workspace-list") _terraform_workspace_list $args ;;
 
         "cleanup") _terraform_cleanup $args ;;
 
@@ -403,8 +405,17 @@ function _terraform_force_unlock() {
     terraform force-unlock --force $lock_id
 }
 
-_terraform_cleanup() {
-
+function _terraform_workspace_list() {
+  local envs=($(terraform -chdir=terraform/20-app workspace list))
+
+  for env in ${envs[@]}; do
+    if [[ ! $env == "*" ]] && [[ ! " ${files[@]} " =~ " ${env} " ]]; then
+      echo "-> ${env}"
+    fi
+  done
+}
+
+function _terraform_cleanup() {
     local envs=($(terraform -chdir=terraform/20-app workspace list))
     local files=($(echo \*))