forked from Azure/bicep-registry-modules
-
Notifications
You must be signed in to change notification settings - Fork 0
126 lines (109 loc) · 4.33 KB
/
platform.deployment.history.cleanup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
name: ".Platform - Clean up deployment history"
on:
workflow_dispatch:
inputs:
handleSubscriptionScope:
type: boolean
description: "Include Subscription deployments"
required: false
default: true # Note: This requires your service principal to have permissions on the subscription scope.
handleManagementGroupScope:
type: boolean
description: "Include Management Group deployments"
required: false
default: true # Note: This requires your service principal to have permissions on the management group scope.
maxDeploymentRetentionInDays:
type: string
description: "The number of days to keep deployments with status [failed]" # 'Running' are always excluded
required: false
default: "14"
schedule:
- cron: "0 0 * * *"
env:
workflowPath: ".github/workflows/platform.deployment.history.cleanup.yml"
jobs:
###########################
# Initialize pipeline #
###########################
job_initialize_pipeline:
runs-on: ubuntu-latest
name: "Initialize pipeline"
steps:
- name: "Checkout"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Set input parameters to output variables"
id: get-workflow-param
uses: ./.github/actions/templates/avm-getWorkflowInput
with:
workflowPath: "${{ env.workflowPath}}"
outputs:
workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }}
###############
# Removal #
###############
job_cleanup_subscription_deployments:
runs-on: ubuntu-20.04
name: "Remove Subscription deployments"
needs:
- job_initialize_pipeline
if: ${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).handleSubscriptionScope == 'true' }}
steps:
- name: "Checkout"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set environment
uses: ./.github/actions/templates/avm-setEnvironment
- name: Azure Login
uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
enable-AzPSSession: true
- name: Remove deployments
uses: azure/powershell@v2
with:
inlineScript: |
# Load used functions
. (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'platform' 'deploymentRemoval' 'Clear-SubscriptionDeploymentHistory.ps1')
$functionInput = @{
SubscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}'
maxDeploymentRetentionInDays = '${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).maxDeploymentRetentionInDays }}'
}
Write-Verbose "Invoke task with" -Verbose
Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose
Clear-SubscriptionDeploymentHistory @functionInput
azPSVersion: "latest"
job_cleanup_managementGroup_deployments:
runs-on: ubuntu-20.04
name: "Remove Management Group deployments"
needs:
- job_initialize_pipeline
if: ${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).handleManagementGroupScope == 'true' }}
steps:
- name: "Checkout"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set environment
uses: ./.github/actions/templates/avm-setEnvironment
- name: Azure Login
uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
enable-AzPSSession: true
- name: Remove deployments
uses: azure/powershell@v2
with:
inlineScript: |
# Load used functions
. (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'platform' 'deploymentRemoval' 'Clear-ManagementGroupDeploymentHistory.ps1')
$functionInput = @{
ManagementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}'
maxDeploymentRetentionInDays = '${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).maxDeploymentRetentionInDays }}'
}
Write-Verbose "Invoke task with" -Verbose
Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose
Clear-ManagementGroupDeploymentHistory @functionInput
azPSVersion: "latest"