update circleci config to run aws-nuke nightly #12
Conversation
circle.yml
Outdated
| - test | ||
| filters: | ||
| tags: | ||
| only: /^v.*/ |
There was a problem hiding this comment.
This will run aws-nuke every time we do a release. We probably only want to do it nightly, right?
There was a problem hiding this comment.
Thanks for catching this, left over from a copy paste
circle.yml
Outdated
| - checkout | ||
| - attach_workspace: | ||
| at: /go/src/github.com/gruntwork-io/aws-nuke | ||
| - run: go run main.go |
There was a problem hiding this comment.
Shouldn't this exclude us-west-2? And only delete resources older than, say, 2 days?
There was a problem hiding this comment.
I think 2 days is fair, although I'm interested to know how you arrived at that figure because I was gonna go with 24hrs. What's the frequency at which resources are typically created in the Phx DvOps account?
There was a problem hiding this comment.
2 days is just a guess. We may have to tweak it later. Resources that are left from tests would ideally be cleaned up nightly. However, we also use Phx DevOps for manual testing, and occasionally, we leave things running a bit longer.
circle.yml
Outdated
| @@ -42,6 +42,14 @@ jobs: | |||
| root: . | |||
| paths: bin | |||
|
|
|||
| run: | |||
There was a problem hiding this comment.
Call this something more descriptive, like nuke_phx_devops.
|
@brikis98 the |
circle.yml
Outdated
|
|
||
| - nuke_phx_devops: | ||
| requires: | ||
| - test |
There was a problem hiding this comment.
This will run aws-nuke after every commit... to delete resources more than 48h old. What's the purpose of that? I don't think we need this here; we should only have the nuke_phx_devops run once nightly.
Yes, the tool definitely need a non-interactive mode. A |
commands/cli.go
Outdated
| @@ -33,6 +33,10 @@ func CreateCli(version string) *cli.App { | |||
| Usage: "Only delete resources older than this specified value. Can be any valid Go duration, such as 10m or 8h.", | |||
| Value: "0s", | |||
| }, | |||
| cli.BoolFlag{ | |||
| Name: "force", | |||
| Usage: "Skip nuke confirmation prompt", | |||
There was a problem hiding this comment.
You should put a big "WARNING: this will automatically delete all resources without any confirmation" here :)
There was a problem hiding this comment.
One other safety measure to consider: When aws-nuke is run with --force, show the warning but sleep for, say, 5 - 10 seconds so that an interactive user has an opportunity to abort the run.
There was a problem hiding this comment.
A 10 second "oh shit" pause is a very good idea. #14
commands/cli.go
Outdated
| } | ||
| } | ||
| } else { | ||
| if err := aws.NukeAllResources(account, regions); err != nil { |
There was a problem hiding this comment.
Add a log statement here that says "The --force flag is set, so proceeding without confirmation."
|
Make sure to delete the branch and cut a new release when you're ready. Also, please give Finally, do one more experiment: run the tests and make sure that all the resources they create are cleaned up by the tests themselves. There are a lot of aws-nuke resources in the Phx DevOps account, so I suspect some test is failing to clean up after itself. The nightly run will eventually take care of that, but only after 2 days, so it would be better if the tests did the cleanup properly and aws-nuke only picked up the slack on case of (hopefully) rare bugs/crashes/etc. |
No description provided.