.Platform - Clean up deployment history #65
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ".Platform - Clean up deployment history" | |
on: | |
workflow_dispatch: | |
inputs: | |
handleSubscriptionScope: | |
type: boolean | |
description: "Include Subscription deployments" | |
required: false | |
default: true # Note: This requires your service principal to have permissions on the subscription scope. | |
handleManagementGroupScope: | |
type: boolean | |
description: "Include Management Group deployments" | |
required: false | |
default: true # Note: This requires your service principal to have permissions on the management group scope. | |
maxDeploymentRetentionInDays: | |
type: string | |
description: "The number of days to keep deployments with status [failed]" # 'Running' are always excluded | |
required: false | |
default: "14" | |
schedule: | |
- cron: "0 0 * * *" | |
env: | |
workflowPath: ".github/workflows/platform.deployment.history.cleanup.yml" | |
jobs: | |
########################### | |
# Initialize pipeline # | |
########################### | |
job_initialize_pipeline: | |
runs-on: ubuntu-latest | |
name: "Initialize pipeline" | |
steps: | |
- name: "Checkout" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: "Set input parameters to output variables" | |
id: get-workflow-param | |
uses: ./.github/actions/templates/avm-getWorkflowInput | |
with: | |
workflowPath: "${{ env.workflowPath}}" | |
outputs: | |
workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }} | |
############### | |
# Removal # | |
############### | |
job_cleanup_subscription_deployments: | |
runs-on: ubuntu-latest | |
name: "Remove Subscription deployments" | |
environment: avm-validation | |
permissions: | |
id-token: write # For OIDC | |
needs: | |
- job_initialize_pipeline | |
if: ${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).handleSubscriptionScope == 'true' }} | |
steps: | |
- name: "Checkout" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set environment | |
uses: ./.github/actions/templates/avm-setEnvironment | |
# [Azure login] task(s) | |
# ------------------------------ | |
# Supports both OIDC and service principal with secret | |
# 'creds' will be ignored if 'client-id', 'subscription-id' or 'tenant-id' is set | |
- name: Azure Login | |
uses: azure/login@v2 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
client-id: ${{ secrets.VALIDATE_CLIENT_ID }} | |
tenant-id: ${{ secrets.VALIDATE_TENANT_ID }} | |
subscription-id: ${{ secrets.VALIDATE_SUBSCRIPTION_ID }} | |
enable-AzPSSession: true | |
- name: Remove deployments | |
uses: azure/powershell@v2 | |
with: | |
inlineScript: | | |
# Load used functions | |
. (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'platform' 'deploymentRemoval' 'Clear-SubscriptionDeploymentHistory.ps1') | |
$functionInput = @{ | |
SubscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' | |
maxDeploymentRetentionInDays = '${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).maxDeploymentRetentionInDays }}' | |
} | |
Write-Verbose "Invoke task with" -Verbose | |
Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose | |
Clear-SubscriptionDeploymentHistory @functionInput | |
azPSVersion: "latest" | |
job_cleanup_managementGroup_deployments: | |
runs-on: ubuntu-latest | |
name: "Remove Management Group deployments" | |
environment: avm-validation | |
permissions: | |
id-token: write # For OIDC | |
needs: | |
- job_initialize_pipeline | |
if: ${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).handleManagementGroupScope == 'true' }} | |
steps: | |
- name: "Checkout" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set environment | |
uses: ./.github/actions/templates/avm-setEnvironment | |
# [Azure login] task(s) | |
# ------------------------------ | |
# Supports both OIDC and service principal with secret | |
# 'creds' will be ignored if 'client-id', 'subscription-id' or 'tenant-id' is set | |
- name: Azure Login | |
uses: azure/login@v2 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
client-id: ${{ secrets.VALIDATE_CLIENT_ID }} | |
tenant-id: ${{ secrets.VALIDATE_TENANT_ID }} | |
subscription-id: ${{ secrets.VALIDATE_SUBSCRIPTION_ID }} | |
enable-AzPSSession: true | |
- name: Remove deployments | |
uses: azure/powershell@v2 | |
with: | |
inlineScript: | | |
# Load used functions | |
. (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'platform' 'deploymentRemoval' 'Clear-ManagementGroupDeploymentHistory.ps1') | |
$mgmtGroupIdInput = '${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).customManagementGroupId }}' | |
foreach($mgmtGroupId in @('${{ secrets.ARM_MGMTGROUP_ID }}', 'bicep-lz-vending-automation-child')) { | |
Write-Verbose "Processing mgmtGroupId [$mgmtGroupId]" -Verbose | |
$functionInput = @{ | |
ManagementGroupId = $mgmtGroupId | |
maxDeploymentRetentionInDays = '${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).maxDeploymentRetentionInDays }}' | |
} | |
Write-Verbose "Invoke task with" -Verbose | |
Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose | |
Clear-ManagementGroupDeploymentHistory @functionInput | |
} | |
azPSVersion: "latest" |