Clean up lingering clusters after test runs

danielfrankcom · danielfrankcom · commit f71a91e14ad8 · 2025-05-16T12:25:55.000-07:00
diff --git a/.github/scripts/clean-clusters.sh b/.github/scripts/clean-clusters.sh
@@ -0,0 +1,82 @@
+#!/bin/bash
+
+if [ -z "${IS_CI}" ]; then
+  echo "Error: This script is intended to run only in CI environments."
+  echo "Running it in your account may have destructive effects."
+  echo "Set the IS_CI environment variable to run this script."
+  exit 1
+fi
+
+REGIONS=("us-east-1" "us-east-2")
+
+# Region and cluster ID can be extracted from ARN
+# ARN format: arn:aws:dsql:REGION:ACCOUNT:cluster/CLUSTER_ID
+declare -a ARNS=()
+declare -a FILTERED_ARNS=()
+
+# Get clusters from each region and extract ARNs
+for region in "${REGIONS[@]}"; do
+  echo "Listing clusters in $region..."
+
+  region_arns=$(aws dsql list-clusters --region "$region" | jq -r '.clusters[].arn')
+
+  # Add ARNs to the array if any were found
+  if [ -n "$region_arns" ]; then
+    while IFS= read -r arn; do
+      ARNS+=("$arn")
+    done <<< "$region_arns"
+  fi
+done
+
+echo -e "\nFound ${#ARNS[@]} cluster(s) across all regions:"
+printf '%s\n' "${ARNS[@]}"
+
+echo -e "\nFiltering clusters..."
+for arn in "${ARNS[@]}"; do
+  region=$(echo "$arn" | cut -d':' -f4)
+  cluster_id=$(echo "$arn" | cut -d'/' -f2)
+
+  echo "Checking cluster $cluster_id in region $region..."
+
+  cluster_details=$(aws dsql get-cluster --region "$region" --identifier "$cluster_id")
+
+  status=$(echo "$cluster_details" | jq -r '.status')
+  repo_tag=$(echo "$cluster_details" | jq -r '.tags.Repo // empty')
+
+  # We only want clusters that are not already deleting, and have the specific repo tag
+  if [[ "$status" != "DELETED" && "$status" != "DELETING" && "$repo_tag" == "aws-samples/aurora-dsql-samples" ]]; then
+    echo "Cluster $cluster_id qualifies for update (Status: $status, Repo tag: $repo_tag)"
+    FILTERED_ARNS+=("$arn")
+  else
+    echo "Skipping cluster $cluster_id (Status: $status, Repo tag: $repo_tag)"
+  fi
+done
+
+echo -e "\nFound ${#FILTERED_ARNS[@]} cluster(s) that will be updated and deleted:"
+printf '%s\n' "${FILTERED_ARNS[@]}"
+
+# Early exit if no clusters to update
+if [ ${#FILTERED_ARNS[@]} -eq 0 ]; then
+  echo -e "\nNo clusters to update or delete. Exiting."
+  exit 0
+fi
+
+echo -e "\nUpdating filtered clusters to disable deletion protection..."
+for arn in "${FILTERED_ARNS[@]}"; do
+  region=$(echo "$arn" | cut -d':' -f4)
+  cluster_id=$(echo "$arn" | cut -d'/' -f2)
+
+  echo "Updating cluster $cluster_id in region $region..."
+  aws dsql update-cluster --region "$region" --identifier "$cluster_id" --no-deletion-protection-enabled
+  echo "Cluster $cluster_id updated successfully."
+done
+
+echo -e "\nDeleting filtered clusters..."
+for arn in "${FILTERED_ARNS[@]}"; do
+  region=$(echo "$arn" | cut -d':' -f4)
+  cluster_id=$(echo "$arn" | cut -d'/' -f2)
+
+  echo "Deleting cluster $cluster_id in region $region..."
+  aws dsql delete-cluster --region "$region" --identifier "$cluster_id"
+  echo "Deletion initiated for cluster $cluster_id."
+done
diff --git a/.github/workflows/clean-clusters.yml b/.github/workflows/clean-clusters.yml
@@ -0,0 +1,38 @@
+name: Clean up Aurora DSQL Clusters
+
+on:
+  workflow_call:
+    inputs:
+      aws_region:
+        required: false
+        type: string
+        default: 'us-east-1'
+        description: 'Default AWS region for credentials, does not limit access to other regions'
+    secrets:
+      AWS_IAM_ROLE:
+        required: true
+        description: 'AWS IAM role to assume for cluster cleanup'
+
+jobs:
+  cleanup:
+    name: Clean up Aurora DSQL Clusters
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
+          aws-region: ${{ inputs.aws_region }}
+
+      - name: Run cluster cleanup script
+        env:
+          IS_CI: "true"
+        run: .github/scripts/clean-clusters.sh
diff --git a/.github/workflows/dotnet-cm-integ-tests.yml b/.github/workflows/dotnet-cm-integ-tests.yml
@@ -1,4 +1,4 @@
-name: Dotnet cluster management integration tests 
+name: Dotnet cluster management integration tests
 
 on:
   push:
@@ -52,3 +52,14 @@ jobs:
       run: |
         dotnet restore
         dotnet test
+
+  cleanup:
+    needs: test
+    uses: ./.github/workflows/clean-clusters.yml
+    with:
+      aws_region: 'us-east-1'
+    secrets:
+      AWS_IAM_ROLE: ${{ secrets.DOTNET_IAM_ROLE }}
+    permissions:
+      id-token: write
+      contents: read
diff --git a/.github/workflows/rust-cm-integ-tests.yml b/.github/workflows/rust-cm-integ-tests.yml
@@ -65,3 +65,14 @@ jobs:
         working-directory: ./rust/cluster_management
         run: |
           cargo test -- --nocapture
+
+  cleanup:
+    needs: test
+    uses: ./.github/workflows/clean-clusters.yml
+    with:
+      aws_region: 'us-east-1'
+    secrets:
+      AWS_IAM_ROLE: ${{ secrets.RUST_IAM_ROLE }}
+    permissions:
+      id-token: write
+      contents: read
