finops-toolkit/.github/workflows/ftk-pr-cleanup.yml at 1f746b70268fd1aadbe8ad83eb30c696c69492e4 · microsoft/finops-toolkit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.

name: 'PR Cleanup'

on:
  pull_request_target:
    types: [closed]

permissions:
  id-token: write
  contents: read
  pull-requests: write
  issues: write

jobs:
  cleanup:
    name: Clean up PR resources
    runs-on: ubuntu-latest
    environment: ftk-pr
    steps:
      - name: Install Az modules
        shell: pwsh
        run: |
          Set-PSRepository PSGallery -InstallationPolicy Trusted
          Install-Module -Name Az.Accounts -RequiredVersion 2.19.0 -Force
          Install-Module -Name Az.Resources -RequiredVersion 6.16.2 -Force

      - name: Azure login
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
          enable-AzPSSession: true

      - name: Delete resource groups
        id: delete
        shell: pwsh
        run: |
          $prNumber = "${{ github.event.pull_request.number }}"
          $pattern = "pr-$prNumber-*"
          $groups = Get-AzResourceGroup | Where-Object { $_.ResourceGroupName -like $pattern }

          if (-not $groups)
          {
              Write-Host "No resource groups found matching '$pattern'."
              "deleted=0" >> $env:GITHUB_OUTPUT
              "failed=" >> $env:GITHUB_OUTPUT
              return
          }

          $deleted = 0
          $failed = @()
          foreach ($rg in $groups)
          {
              try
              {
                  Write-Host "Deleting $($rg.ResourceGroupName)..."
                  Remove-AzResourceGroup -Name $rg.ResourceGroupName -Force -ErrorAction Stop
                  $deleted++
              }
              catch
              {
                  Write-Warning "Failed to delete $($rg.ResourceGroupName): $_"
                  $failed += $rg.ResourceGroupName
              }
          }

          "deleted=$deleted" >> $env:GITHUB_OUTPUT
          "failed=$($failed -join ',')" >> $env:GITHUB_OUTPUT

      - name: Post cleanup comment
        if: steps.delete.outputs.deleted != '0'
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          gh pr comment "${{ github.event.pull_request.number }}" \
            --repo "${{ github.repository }}" \
            --body "Test environments cleaned up."

      - name: Create issue for failed cleanups
        if: steps.delete.outputs.failed != ''
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          failed="${{ steps.delete.outputs.failed }}"
          pr=${{ github.event.pull_request.number }}
          author=${{ github.event.pull_request.user.login }}
          issue_url=$(gh issue create \
            --repo "${{ github.repository }}" \
            --title "Cleanup failed for PR #$pr" \
            --body "The following resource groups could not be deleted: $failed. Please delete them manually. See #$pr.")
          # Try to assign the PR author; ignore failure for external contributors
          issue_number=$(echo "$issue_url" | grep -oE '[0-9]+$')
          gh issue edit "$issue_number" --repo "${{ github.repository }}" --add-assignee "$author" || true