chore: Add delete experiment GHA (#1288)

Author: ptang-nr

.github/actions/s3-delete/action.yml

@@ -0,0 +1,52 @@
+# This composite action is used to delete files from a S3 bucket.
+
+name: 'S3 File Deletion'
+
+inputs:
+  aws_access_key_id:
+    description: 'AWS access key id used for authentication.'
+    required: true
+  aws_secret_access_key:
+    description: 'AWS secret access key used for authentication.'
+    required: true
+  aws_region:
+    description: "AWS region where S3 bucket is located."
+    required: false
+    default: us-east-1
+  aws_role:
+    description: "AWS role ARN that needs to be used for authentication."
+    required: true
+  aws_bucket_name:
+    description: "S3 bucket name where files need to be deleted."
+    required: true
+  dry_run:
+    description: "Indicates if we should just list files to deleted without actually deleting them."
+    required: false
+  bucket_dir:
+    description: 'A sub directory where the files are located within the S3 bucket.'
+    required: false
+
+outputs:
+  results:
+    description: "Array of objects containing information about each file uploaded"
+    value: ${{ steps.action-script.outputs.results }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install dependencies
+      run: npm install --silent --no-progress --prefix $GITHUB_ACTION_PATH/..
+      shell: bash
+    - name: Run action script
+      id: action-script
+      env:
+        AWS_ACCESS_KEY_ID: ${{ inputs.aws_access_key_id }}
+        AWS_SECRET_ACCESS_KEY: ${{ inputs.aws_secret_access_key }}
+      run: |
+        node $GITHUB_ACTION_PATH/index.js \
+          --region ${{ inputs.aws_region }} \
+          --bucket ${{ inputs.aws_bucket_name }} \
+          --role ${{ inputs.aws_role }} \
+          ${{ inputs.dry_run && '--dry' || '' }} \
+          ${{ inputs.bucket_dir && format('--dir {0}', inputs.bucket_dir) || '' }}
+      shell: bash

.github/actions/s3-delete/args.js

@@ -0,0 +1,27 @@
+import process from 'process'
+import yargs from 'yargs'
+import { hideBin } from 'yargs/helpers'
+
+export const args = yargs(hideBin(process.argv))
+  .usage('$0 [options]')
+
+  .string('role')
+  .describe('role', 'S3 role ARN')
+
+  .string('bucket')
+  .describe('bucket', 'S3 bucket name')
+
+  .string('region')
+  .describe('region', 'AWS region location of S3 bucket. Defaults to us-east-1.')
+  .default('region', 'us-east-1')
+
+  .boolean('dry')
+  .default('dry', false)
+  .describe('dry', 'Runs the action script without actually uploading files.')
+  .alias('dry', 'dry-run')
+
+  .string('dir')
+  .describe('dir', 'Bucket sub-directory name. Leave empty to refer to the root of the bucket.')
+
+  .demandOption(['bucket', 'role'])
+  .argv

.github/actions/s3-delete/index.js

@@ -0,0 +1,99 @@
+import * as core from '@actions/core'
+import { AssumeRoleCommand, STSClient } from '@aws-sdk/client-sts'
+import { S3Client, S3ServiceException, paginateListObjectsV2, DeleteObjectsCommand, waitUntilObjectNotExists } from '@aws-sdk/client-s3'
+import { args } from './args.js'
+
+const stsClient = new STSClient({ region: args.region })
+const s3Credentials = await stsClient.send(new AssumeRoleCommand({
+  RoleArn: args.role,
+  RoleSessionName: 'deleteExperimentFromS3Session',
+  DurationSeconds: 900
+}))
+
+const s3Client = new S3Client({
+  region: args.region,
+  credentials: {
+    accessKeyId: s3Credentials.Credentials.AccessKeyId,
+    secretAccessKey: s3Credentials.Credentials.SecretAccessKey,
+    sessionToken: s3Credentials.Credentials.SessionToken
+  }
+})
+
+async function collectKeysToDelete(bucketName, bucketDir) {
+  const keys = []
+  core.info("Bucket name: " + bucketName)
+  core.info(`Looking up files with prefix '${bucketDir}'`)
+
+  try {
+    const params = {
+      Bucket: bucketName,
+      Prefix:bucketDir
+    }
+    const paginator = paginateListObjectsV2({ client: s3Client }, params)
+    for await (const page of paginator) {
+      page.Contents?.forEach(obj => {
+        keys.push(obj.Key)
+      })
+    }
+    core.info(`Found ${keys.length} matching files`)
+    core.info(keys.map(k => ` • ${k}`).join('\n'))
+    return keys
+  } catch (err) {
+    if (err instanceof S3ServiceException) {
+      core.setFailed(
+        `Error from S3 while listing objects for "${bucketName}".  ${err.name}: ${err.message}`,
+      )
+    } else {
+      core.setFailed(`Error while listing objects for "${bucketName}". ${err.name}: ${err.message}`)
+    }
+    process.exit(1)
+  }
+}
+
+async function deleteFiles(bucketName, keys) {
+  try {
+    core.info('Deleting...')
+
+    const { Deleted } = await s3Client.send(
+      new DeleteObjectsCommand({
+        Bucket: bucketName,
+        Delete: {
+          Objects: keys.map((k) => ({ Key: k })),
+        },
+     }),
+    )
+
+    for (const key in keys) {
+      await waitUntilObjectNotExists(
+        { client: s3Client },
+        { Bucket: bucketName, Key: key },
+      )
+    }
+    core.info(
+      `Successfully deleted ${Deleted?.length || 0} objects.`,
+    )
+    core.info(Deleted?.map((d) => ` • ${d.Key}`).join("\n"))
+  } catch (err) {
+    if (err instanceof S3ServiceException) {
+      core.setFailed(
+        `Error from S3 while deleting objects for "${bucketName}".  ${err.name}: ${err.message}`,
+      )
+    } else {
+      core.setFailed(`Error while deleting objects for "${bucketName}". ${err.name}: ${err.message}`)
+    }
+    process.exit(1)
+  }
+}
+
+if (args.dry) {
+  core.info('This is a dry run.')
+}
+const keysToBeDeleted = await collectKeysToDelete(args.bucket, args.dir)
+if (!args.dry) {
+  if (keysToBeDeleted.length > 0) {
+    await deleteFiles(args.bucket, keysToBeDeleted)
+  } else {
+    core.info('No files found to delete')
+  }
+}
+core.info('Completed successfully')

.github/workflows/branch-cleanup.yml

@@ -0,0 +1,38 @@
+# This workflow will run automatically when a branch is deleted.
+
+name: Branch Cleanup
+
+on: delete
+
+jobs:
+  branch-delete:
+    if: github.event.ref_type == 'branch'
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - name: Clean up for deleted branch
+        id: cleanup-start
+        run: echo "Clean up for branch ${{ github.event.ref }}"
+      - name: Delete dev experiment
+        id: s3-delete-dev
+        uses: ./.github/actions/s3-delete
+        with:
+          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws_role: ${{ secrets.AWS_ROLE_ARN }}
+          aws_bucket_name: ${{ secrets.AWS_BUCKET }}
+          bucket_dir: experiments/dev/${{ github.event.ref }}
+          dry_run: true
+      - name: Delete staging experiment
+        id: s3-delete-staging
+        uses: ./.github/actions/s3-delete
+        with:
+          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws_role: ${{ secrets.AWS_ROLE_ARN }}
+          aws_bucket_name: ${{ secrets.AWS_BUCKET }}
+          bucket_dir: experiments/staging/${{ github.event.ref }}
+          dry_run: true

.github/workflows/delete-experiment.yml

@@ -0,0 +1,37 @@
+# This workflow can be run on any branch.
+# Given an environment, this workflow will delete the branch's experiment from S3
+
+name: Delete Experiment
+
+on:
+  workflow_dispatch:
+    inputs:
+    nr_environment:
+      description: 'Target New Relic environment'
+      required: true
+      type: choice
+      options:
+      - dev
+      - staging
+
+jobs:
+  delete-experiment-on-s3:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - uses: actions/checkout@v4
+      - name: Clean branch name
+        id: clean-branch-name
+        run: echo "results=$(echo '${{ github.ref }}' | sed 's/refs\/heads\///g' | sed 's/[^[:alnum:].-]/-/g')" >> $GITHUB_OUTPUT
+      - name: Delete experiment
+        id: s3-delete
+        uses: ./.github/actions/s3-delete
+        with:
+          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws_role: ${{ secrets.AWS_ROLE_ARN }}
+          aws_bucket_name: ${{ secrets.AWS_BUCKET }}
+          bucket_dir: experiments/${{ inputs.nr_environment }}/${{ steps.clean-branch-name.outputs.results }}