proton/.github/workflows/manual_trigger_delete_image.yml at d2d9e22b7178c10af4a45ea4ae67e6b7a1a88d01 · timeplus-io/proton · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
name: manual_trigger_delete_resource

on:
  workflow_dispatch:
    inputs:
      tag:
        description: "Docker image tag to delete"
        required: true
      repo:
        description: "Docker repo to delete image"
        required: false
        default: "timeplus/proton"
      resource:
        description: "Resources to delete (image or runner)"
        required: false
        default: image
        type: choice
        options:
          - image
          - runner
      instance:
        description: "EC2 instance name (Not recommended set)"
        required: false
        default: "ec2-github-runner-"
  schedule:
    - cron: '30 */2 * * *'  # Every 2 hours

jobs:
  delete_tag:
    runs-on: ubuntu-latest
    if: ${{ github.event_name == 'schedule' || github.event.inputs.resource == 'image' }}
    steps:
      - uses: actions/checkout@v5.0.1

      - name: Delete specified tag
        run: |
          pip3 install python-dateutil
          python tests/proton_ci/delete_docker_tags.py
        env:
          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_WRITE_TOKEN }}
          TAG_TO_DELETE: ${{ github.event.inputs.tag }}
          REPO_TO_DELETE: ${{ github.event.inputs.repo }}

  find-instances:
    name: Find self-hosted EC2 instances
    runs-on: ubuntu-latest
    if: ${{ github.event_name == 'schedule' || github.event.inputs.resource == 'runner' }}
    outputs:
      instance_ids: ${{ steps.get-instances.outputs.instance_ids }}
      runner_names: ${{ steps.get-instances.outputs.runner_names }}
    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v6.0.0
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}
      - name: Get EC2 instance name prefix
        run: |
          if [[ "${{ github.event_name }}" == "schedule" ]]; then
            INSTANCE_NAME_PREFIX="ec2-github-runner-"
            echo "Running as scheduled job, using default prefix: $INSTANCE_NAME_PREFIX"
          else
            INSTANCE_NAME_PREFIX=${{ github.event.inputs.instance }}
            echo "Running as manual trigger, using provided prefix: $INSTANCE_NAME_PREFIX"
          fi
          echo "instance_name_prefix=$INSTANCE_NAME_PREFIX" >> $GITHUB_ENV
      - name: Get EC2 instances by Tag and Uptime
        id: get-instances
        run: |
          INSTANCE_NAME_PREFIX=$instance_name_prefix
          LAUNCH_TIME=$(date -u -d '3 hours ago' +%Y-%m-%dT%H:%M:%SZ)
          echo "Get instances with the name prefix $INSTANCE_NAME_PREFIX that were launched since $LAUNCH_TIME."

          INSTANCE_IDS=$(aws ec2 describe-instances \
            --filters "Name=tag:Name,Values=${INSTANCE_NAME_PREFIX}*" \
                      "Name=tag:GitHubRepository,Values=timeplus-io/proton" \
                      "Name=instance-state-name,Values=running" \
            --query "Reservations[*].Instances[?LaunchTime<=\`${LAUNCH_TIME}\`].InstanceId" \
            --output json | jq -c '. | flatten')

          RUNNER_NAMES=$(aws ec2 describe-instances \
            --filters "Name=tag:Name,Values=${INSTANCE_NAME_PREFIX}*" \
                      "Name=tag:GitHubRepository,Values=timeplus-io/proton" \
                      "Name=instance-state-name,Values=running" \
            --query "Reservations[*].Instances[?LaunchTime<=\`${LAUNCH_TIME}\`].PrivateDnsName" \
            --output json | jq -c '. | flatten | if length > 0 then map(sub("\\..*"; "")) else [] end')

          echo "instance_ids=$INSTANCE_IDS" | tee -a "$GITHUB_OUTPUT"
          echo "runner_names=$RUNNER_NAMES" | tee -a "$GITHUB_OUTPUT"

          if [ -z "$INSTANCE_IDS" ] || [ "$INSTANCE_IDS" == "[]" ]; then
            echo "No instance IDs provided. Skipping print instance names."
          else
            INSTANCE_NAMES=$(aws ec2 describe-instances \
              --instance-ids $(echo $INSTANCE_IDS | jq -r '.[]') \
              --query "Reservations[*].Instances[*].[InstanceId, Tags[?Key=='Name'].Value | [0]]" \
              --output json)
            echo "instance_names=$INSTANCE_NAMES"
          fi

  stop-instances:
    name: Stop self-hosted EC2 instances
    needs: find-instances # required to get output from the find-instances job
    if: ${{ needs.find-instances.outputs.instance_ids != '[]' }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        instance_id: ${{ fromJson(needs.find-instances.outputs.instance_ids) }}
    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v6.0.0
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}
      - name: Stop EC2 runner
        # Temporary pin to the Node 24-compatible fork until the companion ec2-github-runner PR merges.
        uses: yokofly/ec2-github-runner@522cb941f0d76565385ce7aeb6771bf58451ba1b
        with:
          mode: stop
          github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
          label: 'none'
          ec2-instance-id: ${{ matrix.instance_id }}

  stop-runners:
    name: Stop self-hosted EC2 runners
    needs:
      - find-instances  # required to get output from the find-instances job
      - stop-instances  # required to run after stop-instances job due to online runner cannot be deleted
    if: ${{ needs.find-instances.outputs.runner_names != '[]' }}
    runs-on: ubuntu-latest
    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v6.0.0
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}
      - name: Get and Remove runners
        run: |
          RUNNER_NAMES='${{ needs.find-instances.outputs.runner_names }}'
          echo "RUNNER_NAMES: $RUNNER_NAMES"

          RUNNERS=$(curl -L -H "Accept: application/vnd.github+json" \
                        -H "Authorization: token $GH_PERSONAL_ACCESS_TOKEN" \
                        -H "X-GitHub-Api-Version: 2022-11-28" \
                        https://api.github.com/repos/timeplus-io/proton/actions/runners)
          echo "RUNNERS: $RUNNERS"

          RUNNER_IDS=()
          for dns in $(echo "$RUNNER_NAMES" | jq -r '.[]'); do
              echo "dns: $dns"
              ID=$(echo "$RUNNERS" | jq -r --arg DNS "$dns" '.runners[] | select(.name == $DNS) | .id')
              if [[ -n "$ID" && "$ID" != "null" ]]; then
                  RUNNER_IDS+=("$ID")
              fi
          done

          for ID in "${RUNNER_IDS[@]}"; do
              echo "Deleting Runner ID: $ID"
              curl -X DELETE -s -L \
                  -H "Accept: application/vnd.github+json" \
                  -H "Authorization: token $GH_PERSONAL_ACCESS_TOKEN" \
                  -H "X-GitHub-Api-Version: 2022-11-28" \
                  "https://api.github.com/repos/timeplus-io/proton/actions/runners/$ID"
          done

          echo "Deleted ${#RUNNER_IDS[@]} runners."
        env:
          GH_PERSONAL_ACCESS_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}