Skip to content

.Platform - Clean up deployment history #297

.Platform - Clean up deployment history

.Platform - Clean up deployment history #297

name: ".Platform - Clean up deployment history"
on:
workflow_dispatch:
inputs:
handleSubscriptionScope:
type: boolean
description: "Include Subscription deployments"
required: false
default: true # Note: This requires your service principal to have permissions on the subscription scope.
handleManagementGroupScope:
type: boolean
description: "Include Management Group deployments"
required: false
default: true # Note: This requires your service principal to have permissions on the management group scope.
maxDeploymentRetentionInDays:
type: string
description: "The number of days to keep deployments with status [failed]" # 'Running' are always excluded
required: false
default: "14"
schedule:
- cron: "0 0 * * *"
env:
workflowPath: ".github/workflows/platform.deployment.history.cleanup.yml"
jobs:
###########################
# Initialize pipeline #
###########################
job_initialize_pipeline:
runs-on: ubuntu-latest
name: "Initialize pipeline"
steps:
- name: "Checkout"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Set input parameters to output variables"
id: get-workflow-param
uses: ./.github/actions/templates/avm-getWorkflowInput
with:
workflowPath: "${{ env.workflowPath}}"
outputs:
workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }}
###############
# Removal #
###############
job_cleanup_subscription_deployments:
runs-on: ubuntu-latest
name: "Remove Subscription deployments"
environment: avm-validation
permissions:
id-token: write # For OIDC
needs:
- job_initialize_pipeline
if: ${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).handleSubscriptionScope == 'true' }}
steps:
- name: "Checkout"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set environment
uses: ./.github/actions/templates/avm-setEnvironment
# [Azure login] task(s)
# ------------------------------
# Supports both OIDC and service principal with secret
# 'creds' will be ignored if 'client-id', 'subscription-id' or 'tenant-id' is set
- name: Azure Login
uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
client-id: ${{ secrets.VALIDATE_CLIENT_ID }}
tenant-id: ${{ secrets.VALIDATE_TENANT_ID }}
subscription-id: ${{ secrets.VALIDATE_SUBSCRIPTION_ID }}
enable-AzPSSession: true
- name: Remove deployments
uses: azure/powershell@v2
with:
inlineScript: |
# Load used functions
. (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'platform' 'deploymentRemoval' 'Clear-SubscriptionDeploymentHistory.ps1')
$functionInput = @{
SubscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}'
maxDeploymentRetentionInDays = '${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).maxDeploymentRetentionInDays }}'
}
Write-Verbose "Invoke task with" -Verbose
Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose
Clear-SubscriptionDeploymentHistory @functionInput
azPSVersion: "latest"
job_cleanup_managementGroup_deployments:
runs-on: ubuntu-latest
name: "Remove Management Group deployments"
environment: avm-validation
permissions:
id-token: write # For OIDC
needs:
- job_initialize_pipeline
if: ${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).handleManagementGroupScope == 'true' }}
steps:
- name: "Checkout"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set environment
uses: ./.github/actions/templates/avm-setEnvironment
# [Azure login] task(s)
# ------------------------------
# Supports both OIDC and service principal with secret
# 'creds' will be ignored if 'client-id', 'subscription-id' or 'tenant-id' is set
- name: Azure Login
uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
client-id: ${{ secrets.VALIDATE_CLIENT_ID }}
tenant-id: ${{ secrets.VALIDATE_TENANT_ID }}
subscription-id: ${{ secrets.VALIDATE_SUBSCRIPTION_ID }}
enable-AzPSSession: true
- name: Remove deployments
uses: azure/powershell@v2
with:
inlineScript: |
# Load used functions
. (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'platform' 'deploymentRemoval' 'Clear-ManagementGroupDeploymentHistory.ps1')
$mgmtGroupIdInput = '${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).customManagementGroupId }}'
foreach($mgmtGroupId in @('${{ secrets.ARM_MGMTGROUP_ID }}', 'bicep-lz-vending-automation-child')) {
Write-Verbose "Processing mgmtGroupId [$mgmtGroupId]" -Verbose
$functionInput = @{
ManagementGroupId = $mgmtGroupId
maxDeploymentRetentionInDays = '${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).maxDeploymentRetentionInDays }}'
}
Write-Verbose "Invoke task with" -Verbose
Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose
Clear-ManagementGroupDeploymentHistory @functionInput
}
azPSVersion: "latest"