Skip to content

Scheduled reap AWS stage and prod accounts #15195

Scheduled reap AWS stage and prod accounts

Scheduled reap AWS stage and prod accounts #15195

name: Scheduled reap AWS stage and prod accounts
env:
IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/reaper
AWS_DEFAULT_REGION: us-east-1
on:
schedule:
- cron: '30 * * * *'
jobs:
docker:
uses: ./.github/workflows/docker-build.yml
secrets:
GHCR_BOT_USERNAME: ${{ secrets.GHCR_BOT_USERNAME }}
GHCR_BOT_TOKEN: ${{ secrets.GHCR_BOT_TOKEN }}
reap-aws-stage-prod:
strategy:
fail-fast: false
matrix:
account:
- {id: CUSTOMER_ID, key: CUSTOMER_KEY}
- {id: PROD_ID, key: PROD_KEY}
- {id: STAGE_ID, key: STAGE_KEY}
name: reap AWS stage and prod
needs: [docker]
runs-on: ubuntu-latest
container:
image: ghcr.io/quipucords/reaper:latest
credentials:
username: ${{ secrets.GHCR_BOT_USERNAME }}
password: ${{ secrets.GHCR_BOT_TOKEN }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets[matrix.account.id] }}
AWS_SECRET_ACCESS_KEY: ${{ secrets[matrix.account.key] }}
WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
steps:
- run: |
cd /opt/reaper
export AWS_DEFAULT_REGION AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY ECS_CLUSTER_NAME
export REAP_AGE_SNAPSHOTS REAP_AGE_VOLUMES REAP_DRYRUN REAP_BYPASS_TAG WEBHOOK_URL
poetry run python -m reaper.aws_delete