.github/workflows/housekeep.yml

---
name: Housekeeping
on:
  schedule:
    - cron: "11 3 * * *" # daily at 3:11
  workflow_dispatch:

permissions:
  id-token: write

jobs:
  cancelsubscriptions:
    name: Cancel subscriptions
    runs-on: ubuntu-latest
    steps:
      - name: Azure login
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          allow-no-subscriptions: true

      - name: Azure cancel subscriptions
        uses: azure/CLI@v2
        continue-on-error: true
        with:
          inlineScript: |
            az config set extension.use_dynamic_install=yes_without_prompt
            echo "==> Cancelling the following subscriptions:"
            az account subscription list | jq -r '.[] | select(.state == "Enabled") | select(.displayName | test("^testdeploy.*")) | .subscriptionId'
            az account subscription list | jq -r '.[] | select(.state == "Enabled") | select(.displayName | test("^testdeploy.*")) | .subscriptionId' | xargs -n1 -I% az account subscription cancel --yes --id %
            echo "==> Done cancelling subscriptions"
      - name: Azure logout
        uses: azure/CLI@v2
        if: always()
        with:
          inlineScript: |
            az logout
            az cache purge
            az account clear

  deletealiases:
    name: Delete subscription aliases
    runs-on: ubuntu-latest
    steps:
      - name: Azure login
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          allow-no-subscriptions: true

      - name: Azure delete subscription aliases
        uses: azure/CLI@v2
        continue-on-error: true
        with:
          inlineScript: |
            az config set extension.use_dynamic_install=yes_without_prompt
            echo "==> Deleting the following subscription aliases:"
            az rest --method GET --uri '/providers/Microsoft.Subscription/aliases/?api-version=2021-10-01' | jq -r '.value[] | select(.name | test("^testdeploy")) | .name'
            az rest --method GET --uri '/providers/Microsoft.Subscription/aliases/?api-version=2021-10-01' | jq -r '.value[] | select(.name | test("^testdeploy")) | .name' | xargs -n1 -I% az rest --method DELETE --uri '/providers/Microsoft.Subscription/aliases/%?api-version=2021-10-01'
            echo "==> Done deleting subscription aliases"
      - name: Azure logout
        uses: azure/CLI@v2
        if: always()
        with:
          inlineScript: |
            az logout
            az cache purge
            az account clear

  deleteresourcegroups:
    name: Delete resource groups
    runs-on: ubuntu-latest
    steps:
      - name: Azure login
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_EXISTING_SUBSCRIPTION_ID }}

      - name: Azure delete resourcegroups
        uses: azure/CLI@v2
        continue-on-error: true
        with:
          inlineScript: |
            if [ ! $(az lock list | jq 'length') -eq 0 ]; then
              echo "==> removing locks"
              az lock list | jq '.[].id' | xargs az lock delete --ids
            fi
            
            echo "==> Deleting the following resource groups:"
            az group list | jq -r '.[] | select(.name | test("^testdeploy-")) | .name'
            az group list | jq -r '.[] | select(.name | test("^testdeploy-")) | .name' | xargs -I% -P5 az group delete --yes --name %
            echo "==> Done deleting resource groups"

      - name: Azure logout
        uses: azure/CLI@v2
        if: always()
        with:
          inlineScript: |
            az logout
            az cache purge
            az account clear