forked from cds-snc/notification-api
-
Notifications
You must be signed in to change notification settings - Fork 9
130 lines (109 loc) · 4.27 KB
/
task-defnition-cleanup.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Cleanup AWS ECS Task Definitions
on:
schedule:
- cron: '0 0 * * 0' # weekly -- Sunday at 00:00 UTC
workflow_dispatch:
inputs:
dry_run:
description: 'Perform a dry run without deregistering task definitions'
required: true
default: false
type: boolean
jobs:
cleanup-task-definitions:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }}
aws-region: us-gov-west-1
role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }}
role-skip-session-tagging: true
role-duration-seconds: 1800
- name: Cleanup Old ECS Task Definitions
env:
DRY_RUN: ${{ github.event.inputs.dry_run || 'false' }}
run: |
#!/bin/bash
set -e
# Configuration
MAX_REV=10
REGION="us-gov-west-1"
DRY_RUN=$DRY_RUN
echo "Starting ECS Task Definitions cleanup..."
echo "Dry run mode: $DRY_RUN"
# Function to deregister task definitions or perform dry run
deregister_task_definition() {
local task_def=$1
if [ "$DRY_RUN" = "true" ]; then
echo "[Dry Run] Would deregister task definition: $task_def"
else
echo "Deregistering task definition: $task_def"
aws ecs deregister-task-definition --task-definition "$task_def" --region "$REGION"
echo "Deregistered $task_def"
fi
}
# Function to list all task definitions with pagination
list_all_task_definitions() {
local family_filter=$1
local next_token=""
local task_defs=()
while true; do
if [ -z "$family_filter" ]; then
response=$(aws ecs list-task-definitions \
--region "$REGION" \
--output json \
--query 'taskDefinitionArns' \
--max-items 1000)
else
response=$(aws ecs list-task-definitions \
--region "$REGION" \
--family-prefix "$family_filter" \
--sort DESC \
--output json \
--query 'taskDefinitionArns' \
--max-items 1000)
fi
# Extract task definitions
current_batch=$(echo "$response" | jq -r '.taskDefinitionArns')
task_defs+=($current_batch)
# Check for NextToken
next_token=$(echo "$response" | jq -r '.nextToken // empty')
if [ -z "$next_token" ]; then
break
fi
done
echo "${task_defs[@]}"
}
# Retrieve all task definitions ARNs
echo "Fetching all ECS Task Definitions..."
TASK_DEFINITIONS=$(list_all_task_definitions)
declare -A TASK_FAMILY_MAP
# Organize task definitions by family, filtering only families with "api" in their name
for TD in $TASK_DEFINITIONS; do
FAMILY=$(echo $TD | awk -F':' '{print $7}' | awk -F'/' '{print $2}')
# Check if the family name contains "api" (case-insensitive)
if [[ "$FAMILY" =~ [Aa][Pp][Ii] ]]; then
TASK_FAMILY_MAP["$FAMILY"]+="$TD "
fi
done
# Iterate over each filtered family and deregister older revisions
for FAMILY in "${!TASK_FAMILY_MAP[@]}"; do
echo "Processing Task Family: $FAMILY"
# List all revisions for the family with pagination
REVISIONS=$(list_all_task_definitions "$FAMILY")
REV_COUNT=0
for REV in $REVISIONS; do
REV_COUNT=$((REV_COUNT + 1))
if [ "$REV_COUNT" -le "$MAX_REV" ]; then
echo "Keeping revision $REV_COUNT: $REV"
else
deregister_task_definition "$REV"
fi
done
done
echo "ECS Task Definitions cleanup completed successfully."