Skip to content

Commit 2ad3c61

Browse files
dschodscho
authored
Merge pull request #96 from git-for-windows/cleanup-self-hosted-runners-built-in-azure-cli
Self-hosted runner cleanup: use Ubuntu instead of azure/cli action
2 parents 295d792 + 72a1b0d commit 2ad3c61

File tree

1 file changed

+65
-44
lines changed

1 file changed

+65
-44
lines changed

.github/workflows/cleanup-self-hosted-runners.yml

Lines changed: 65 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -13,58 +13,79 @@ on:
1313
# az ad sp create-for-rbac --name "{YOUR_DESCRIPTIVE_NAME_HERE}" --role contributor \
1414
# --scopes /subscriptions/{SUBSCRIPTION_ID_HERE}/resourceGroups/{RESOURCE_GROUP_HERE} \
1515
# --sdk-auth
16-
# AZURE_RESOURCE_GROUP - Resource group to create the runner(s) in
16+
# AZURE_RESOURCE_GROUP - Resource group to find the runner(s) in. It's recommended to set up a resource
17+
# group specifically for self-hosted Actions Runners.
1718
jobs:
1819
delete-runner:
20+
if: github.repository_owner == 'git-for-windows'
1921
runs-on: ubuntu-latest
2022
steps:
2123
- uses: actions/checkout@v4
22-
- name: Azure Login
23-
uses: azure/login@v2
24+
- name: Process Azure credentials
25+
uses: actions/github-script@v7
26+
env:
27+
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
2428
with:
25-
creds: ${{ secrets.AZURE_CREDENTIALS }}
29+
script: |
30+
if (!process.env.AZURE_CREDENTIALS) {
31+
core.setFailed('The AZURE_CREDENTIALS secret is required.')
32+
process.exit(1)
33+
}
34+
35+
const azureCredentials = JSON.parse(process.env.AZURE_CREDENTIALS)
36+
const {clientId, clientSecret, tenantId, subscriptionId} = azureCredentials
37+
38+
core.setSecret(clientId)
39+
core.exportVariable('AZURE_CLIENT_ID', clientId)
40+
41+
core.setSecret(clientSecret)
42+
core.exportVariable('AZURE_CLIENT_SECRET', clientSecret)
43+
44+
core.setSecret(tenantId)
45+
core.exportVariable('AZURE_TENANT_ID', tenantId)
46+
47+
core.setSecret(subscriptionId)
48+
core.exportVariable('AZURE_SUBSCRIPTION_ID', subscriptionId)
2649
- name: Discover VMs to delete
27-
uses: azure/CLI@v2
2850
env:
29-
GH_APP_ID: ${{ secrets.GH_APP_ID }}
30-
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
31-
with:
32-
# Stick to 2.63.0 until jq is added to 2.64.0+ https://github.com/Azure/azure-cli/issues/29830
33-
azcliversion: 2.63.0
34-
inlineScript: |
35-
active_vms=$(az vm list -g ${{ secrets.AZURE_RESOURCE_GROUP }} | jq -c '.[] | {name,timeCreated}')
36-
current_time=$(date +%s)
37-
one_hour_ago=$(($current_time - 3600))
51+
GH_APP_ID: ${{ secrets.GH_APP_ID }}
52+
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
53+
run: |
54+
az login --service-principal -u ${{ env.AZURE_CLIENT_ID }} -p ${{ env.AZURE_CLIENT_SECRET }} --tenant ${{ env.AZURE_TENANT_ID }}
55+
az account set --subscription ${{ env.AZURE_SUBSCRIPTION_ID }}
56+
active_vms=$(az vm list -g ${{ secrets.AZURE_RESOURCE_GROUP }} | jq -c '.[] | {name,timeCreated}')
57+
current_time=$(date +%s)
58+
one_hour_ago=$(($current_time - 3600))
3859
39-
if [ -z "$active_vms" ]; then
40-
echo "No active VMs found, nothing to do."
41-
exit 0
42-
else
43-
echo "Found these active VMs:"
44-
echo $active_vms
45-
fi
60+
if [ -z "$active_vms" ]; then
61+
echo "No active VMs found, nothing to do."
62+
exit 0
63+
else
64+
echo "Found these active VMs:"
65+
echo $active_vms
66+
fi
4667
47-
for active_vm in ${active_vms[@]}; do
48-
vm_name=$(echo $active_vm | jq '.name')
49-
# Use jq to extract and format the date-time string
50-
vm_creation_time_string="$(echo $active_vm |
51-
jq -r '.timeCreated | sub("\\.[0-9]+[+-][0-9]+:[0-9]+$"; "") | sub("T"; " ")')"
52-
vm_creation_time=$(TZ=UTC date -d "$vm_creation_time_string" +%s)
68+
for active_vm in ${active_vms[@]}; do
69+
vm_name=$(echo $active_vm | jq -r '.name')
70+
# Use jq to extract and format the date-time string
71+
vm_creation_time_string="$(echo $active_vm |
72+
jq -r '.timeCreated | sub("\\.[0-9]+[+-][0-9]+:[0-9]+$"; "") | sub("T"; " ")')"
73+
vm_creation_time=$(TZ=UTC date -d "$vm_creation_time_string" +%s)
5374
54-
if [ "$one_hour_ago" -lt "$vm_creation_time" ]; then
55-
echo "::notice::The VM ${vm_name} was created less then 1 hour ago and shouldn't be deleted yet. Skipping."
56-
elif test true = "$(if test ! -f .cli-authenticated; then
57-
./gh-cli-auth-as-app.sh &&
58-
>.cli-authenticated # only authenticate once
59-
fi &&
60-
gh api repos/$GITHUB_REPOSITORY/actions/runners \
61-
--jq '.runners[] | select(.name == "'$vm_name'") | .busy')"; then
62-
echo "::notice::The VM ${vm_name} is still busy."
63-
else
64-
echo "::warning::The VM ${vm_name} was created more than 3 hours ago and wasn't deleted. Let's do that now."
65-
az vm delete -n "$vm_name" -g ${{ secrets.AZURE_RESOURCE_GROUP }} --yes
66-
az network nsg delete -n "$vm_name"-nsg -g ${{ secrets.AZURE_RESOURCE_GROUP }}
67-
az network vnet delete -n "$vm_name"-vnet -g ${{ secrets.AZURE_RESOURCE_GROUP }}
68-
az network public-ip delete -n "$vm_name"-ip -g ${{ secrets.AZURE_RESOURCE_GROUP }}
69-
fi
70-
done
75+
if [ "$one_hour_ago" -lt "$vm_creation_time" ]; then
76+
echo "::notice::The VM ${vm_name} was created less then 1 hour ago and shouldn't be deleted yet. Skipping."
77+
elif test true = "$(if test ! -f .cli-authenticated; then
78+
./gh-cli-auth-as-app.sh &&
79+
>.cli-authenticated # only authenticate once
80+
fi &&
81+
gh api repos/$GITHUB_REPOSITORY/actions/runners \
82+
--jq '.runners[] | select(.name == "'$vm_name'") | .busy')"; then
83+
echo "::notice::The VM ${vm_name} is still busy."
84+
else
85+
echo "::warning::The VM ${vm_name} was created more than 3 hours ago and wasn't deleted. Let's do that now."
86+
az vm delete -n "$vm_name" -g ${{ secrets.AZURE_RESOURCE_GROUP }} --yes
87+
az network nsg delete -n "$vm_name"-nsg -g ${{ secrets.AZURE_RESOURCE_GROUP }}
88+
az network vnet delete -n "$vm_name"-vnet -g ${{ secrets.AZURE_RESOURCE_GROUP }}
89+
az network public-ip delete -n "$vm_name"-ip -g ${{ secrets.AZURE_RESOURCE_GROUP }}
90+
fi
91+
done

0 commit comments

Comments
 (0)