-
Notifications
You must be signed in to change notification settings - Fork 9
112 lines (100 loc) · 4.03 KB
/
scheduled.yml
File metadata and controls
112 lines (100 loc) · 4.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: Scheduled
on:
schedule: [cron: "0 11 * * 6"] # 3 AM PST = 12 PM UDT, Saturdays
workflow_dispatch:
workflow_call:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
stale-branches:
name: Close Stale Branches & PRs
runs-on: ubuntu-slim
timeout-minutes: 10
steps:
- uses: actions/stale@v10
with:
days-before-stale: 14
days-before-close: 7
stale-label: stale
close-issue-message: >
This issue has been marked stale due to no activity for 14 days.
It will be closed in 7 days if no action is taken.
If you still need this, please reopen or comment to reset the timer.
close-pr-message: >
This PR has been marked stale due to no activity for 14 days.
It will be closed in 7 days if no action is taken.
If you still need this, please reopen or request review to reset the timer.
remove-stale-when-updated: true
operations-per-run: 100
debug-only: false
ageOutPRs:
name: PR Deployment Purge
env:
# https://tecadmin.net/getting-yesterdays-date-in-bash/
CUTOFF: "1 week ago"
runs-on: ubuntu-slim
timeout-minutes: 10
steps:
- name: Clean up PR Deployments
uses: bcgov/action-oc-runner@1815ce17a815c71e9078851a2e3da84d191ea6c3 # v1.5.0
with:
oc_namespace: ${{ secrets.oc_namespace }}
oc_token: ${{ secrets.oc_token }}
oc_server: ${{ vars.oc_server }}
commands: |
# Catch errors, unset variables, and pipe failures (e.g. grep || true )
set -euo pipefail
# Echos
echo "Delete stale PR deployments"
echo "Cutoff: ${{ env.CUTOFF }}"
# Before date
BEFORE=$(date +%s -d "${{ env.CUTOFF }}")
REPO="${{ github.event.repository.name }}"
# Get deployments matching the repo-PR naming pattern
DEPLOYS=$(oc get deploy --no-headers -o custom-columns=:metadata.name,:metadata.creationTimestamp 2>/dev/null | grep -E "${REPO}-[0-9]+" || :)
# If deployments, then iterate
if [ -n "${DEPLOYS}" ]; then
while read -r name created; do
# Convert creation timestamp to epoch
UPDATED=$(date -d "${created}" +%s 2>/dev/null || :)
# Compare to cutoff and delete as necessary
if [[ -n "${UPDATED}" ]] && [[ ${UPDATED} -lt ${BEFORE} ]]; then
# Get the app label for this deployment
LABEL=$(oc get deploy "${name}" -o jsonpath='{.metadata.labels.app}' 2>/dev/null || :)
if [ -n "${LABEL}" ]; then
echo -e "\nOlder than cutoff: ${name} (app=${LABEL})"
oc delete all,secret,pvc,cm -l "app=${LABEL}" --ignore-not-found
else
echo -e "\nERROR: No app label found on deployment ${name}"
exit 1
fi
else
echo -e "\nNewer than cutoff: ${name}"
echo "No need to delete"
fi
done <<< "${DEPLOYS}"
else
echo "No PR deployments found for ${{ github.event.repository.name }}"
fi
schema-spy:
name: SchemaSpy
permissions:
contents: write
pages: write
uses: bcgov/quickstart-openshift-helpers/.github/workflows/.schema-spy.yml@18a043020cdc4f1125ec592524e8163edc767f4a # v1.2.0
# Run sequentially to reduce chances of rate limiting
zap:
name: ZAP Scans
permissions:
issues: write
runs-on: ubuntu-24.04
steps:
- name: ZAP Scan
uses: zaproxy/action-full-scan@3c58388149901b9a03b7718852c5ba889646c27c # v0.13.0
with:
allow_issue_writing: true
issue_title: "ZAP Security Report"
token: ${{ secrets.GITHUB_TOKEN }}
target: https://${{ github.event.repository.name }}-test.apps.silver.devops.gov.bc.ca