Skip to content

AWS Nuke

AWS Nuke #1534

Workflow file for this run

name: AWS Nuke
on:
# Enable manual runs
workflow_dispatch:
inputs:
delete:
description: 'Set to "true" to actually delete stuff'
required: true
default: "false"
# Enable pull request for testing
pull_request:
types: [opened, synchronize, reopened]
# Nuke testing account nightly
schedule:
# Run at noon UTC, 4 or 5am PT
- cron: "0 */6 * * *"
permissions:
contents: read
jobs:
dry-run:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request' || ( github.event_name == 'workflow_dispatch' && github.event.inputs.delete != 'true' )
permissions:
contents: read
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
egress-policy: audit
- uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::234656776442:role/brd-sndbx-ue1-core-admins
aws-region: us-east-1
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# Ensure that an account alias is set or aws-nuke fails
- run: aws iam create-account-alias --account-alias brd-sndbx || true
- name: aws-nuke
uses: "docker://quay.io/rebuy/aws-nuke:v2.25.0"
with:
args: "--config ./sandbox-nuke.yml --force --force-sleep 3"
- uses: sarisia/actions-status-discord@ce8cc68e4e626000136b3c702d049a154243e490 # v1.14.7
if: failure()
with:
webhook: ${{ secrets.DISCORD_WEBHOOK }}
no-dry-run:
runs-on: ubuntu-latest
if: github.event_name == 'schedule' || ( github.event_name == 'workflow_dispatch' && github.event.inputs.delete == 'true' )
permissions:
contents: read
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
egress-policy: audit
- uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::234656776442:role/brd-sndbx-ue1-core-admins
aws-region: us-east-1
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# Ensure that an account alias is set or aws-nuke fails
- run: aws iam create-account-alias --account-alias brd-sndbx || true
- name: aws-nuke
uses: "docker://quay.io/rebuy/aws-nuke:v2.25.0"
with:
args: "--config ./sandbox-nuke.yml --force --force-sleep 3 --no-dry-run"
- uses: sarisia/actions-status-discord@ce8cc68e4e626000136b3c702d049a154243e490 # v1.14.7
if: failure()
with:
webhook: ${{ secrets.DISCORD_WEBHOOK }}