chore: cleanup stale resources in CodeBuild #12779
Conversation
There was a problem hiding this comment.
This file is mostly a rename of packages/amplify-e2e-core/src/utils/add-circleci-tags.ts, but with a few changes to switch the tag data source depending on the CI environment.
There was a problem hiding this comment.
This is a rough copy of packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts modified to work for CodeBuild.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| */ | ||
| const handleExpiredTokenException = (): void => { | ||
| console.log('Token expired. Exiting...'); | ||
| process.exit(); |
| if (typeof created === 'string') { | ||
| normalizedDate = new Date(created); | ||
| } else { | ||
| normalizedDate = created; |
There was a problem hiding this comment.
does this cause problems if created is undefined?
There was a problem hiding this comment.
I don't think so, since the later ternary will only call .getTime() if normalizedDate is defined
| * Get all iam roles in the account, and filter down to the ones we consider stale. | ||
| */ | ||
| const getOrphanTestIamRoles = async (account: AWSAccountInfo): Promise<IamRoleInfo[]> => { | ||
| const iamClient = new IAM(getAWSConfig(account)); |
There was a problem hiding this comment.
could we use the sdk global config object to avoid having to get the config in all these places?
Alternatively, create the clients we need in the module scope and use them when needed in the functions
There was a problem hiding this comment.
I might be missing something, as I didn't implement the original script (cc @lazpavel), but I don't like that as much because we will have to update the global config for each account. Introducing global state makes the implementation less flexible and reliant on side effects imho.
There was a problem hiding this comment.
Ah yeah if we are switching accounts as the script runs then this is okay
| }; | ||
|
|
||
| const ci = CI.toLowerCase(); | ||
| addTagIfNotExist(ci, sanitizeTagValue(CI === CIRCLECI ? process.env[CI] : process.env[`${CODEBUILD}_BUILD_IMAGE`])); |
There was a problem hiding this comment.
nit, this could be simplified into a for loop like:
[[key1, val1], [key2, val2], ...].forEach(([key, value]) => addTagIfNotExists(key, sanitizeTagValue(value))| // Ensure that scripts/cci-utils.ts is also updated when this gets updated | ||
| const AWS_REGIONS_TO_RUN_TESTS = [ |
There was a problem hiding this comment.
could we just import the region list from that file?
Shoot, I included a commit by mistake which triggered the CodeQL warning. Updating...
It did, but only in the CodeBuild cleanup script. The old CCI cleanup script lives in the |
This reverts commit fa25b35.
Codecov Report
❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more. @@ Coverage Diff @@
## dev #12779 +/- ##
===========================================
+ Coverage 0.00% 48.43% +48.43%
===========================================
Files 1296 841 -455
Lines 149743 38076 -111667
Branches 1296 7752 +6456
===========================================
+ Hits 0 18441 +18441
+ Misses 148447 18045 -130402
- Partials 1296 1590 +294
... and 1261 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Description of changes
Add a CodeBuild job similar to what we have for CircleCI to cleanup resources that were not deleted properly during test runs.
Description of how you validated changes
Ran job on my local copy of the CodeBuild infrastructure, cleanup job executes and passes.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.