-
Notifications
You must be signed in to change notification settings - Fork 816
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: cleanup stale resources in CodeBuild #12779
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file is mostly a rename of packages/amplify-e2e-core/src/utils/add-circleci-tags.ts
, but with a few changes to switch the tag data source depending on the CI environment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a rough copy of packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts
modified to work for CodeBuild.
*/ | ||
const handleExpiredTokenException = (): void => { | ||
console.log('Token expired. Exiting...'); | ||
process.exit(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.exit(1)
?
if (typeof created === 'string') { | ||
normalizedDate = new Date(created); | ||
} else { | ||
normalizedDate = created; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does this cause problems if created is undefined?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think so, since the later ternary will only call .getTime()
if normalizedDate
is defined
* Get all iam roles in the account, and filter down to the ones we consider stale. | ||
*/ | ||
const getOrphanTestIamRoles = async (account: AWSAccountInfo): Promise<IamRoleInfo[]> => { | ||
const iamClient = new IAM(getAWSConfig(account)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could we use the sdk global config object to avoid having to get the config in all these places?
Alternatively, create the clients we need in the module scope and use them when needed in the functions
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I might be missing something, as I didn't implement the original script (cc @lazpavel), but I don't like that as much because we will have to update the global config for each account. Introducing global state makes the implementation less flexible and reliant on side effects imho.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah yeah if we are switching accounts as the script runs then this is okay
}; | ||
|
||
const ci = CI.toLowerCase(); | ||
addTagIfNotExist(ci, sanitizeTagValue(CI === CIRCLECI ? process.env[CI] : process.env[`${CODEBUILD}_BUILD_IMAGE`])); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit, this could be simplified into a for loop like:
[[key1, val1], [key2, val2], ...].forEach(([key, value]) => addTagIfNotExists(key, sanitizeTagValue(value))
// Ensure that scripts/cci-utils.ts is also updated when this gets updated | ||
const AWS_REGIONS_TO_RUN_TESTS = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could we just import the region list from that file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One CodeQL issue but LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, it looks like the AWS_REGIONS_TO_RUN_TESTS import didn't get updated?
Shoot, I included a commit by mistake which triggered the CodeQL warning. Updating...
It did, but only in the CodeBuild cleanup script. The old CCI cleanup script lives in the |
This reverts commit fa25b35.
Codecov Report
❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more. @@ Coverage Diff @@
## dev #12779 +/- ##
===========================================
+ Coverage 0.00% 48.43% +48.43%
===========================================
Files 1296 841 -455
Lines 149743 38076 -111667
Branches 1296 7752 +6456
===========================================
+ Hits 0 18441 +18441
+ Misses 148447 18045 -130402
- Partials 1296 1590 +294
... and 1261 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Description of changes
Add a CodeBuild job similar to what we have for CircleCI to cleanup resources that were not deleted properly during test runs.
Description of how you validated changes
Ran job on my local copy of the CodeBuild infrastructure, cleanup job executes and passes.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.