Skip to content

Latest commit

 

History

History
703 lines (541 loc) · 22.3 KB

README.md

File metadata and controls

703 lines (541 loc) · 22.3 KB
Github action which allows you to delete deployments and environments

♾️ Delete Deployments and Environment ♾️


This github action allows you to delete environments, as well as delete your deployment history. Deployments can be deleted in their totality, or you can target a specific number of deployments to erase.



Tests Version Downloads Size Last Commit Contributors








About

GitHub action which finds and deletes all deployments by deployment name as well as the GitHub environment they are deployed to. Action will find and mark all deployments as inactive and then delete all deployments and then finally the environment itself.

  • To only delete deployments and the not environment, add onlyRemoveDeployments: true.
  • To keep deployments but inactivate all deployments, add onlyDeactivateDeployments: true
  • To only delete a deployment ref and not all deployments of a given environment, add ref: my-branch
  • To circumvent the error You have exceeded a secondary rate limit, add delay: 500 or some value that doesn't surpass 100 actions per minute.
  • To remove a limited number of deployments lesser than the default 100, add limit: 50 or any other value to target a specific number.

Note

If you pass onlyDeactivateDeployments: true and onlyRemoveDeployments: true together, onlyRemoveDeployments will override onlyDeactivateDeployments and all deployments will be removed.


Note

If you plan to delete a created environment, your GITHUB_TOKEN MUST have permissions with repo scope. The token provided by the workflow, github.token does not have the permissions to delete created environments.

(See Delete an environment REST API docs)


Note

If you see the error Resource not accessible by integration, you'll need to follow the instructions below to obtain the proper token.


Obtain A Token

For certain operations (like deleting an environment), your GitHub Action will need additional permissions that the default github.token simply doesn't have.


In this case, a GitHub App can be created to assume the required permissions, and ultimately your own Actions will use a Private Key to later exchange for a JWT token, which this Action can use to execute operations.


  1. Create GitHub app

  2. Generate Private Key

  3. Add your GitHub App's "App ID" to your repo's Actions Secrets

    • (ex: GH_APP_ID)
  4. Add your Private Key to your repo's Actions Secrets

    • (ex: GH_APP_PRIVATE_KEY)
  5. Use navikt/github-app-token-generator before using this action to generate a JWT


    Example

    cleanup-pr.yml

    # #
    #    Cleans up a GitHub PR
    # #
    
    name: 🧼 Clean up environment
    on:
    pull_request:
      types:
        - closed
    
    jobs:
      cleanup:
        runs-on: ubuntu-latest
        permissions: write-all
    
        steps:
          - uses: actions/checkout@v3
    
          # Points to a recent commit instead of `main` to avoid supply chain attacks. (The latest tag is very old.)
          - name: 🎟 Get GitHub App token
            uses: navikt/github-app-token-generator@a3831f44404199df32d8f39f7c0ad9bb8fa18b1c
            id: get-token
            with:
              app-id: ${{ secrets.GH_APP_ID }}
              private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
    
          - name: 🗑 Delete deployment environment
            uses: Aetherinox/delete-deploy-env-action@v2.2.3
            with:
              # Use a JWT created with your GitHub App's private key
              token: ${{ steps.get-token.outputs.token }}
              environment: pr-${{ github.event.number }}
              ref: ${{ github.head_ref }}



Inputs

name description
token GitHub token like ${{ github.token }} or ${{ secrets.GITHUB_TOKEN }}
environment The Name of the environment to delete
onlyRemoveDeployments Delete deployments and not the environment. Default false
onlyDeactivateDeployments Deactivate the deployments but don't remove deployments or environment. Default false
ref The name of the deployment ref to delete
delay Milliseconds to wait between each action. Avoids secondary rate limit. Default: 500
limit Allows you to target deleting X deployments under the max of 100. Default: 100



Usage

To use this workflow, view the following examples below:


Deactivate / Remove Deployment Environment (also from settings)

The example below will be triggered on a delete event.

  • ✔️ Deactivates deployment
  • ✔️ Removes from deployments tab
  • ✔️ Removes from environment tab in settings

name: Delete Environment (default settings)

on:
  delete:
    branches-ignore:
      - main

jobs:
  delete:
    runs-on: ubuntu-latest
    steps:
      - uses: Aetherinox/delete-deploy-env-action@v2
        with:
          # ⚠️ The provided token needs permission for admin write:org
          token: ${{ secrets.GITHUB_TOKEN }}
          environment: my-environment-name

Deactivate / Remove Deployment Environment

The example below will be triggered on a delete event.

  • ✔️ Deactivates deployment
  • ✔️ Removes from deployments tab
  • ❌ Removes from environment tab in settings

name: Delete Deployments

on:
  delete:
    branches-ignore:
      - main

jobs:
  delete:
    runs-on: ubuntu-latest
    steps:
      - uses: Aetherinox/delete-deploy-env-action@v2
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          environment: my-environment-name
          onlyRemoveDeployments: true

Deactivates and removes a deployment ref of a given environment

The example below will be triggered on a delete event.

  • ✔️ Deactivates deployment
  • ✔️ Removes from deployments tab
  • ✔️ Removes only a deployment ref
  • ❌ Removes from environment tab in settings

name: Delete Deployments Ref

on:
  delete:
    branches-ignore:
      - main

jobs:
  delete:
    runs-on: ubuntu-latest
    steps:
      - uses: Aetherinox/delete-deploy-env-action@v2
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          environment: my-environment-name
          ref: my-branch
          onlyRemoveDeployments: true

Deactivates deployment environment

The example below will be triggered on a delete event.

  • ✔️ Deactivates deployment
  • ❌ Removes from deployments tab
  • ❌ Removes from environment tab in settings

name: Set deployements to inactive

on:
  delete:
    branches-ignore:
      - main

jobs:
  delete:
    runs-on: ubuntu-latest
    steps:
      - uses: Aetherinox/delete-deploy-env-action@v2
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          environment: my-environment-name
          onlyDeactivateDeployments: true

Avoid Secondary Rate Limiting

No more than 100 concurrent requests are allowed. and mo more than 900 points per minute are allowed for REST API endpoints. This limit is shared across the Github REST API and GraphQL API. To handle this rate limiting issue, we've implemented a delay that be specified within your workflow. In the example below, we add the property delay, and set it to 500 milliseconds. This means that if you have a large number of deployments you wish to erase, it will take longer than a minute, but you can easily walk away and the workflow will complete successfully without throwing a Secondary rate limit error.

jobs:
    cleanup:
        runs-on: ubuntu-latest
        permissions: write-all

        steps:
          - name: >-
              ⚙️ Deployments › Clean
            uses: Aetherinox/delete-deploy-env-action@v3.0.0
            with:
              token: ${{ secrets.GITHUB_TOKEN }}
              environment: orion
              onlyRemoveDeployments: true
              delay: "500"

Limit Deployments Removed

You may specify a custom value to represent how many deployments you want to remove from your deployment history. The default value is 100 which is the max that is allowed by the Github REST API. The following example will delete 43 deployments from your history:

jobs:
    cleanup:
        runs-on: ubuntu-latest
        permissions: write-all

        steps:
          - name: >-
              ⚙️ Deployments › Clean
            uses: Aetherinox/delete-deploy-env-action@v3.0.0
            with:
              token: ${{ secrets.GITHUB_TOKEN }}
              environment: orion
              onlyRemoveDeployments: true
              limit: 43

If you wish to delete more than the 100 max limit, you must combine the property limit with delay. The example below will delete 165 deployments, but with a delay of 500 milliseconds between each deployment removed from your history.

jobs:
    cleanup:
        runs-on: ubuntu-latest
        permissions: write-all

        steps:
          - name: >-
              ⚙️ Deployments › Clean
            uses: Aetherinox/delete-deploy-env-action@v3.0.0
            with:
              token: ${{ secrets.GITHUB_TOKEN }}
              environment: orion
              onlyRemoveDeployments: true
              delay: 500
              limit: 165



Rate Limits

Remember that Github has implemented rate limits on how many actions you can perform. If you would like to see your current limits, open up a Command Prompt / Terminal, and run the following CURL command. Replace <YOUR-TOKEN> with your Github API token.

curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer <YOUR-TOKEN>" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit

You should see the following:

{
  "resources": {
    "core": {
      "limit": 10000,
      "used": 27,
      "remaining": 9973,
      "reset": 1729024173
    },
    "search": {
      "limit": 30,
      "used": 0,
      "remaining": 30,
      "reset": 1729020821
    },
    "graphql": {
      "limit": 5000,
      "used": 1,
      "remaining": 4999,
      "reset": 1729022213
    },
    "integration_manifest": {
      "limit": 5000,
      "used": 0,
      "remaining": 5000,
      "reset": 1729024361
    },
    "source_import": {
      "limit": 100,
      "used": 0,
      "remaining": 100,
      "reset": 1729020821
    },
    "code_scanning_upload": {
      "limit": 1000,
      "used": 0,
      "remaining": 1000,
      "reset": 1729024361
    },
    "actions_runner_registration": {
      "limit": 10000,
      "used": 0,
      "remaining": 10000,
      "reset": 1729024361
    },
    "scim": {
      "limit": 15000,
      "used": 0,
      "remaining": 15000,
      "reset": 1729024361
    },
    "dependency_snapshots": {
      "limit": 100,
      "used": 0,
      "remaining": 100,
      "reset": 1729020821
    },
    "audit_log": {
      "limit": 1750,
      "used": 0,
      "remaining": 1750,
      "reset": 1729024361
    },
    "audit_log_streaming": {
      "limit": 15,
      "used": 0,
      "remaining": 15,
      "reset": 1729024361
    },
    "code_search": {
      "limit": 10,
      "used": 0,
      "remaining": 10,
      "reset": 1729020821
    }
  },
  "rate": {
    "limit": 10000,
    "used": 27,
    "remaining": 9973,
    "reset": 1729024173
  }
}

To see your rate limit for mangaging your repo environment and deleting deployments with tools such as this Github action, view the core object.


Note

The rate object is deprecated. If you're writing new API client code or updating existing code, you should use the core object instead of the rate object. The core object contains the same information that is present in the rate object.


You may also see your rate limit by accessing the Github REST API and calling the headers for your repo. Replace <YOUR-TOKEN> with your Github API token:

curl -I -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer <YOUR-TOKEN>" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/OWNER/REPO/environments/ENVIRONMENT_NAME

You will see:

x-github-api-version-selected: 2022-11-28
X-RateLimit-Limit: 10000
X-RateLimit-Remaining: 9967
X-RateLimit-Reset: 1729024173
X-RateLimit-Used: 33
X-RateLimit-Resource: core




Build & Release

To build a new copy of this workflow for development:


Install

npm install

New Github Release

To push a new release, first run eslint locally to check for issues

npm run lint

Then open the package.json and bump the version. Then push the updated package.json file to the repo:

{
    "name": "delete-deployment-environment",
    "version": "3.0.1",
}

Run the workflow release-publish.yml from https://github.com/Aetherinox/delete-deploy-env-action/actions.


Once you run the publish workflow, a second workflow will be ran: .github\workflows\release-publish-tag-latest.yml. This will create an additional new release with the tag latest so that you can use the workflow in your .yml file under the latest tag:


Call With Version Number

This example shows how to use the workflow using the version number:

jobs:
    cleanup:
        runs-on: ubuntu-latest
        permissions: write-all
  
        steps:
            - name: >-
                ⚙️ Deployments › Clean
              uses: Aetherinox/delete-deploy-env-action@v3.0.0
              with:
                  token: ${{ secrets.SELF_TOKEN_CL }}
                  environment: orion
                  onlyRemoveDeployments: true
                  delay: "1000"

Call With Latest Tag

This example shows how to use the workflow using the latest tag:

jobs:
    cleanup:
        runs-on: ubuntu-latest
        permissions: write-all
  
        steps:
            - name: >-
                ⚙️ Deployments › Clean
              uses: Aetherinox/delete-deploy-env-action@latest
              with:
                  token: ${{ secrets.SELF_TOKEN_CL }}
                  environment: orion
                  onlyRemoveDeployments: true
                  delay: "1000"



Contributors ✨

We are always looking for contributors. If you feel that you can provide something useful to Gistr, then we'd love to review your suggestion. Before submitting your contribution, please review the following resources:


Want to help but can't write code?


Alt


The following people have helped get this project going: