Introduce demo cleanup action

.github/workflows/demo-preview-cleanup.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require "json"
+
+puts "Querying for open pull requests..."
+open_pr_ids = JSON.parse(`gh pr list --repo primer/view_components --state open --json number`)
+open_pr_ids.map! { |data| data["number"] }
+puts "Found #{open_pr_ids.size} open pull requests"
+
+puts "Querying for existing preview environments..."
+preview_envs = JSON.parse(`az container list -g primer`)
+preview_env_ids =
+  preview_envs
+    .select { |data| data["name"].start_with?("primer-view-components-preview-") }
+    .map { |data| data["name"].split("-").last.to_i }
+puts "Found #{preview_env_ids.size} existing preview environments"
+
+preview_env_ids_to_delete = preview_env_ids - open_pr_ids
+puts "Identified #{preview_env_ids_to_delete.size} preview environments to delete:"
+puts preview_env_ids_to_delete.map { |pr_id| "- primer-view-components-preview-#{pr_id}" }.join("\n")
+
+preview_env_ids_to_delete.each_with_index do |pr_id, index|
+  puts "Deleting preview environment #{index + 1}/#{preview_env_ids_to_delete.size}"
+  system "az container delete -n 'primer-view-components-preview-#{pr_id}' -g primer -y &> /dev/null"
+end
+
+puts "Deleted #{preview_env_ids_to_delete.size} preview environments"

.github/workflows/demo-preview-cleanup.yml

@@ -0,0 +1,50 @@
+name: Demo Preview Cleanup
+
+on:
+  # schedule:
+  #   - cron: '0 12 * * *'  # every day at noon
+  push:
+    branches:
+      - demo_preview_cleanup
+
+permissions:
+  id-token: write      # This is required for requesting the OIDC JWT for authing with Azure
+  contents: read       # This is required for actions/checkout
+  pull-requests: read  # Required to list PRs
+
+# This allows one deploy workflow to interrupt another
+concurrency:
+  group: 'preview-env-cleanup @ ${{ github.head_ref || github.run_id }} for ${{ github.event.inputs.PR_NUMBER }}'
+  cancel-in-progress: true
+
+jobs:
+  cleanup:
+    name: Cleanup
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    environment:
+      name: preview
+
+    steps:
+      - uses: Azure/login@v2
+        with:
+          # excluding a client secret here will cause a login via OpenID Connect (OIDC),
+          # which prevents us from having to rotate client credentials, etc
+          client-id: "5ad1a188-b944-40eb-a2f8-cc683a6a65a0"
+          tenant-id: "398a6654-997b-47e9-b12b-9515b896b4de"
+          subscription-id: "550eb99d-d0c7-4651-a337-f53fa6520c4f"
+
+      # Do this before repo checkout to prevent running bundle install
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.3'
+
+      - name: Check out repo
+        uses: actions/checkout@v4
+
+      # Delete web app (which will also delete the App Service plan)
+      # This will succeed even if the app doesn't exist / has already been deleted
+      - name: 'Delete App Service Apps for closed PRs'
+        run: ruby ./.github/workflows/demo-preview-cleanup.rb
+        env:
+          GITHUB_TOKEN: ${{ github.token }}