Run bastion check #991

# to view logs

Workflow file for this run

.github/workflows/bastion_check.yml at 0b88525

	on:
	workflow_dispatch:
	schedule:
	- cron: '15 8 * * *'

	name: Run bastion check
	permissions:
	id-token: write
	jobs:
	check:
	strategy:
	matrix:
	environment: ["intg", "staging", "prod"]
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	with:
	submodules: recursive
	token: ${{ secrets.WORKFLOW_PAT }}
	- id: set-environment-names
	run: \|
	import os
	env = "${{ matrix.environment }}"
	with open(os.environ['GITHUB_OUTPUT'], 'a') as fh:
	print(f"title-environment={env.title()}", file=fh)
	print(f"account-number-secret={env.upper()}_ACCOUNT_NUMBER", file=fh)
	shell: python
	- id: configure-aws-credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	role-to-assume: arn:aws:iam::${{ secrets[steps.set-environment-names.outputs.account-number-secret] }}:role/TDRGithubActionsDescribeEC2Role${{ steps.set-environment-names.outputs.title-environment }}
	aws-region: eu-west-2
	role-session-name: CheckBastionAge
	- id: get-age
	run: \|
	pip install boto3
	python ./.github/scripts/check_ec2_instance_age.py ${{ secrets[steps.set-environment-names.outputs.account-number-secret] }} ${{ matrix.environment }} bastion-ec2-instance-${{ matrix.environment }} 1
	- if: ${{ steps.get-age.outputs.bastion-age == 'True' }}
	run: ./.github/scripts/run-and-approve-bastion-destroy.sh ${{ matrix.environment }}
	env:
	GITHUB_TOKEN: ${{ secrets.WORKFLOW_PAT }}
	- uses: nationalarchives/tdr-github-actions/.github/actions/slack-send@main
	if: ${{ steps.get-age.outputs.bastion-age == 'True' }}
	with:
	message: "Bastion delete script The bastion for ${{ matrix.environment }} has been deleted"
	slack-url: ${{ secrets.SLACK_WEBHOOK }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Run bastion check #991

Workflow file

Run bastion check #991

Jobs

Run details

Workflow file for this run