name: Cleanup dangling Azure resources
on:
  schedule:
    - cron: "0 0 * * *"
  workflow_dispatch:

permissions: {}

jobs:
  cleanup-resources:
    runs-on: ubuntu-22.04
    permissions:
      id-token: write # Used for OIDC access to log into Azure
    environment: ci
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

      - name: Log into Azure
        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
        with:
          client-id: ${{ secrets.AZ_APPID }}
          tenant-id: ${{ secrets.AZ_TENANT_ID }}
          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }}

      - name: Install Python dependencies
        run: |
          pip3 install --user --upgrade \
            azure-identity==1.16.0 \
            azure-mgmt-resource==23.0.1

      - name: Cleanup resources
        env:
          AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
          CLEANUP_AFTER_HOURS: 24 # Clean up resources created more than this many hours ago.
        run: python3 tests/cleanup_resources.py