name: Cleanup dangling Azure resources
on:
  schedule:
    - cron: "0 0 * * *"
  workflow_dispatch:

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

permissions: {}

jobs:
  cleanup-resources:
    name: cleanup-resources
    runs-on: ubuntu-22.04
    permissions:
      id-token: write # Used for OIDC access to log into Azure
    environment:
      name: ci
      deployment: false
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: Log into Azure
        uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0
        with:
          client-id: ${{ secrets.AZ_APPID }}
          tenant-id: ${{ secrets.AZ_TENANT_ID }}
          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }}

      - name: Install Python dependencies
        run: |
          pip3 install --user --upgrade \
            azure-identity==1.16.0 \
            azure-mgmt-resource==23.0.1

      - name: Cleanup resources
        env:
          AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
          CLEANUP_AFTER_HOURS: 24 # Clean up resources created more than this many hours ago.
        run: python3 tests/cleanup_resources.py