Copilot Maintenance #83
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Copilot Maintenance | |
| on: | |
| schedule: | |
| - cron: "0 2 * * *" # Daily at 2:00 AM UTC | |
| workflow_dispatch: | |
| inputs: | |
| delete_branches: | |
| description: 'Delete branches (if false, only preview)' | |
| required: false | |
| type: boolean | |
| default: false | |
| max_branches: | |
| description: 'Maximum number of branches to delete' | |
| required: false | |
| type: number | |
| default: 1 | |
| permissions: | |
| contents: write | |
| jobs: | |
| delete-old-copilot-branches: | |
| name: Delete Old Copilot Branches | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| # v4.2.2 | |
| with: | |
| fetch-depth: 0 # Fetch all history for all branches | |
| persist-credentials: true # Required for git push operations | |
| - name: Setup Scripts | |
| uses: ./actions/setup | |
| - name: Check admin permissions | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| env: | |
| GH_AW_REQUIRED_ROLES: "admin" | |
| with: | |
| script: | | |
| const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); | |
| setupGlobals(core, github, context, exec, io); | |
| const { checkRepositoryPermission } = require('${{ runner.temp }}/gh-aw/actions/check_permissions_utils.cjs'); | |
| const actor = context.actor; | |
| const { owner, repo } = context.repo; | |
| // Only check permissions for workflow_dispatch events (manual triggers) | |
| // Schedule events are trusted | |
| if (context.eventName === 'workflow_dispatch') { | |
| core.info(`Checking if user '${actor}' has admin permissions for branch deletion`); | |
| const result = await checkRepositoryPermission(actor, owner, repo, ['admin']); | |
| if (result.error) { | |
| core.setFailed(`Permission check failed: ${result.error}`); | |
| return; | |
| } | |
| if (!result.authorized) { | |
| core.setFailed(`Access denied: Only repository administrators can delete branches. User '${actor}' has '${result.permission}' permission but requires 'admin'.`); | |
| return; | |
| } | |
| core.info(`✅ User '${actor}' has admin access - authorized to delete branches`); | |
| } else { | |
| core.info(`✅ Scheduled event - permission check skipped`); | |
| } | |
| - name: Run copilot branch cleanup script | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| MAX_BRANCHES: ${{ github.event.inputs.max_branches || '1' }} | |
| run: | | |
| echo "Running copilot branch cleanup script..." | |
| ./scripts/delete-old-copilot-branches.sh | |
| - name: Execute deletion commands | |
| if: github.event.inputs.delete_branches == 'true' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| MAX_BRANCHES: ${{ github.event.inputs.max_branches || '1' }} | |
| run: | | |
| echo "Executing deletion commands..." | |
| ./scripts/delete-old-copilot-branches.sh | \ | |
| grep "git push origin --delete copilot/" | \ | |
| while read -r cmd; do | |
| echo "Executing: $cmd" | |
| eval "$cmd" || \ | |
| echo "Failed to delete branch (may already be deleted)" | |
| done | |
| echo "✓ Copilot branch cleanup completed" | |
| - name: Preview mode notice | |
| if: github.event.inputs.delete_branches != 'true' | |
| run: | | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| echo "⚠️ PREVIEW MODE - No branches were deleted" | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| echo "" | |
| echo "To delete branches, re-run this workflow with:" | |
| echo " delete_branches: true" | |
| echo "" | |
| echo "See the 'Run copilot branch cleanup script' step" | |
| echo "for the list of branches that would be deleted." | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" |