name: Purge M365 User Data # Hard deletion of an m365 user's data. Our CI processes create a lot # of data churn (creation and immediate deletion) of files, the likes # of which wouldn't otherwise be seen by users of the system. Standard # APIs don't have the tooling to gut out all the cruft which we accrue # in microsoft's hidden nooks and secret crannies. A manual, SOAPy # exorcism is the only way. # # The script focuses on the cleaning up the following: # * All folders, descending from the exchange root, of a given prefix. # * All folders in PersonMetadata # * All already soft-deleted items # * All folders under recoverable items inputs: user: description: User whose data is to be purged. site: description: Sharepoint site where data is to be purged. libraries: description: List of library names within the site where data is to be purged. library-prefix: description: List of library names within the site where the library will get deleted entirely. folder-prefix: description: Name of the folder to be purged. If falsy, will purge the set of static, well known folders instead. older-than: description: Minimum-age of folders to be deleted. azure-client-id: description: Secret value of for AZURE_CLIENT_ID azure-client-secret: description: Secret value of for AZURE_CLIENT_SECRET azure-tenant-id: description: Secret value of for AZURE_TENANT_ID m365-admin-user: description: Secret value of for M365_TENANT_ADMIN_USER m365-admin-password: description: Secret value of for M365_TENANT_ADMIN_PASSWORD runs: using: composite steps: ################################################################################################################ # Exchange # - name: Run the Exchange purge scripts for user if: ${{ inputs.user != '' }} shell: pwsh working-directory: ./src/cmd/purge/scripts env: AZURE_CLIENT_ID: ${{ inputs.azure-client-id }} AZURE_CLIENT_SECRET: ${{ inputs.azure-client-secret }} AZURE_TENANT_ID: ${{ inputs.azure-tenant-id }} run: | for ($ATTEMPT_NUM = 1; $ATTEMPT_NUM -le 3; $ATTEMPT_NUM++) { if (./exchangePurge.ps1 -User ${{ inputs.user }} -FolderNamePurgeList PersonMetadata -FolderPrefixPurgeList "${{ inputs.folder-prefix }}".Split(",") -PurgeBeforeTimestamp ${{ inputs.older-than }}) { break } } # TODO(ashmrtn): Re-enable when we figure out errors we're seeing with Get-Mailbox call. #- name: Reset retention for all mailboxes to 0 # if: ${{ inputs.user == '' }} # shell: pwsh # working-directory: ./src/cmd/purge/scripts # env: # M365_TENANT_ADMIN_USER: ${{ inputs.m365-admin-user }} # M365_TENANT_ADMIN_PASSWORD: ${{ inputs.m365-admin-password }} # run: ./exchangeRetention.ps1 ################################################################################################################ # OneDrive # - name: Run the OneDrive purge scripts for user if: ${{ inputs.user != '' }} shell: pwsh working-directory: ./src/cmd/purge/scripts env: M365_TENANT_ADMIN_USER: ${{ inputs.m365-admin-user }} M365_TENANT_ADMIN_PASSWORD: ${{ inputs.m365-admin-password }} run: | for ($ATTEMPT_NUM = 1; $ATTEMPT_NUM -le 3; $ATTEMPT_NUM++) { if (./onedrivePurge.ps1 -User ${{ inputs.user }} -FolderPrefixPurgeList "${{ inputs.folder-prefix }}".Split(",") -PurgeBeforeTimestamp ${{ inputs.older-than }}) { break } } ################################################################################################################ # Sharepoint # - name: Run SharePoint purge script if: ${{ inputs.site != '' }} shell: pwsh working-directory: ./src/cmd/purge/scripts env: M365_TENANT_ADMIN_USER: ${{ inputs.m365-admin-user }} M365_TENANT_ADMIN_PASSWORD: ${{ inputs.m365-admin-password }} run: | for ($ATTEMPT_NUM = 1; $ATTEMPT_NUM -le 3; $ATTEMPT_NUM++) { if (./onedrivePurge.ps1 -Site ${{ inputs.site }} -LibraryNameList "${{ inputs.libraries }}".split(",") -FolderPrefixPurgeList ${{ inputs.folder-prefix }} -LibraryPrefixDeleteList ${{ inputs.library-prefix && inputs.library-prefix || '[]' }} -PurgeBeforeTimestamp ${{ inputs.older-than }}) { break } }