corso/.github/actions/purge-m365-data/action.yml

name: Purge M365 User Data

# Hard deletion of an m365 user's data.  Our CI processes create a lot
# of data churn (creation and immediate deletion) of files, the likes
# of which wouldn't otherwise be seen by users of the system.  Standard
# APIs don't have the tooling to gut out all the cruft which we accrue
# in microsoft's hidden nooks and secret crannies. A manual, SOAPy
# exorcism is the only way.
#
# The script focuses on the cleaning up the following:
# * All folders, descending from the exchange root, of a given prefix.
# * All folders in PersonMetadata
# * All already soft-deleted items
# * All folders under recoverable items

inputs:
  user:
    description: User whose data is to be purged.
  site:
    description: Sharepoint site where data is to be purged.
  libraries:
    description: List of library names within site where data is to be purged.
  folder-prefix:
    description: Name of the folder to be purged.  If falsy, will purge the set of static, well known folders instead.
  older-than:
    description: Minimum-age of folders to be deleted.
  azure-client-id:
    description: Secret value of for AZURE_CLIENT_ID
  azure-client-secret:
    description: Secret value of for AZURE_CLIENT_SECRET
  azure-tenant-id:
    description: Secret value of for AZURE_TENANT_ID
  m365-admin-user:
    description: Secret value of for M365_TENANT_ADMIN_USER
  m365-admin-password:
    description: Secret value of for M365_TENANT_ADMIN_PASSWORD

runs:
  using: composite
  steps:

    ################################################################################################################
    # Exchange
    #

    - name: Run the Exchange purge scripts for user
      if: ${{ inputs.user != '' }}
      shell: pwsh
      working-directory: ./src/cmd/purge/scripts
      env:
        AZURE_CLIENT_ID: ${{ inputs.azure-client-id }}
        AZURE_CLIENT_SECRET: ${{ inputs.azure-client-secret }}
        AZURE_TENANT_ID: ${{ inputs.azure-tenant-id }}
      run: |
        ./exchangePurge.ps1 -User ${{ inputs.user }} -FolderNamePurgeList PersonMetadata -FolderPrefixPurgeList "${{ inputs.folder-prefix }}".Split(",") -PurgeBeforeTimestamp ${{ inputs.older-than }}

    - name: Reset retention for all mailboxes to 0
      if: ${{ inputs.user == '' }}
      shell: pwsh
      working-directory: ./src/cmd/purge/scripts
      env:
        M365_TENANT_ADMIN_USER: ${{ inputs.m365-admin-user }}
        M365_TENANT_ADMIN_PASSWORD: ${{ inputs.m365-admin-password }}
      run: |
        ./exchangeRetention.ps1

    ################################################################################################################
    # OneDrive
    #
    
    - name: Run the OneDrive purge scripts for user
      if: ${{ inputs.user != '' }}
      shell: pwsh
      working-directory: ./src/cmd/purge/scripts
      env:
        M365_TENANT_ADMIN_USER: ${{ inputs.m365-admin-user }}
        M365_TENANT_ADMIN_PASSWORD: ${{ inputs.m365-admin-password }}
      run: |
        ./onedrivePurge.ps1 -User ${{ inputs.user }} -FolderPrefixPurgeList "${{ inputs.folder-prefix }}".Split(",") -PurgeBeforeTimestamp ${{ inputs.older-than }}

    ################################################################################################################
    # Sharepoint
    #

    - name: Run SharePoint purge script
      if: ${{ inputs.site != '' }}
      shell: pwsh
      working-directory: ./src/cmd/purge/scripts
      env:
        M365_TENANT_ADMIN_USER: ${{ inputs.m365-admin-user }}
        M365_TENANT_ADMIN_PASSWORD: ${{ inputs.m365-admin-password }}
      run: |
        ./onedrivePurge.ps1 -Site ${{ inputs.site }} -LibraryNameList "${{ inputs.libraries }}".split(",") -FolderPrefixPurgeList ${{ inputs.folder-prefix }} -PurgeBeforeTimestamp ${{ inputs.older-than }}

    ################################################################################################################
    # Notifications on failure
    #

    - name: SHA info
      id: sha-info
      shell: pwsh
      working-directory: ./src/cmd/purge/scripts
      if: failure()
      run: |
        echo ${GITHUB_REF#refs/heads/}-${GITHUB_SHA}
        echo SHA=${GITHUB_REF#refs/heads/}-${GITHUB_SHA} >> $GITHUB_OUTPUT
        echo RUN_URL=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}  >> $GITHUB_OUTPUT
      
    - name: Send Github Action failure to Slack
      id: slack-notification
      shell: pwsh
      working-directory: ./src/cmd/purge/scripts
      if: failure()
      uses: slackapi/slack-github-action@v1.23.0
      with:
        payload: |
          {
            "text": "GitHub Action build result: ${{ job.status }} on SHA: ${{  steps.sha-info.outputs.SHA }}",
            "blocks": [
              {
                "type": "section",
                "text": {
                  "type": "mrkdwn",
                  "text": "[FAILED] Purge M365 User Data :: <${{  steps.sha-info.outputs.RUN_URL }}|[Logs]> <${{ github.event.pull_request.html_url || github.event.head_commit.url }}|[Base]>"
                }
              }
            ]
          }
      env:
        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
        SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK