Clean up resources created by the start job in the last 60 mins #20231

	name: Clean up resources created by the start job in the last 60 mins
	on:
	schedule:
	- cron: "/15 * * *"
	workflow_dispatch:
	permissions:
	contents: write
	id-token: write
	jobs:
	cleanup:
	runs-on: ubuntu-latest
	# runs-on: self-hosted
	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	container:
	image: ghcr.io/sparecores/sc-inspector:main
	env:
	GITHUB_TOKEN: ${{ secrets.INSPECTOR_TOKEN }}
	PULUMI_BACKEND_URL: ${{ secrets.PULUMI_BACKEND_URL }}
	GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
	GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }}
	ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
	ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
	ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
	ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
	SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
	HCLOUD_TOKEN: ${{ secrets.HCLOUD_TOKEN }}
	UPCLOUD_USERNAME: ${{ secrets.UPCLOUD_USERNAME }}
	UPCLOUD_PASSWORD: ${{ secrets.UPCLOUD_PASSWORD }}
	REPO_PATH: /repo/sc-inspector-data
	volumes:
	- ${{ github.workspace }}/sc-inspector-data:/repo/sc-inspector-data
	steps:
	- name: checkout
	uses: actions/checkout@v4
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	fetch-depth: 0
	path: sc-inspector-data
	- name: configure aws credentials
	uses: aws-actions/[email protected]
	with:
	role-to-assume: ${{ secrets.SC_RUNNER_ROLE_ARN }}
	role-session-name: GitHub_to_AWS_via_FederatedOIDC
	# 4 hours to avoid expiring tokens
	role-duration-seconds: 14400
	aws-region: us-east-1
	- name: inspector
	run: python /inspector/inspector.py cleanup --lookback-mins 60

Provide feedback