Amend destroy_env_no_terraform.sh to purge container repos (#4230)

* Purge container repos individually on tre-destroy
microsoft · Jan 1, 2025 · a555afc · a555afc
1 parent f26ab35
commit a555afc
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -27,6 +27,7 @@ ENHANCEMENTS:
 * Enhance DPI of Linux display ([[#4200](https://github.com/microsoft/AzureTRE/issues/4200)])
 * Update Admin VM versions ([[#4217](https://github.com/microsoft/AzureTRE/issues/4217)])
 * Update devcontainer/RP/API package versions: base image, docker, az cli, YQ ([#4225](https://github.com/microsoft/AzureTRE/pull/4225))
+* Purge container repos individually in when using `make tre-destroy` ([#4230](https://github.com/microsoft/AzureTRE/pull/4230))
 * Upgrade Python version from 3.8 to 3.12 ([#3949](https://github.com/microsoft/AzureTRE/issues/3949))Upgrade Python version from 3.8 to 3.12 (#3949)
 * Disable storage account key usage ([[#4227](https://github.com/microsoft/AzureTRE/issues/4227)])
 * Update Guacamole dependencies ([[#4232](https://github.com/microsoft/AzureTRE/issues/4232)])

diff --git a/devops/scripts/destroy_env_no_terraform.sh b/devops/scripts/destroy_env_no_terraform.sh
@@ -153,11 +153,35 @@ if [ "${workspace}" != "0" ]; then
   | xargs -P 10 -I {} az rest --method delete --uri "{}?api-version=2020-08-01"
 fi
 
+# delete container repositories individually otherwise defender doesn't purge image scans
+function purge_container_repositories() {
+  local rg=$1
+
+  local acrs
+  acrs=$(az acr list --resource-group "$rg" --query [].name --output tsv)
+
+  local acr
+  for acr in $acrs; do
+    echo "Found container registry ${acr}, deleting repositories..."
+
+    local repositories
+    repositories=$(az acr repository list --name "$acr" --output tsv)
+
+    local repository
+    for repository in $repositories; do
+        echo "  Deleting: $repository"
+        az acr repository delete --name "$acr" --repository "$repository" --yes --output none
+    done
+  done
+}
+
 # this will find the mgmt, core resource groups as well as any workspace ones
 # we are reverse-sorting to first delete the workspace groups (might not be
 # good enough because we use no-wait sometimes)
 az group list --query "[?starts_with(name, '${core_tre_rg}')].[name]" -o tsv | sort -r |
 while read -r rg_item; do
+  purge_container_repositories "$rg_item"
+
   echo "Deleting resource group: ${rg_item}"
   az group delete --resource-group "${rg_item}" --yes ${no_wait_option}
 done