feat(acr): acr purge workflow (#1278)

## Introduction ✏️
ACR periodic artefacts purge

## Resolution ✔️
* Introduced GitHub workflow and two new composite modules for:
  * ACR Purge
  * MS Teams notifications

## Miscellaneous ➕
* Dependencies updates
* PR template update

---------

Co-authored-by: Abhi Markan <amarkan>

Author: abhi-markan

.cspell.json

@@ -71,7 +71,9 @@
     "venv",
     "VNET",
     "WOGAN",
-    "Zabd"
+    "Zabd",
+    "crapimdev",
+    "crapimstaging"
   ],
   "dictionaries": ["en-gb", "companies", "softwareTerms", "misc", "lorem-ipsum", "typescript", "node", "bash", "npm"],
   "languageSettings": [

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,9 +1,15 @@
+# Pull Request
+
 ## Introduction :pencil2:
+
 Include a summary of the changes and related feature(s) or issue(s).
 
 ## Resolution :heavy_check_mark:
+
 List all changes made to the codebase.
 
 ## Miscellaneous :heavy_plus_sign:
+
 List any additional fixes or improvements.
 
+## Screenshot :camera_flash:

.github/actions/acr/action.yml

@@ -0,0 +1,49 @@
+# This GitHub Action is designed to execute Azure CLI for artefacts purge
+
+name: 'Azure container registry artefacts purge'
+description: 'This custom GitHub Actions module will execute AZ CLI for artefacts purge'
+
+# Define the inputs required for this action.
+inputs:
+  credentials:
+    description: 'Azure subscription and resource group service principal'
+    required: true
+  subscription:
+    description: 'Azure subscription ID'
+    required: true
+  group:
+    description: 'Azure resource group'
+    required: true
+  acr:
+    description: 'Azure container registry name, without domain prefix.'
+    required: true
+  days:
+    description: 'A Go-style duration string to indicate a duration beyond which images are deleted.'
+    required: false
+    default: '30'
+  keep:
+    description: 'Specifies that the latest x number of to-be-deleted tags are retained. The latest tags are determined by the last modified time of the tag.'
+    required: false
+    default: '3'
+
+# Define the steps to run this action.
+runs:
+  using: 'composite'
+  steps:
+    # Step 1: Check out the repository.
+    - name: Repository 🗃️
+      uses: actions/checkout@v4
+
+    # Step 2: Log in to Azure.
+    - name: Azure 🔐
+      uses: azure/login@v2
+      with:
+        creds: ${{ inputs.credentials }}
+
+    # Step 3: Purge artefacts
+    # https://learn.microsoft.com/en-us/azure/container-registry/container-registry-auto-purge
+    - name: Artefacts 🗃️
+      working-directory: .
+      run: |
+        az acr run --registry ${{ inputs.acr }} --resource-group ${{ inputs.group }} --subscription ${{ inputs.subscription }} --cmd "acr purge --filter 'mdm:.*' --ago ${{ inputs.days }}d --keep ${{ inputs.keep }}" /dev/null
+      shell: bash

.github/actions/notify/action.yml

@@ -0,0 +1,29 @@
+# This GitHub Action is designed to dispatch a custom content MS Teams notification
+
+name: 'Notify'
+description: 'This custom GitHub Actions module dispatches MS Teams notification card'
+
+# Define the inputs required for this action.
+inputs:
+  webhook:
+    description: 'MS Teams channel webhook'
+    required: true
+  content:
+    description: 'Notification card content'
+    required: true
+
+# Define the steps to run this action.
+runs:
+  using: 'composite'
+  steps:
+    # Step 1: Check out the repository.
+    - name: Repository 🗃️
+      uses: actions/checkout@v4
+
+    # Step 2: Dispatch notification
+    - name: Notification 🔔
+      shell: bash
+      run: |
+        curl --location '${{ inputs.webhook }}' \
+        --header 'Content-Type: application/json' \
+        --data-raw '${{ inputs.content }}'

.github/workflows/purge.yml

@@ -0,0 +1,114 @@
+name: Purge
+run-name: 🧹Azure purge
+
+on:
+  schedule:
+    - cron: '0 23 * * *'
+
+env:
+  APPLICATION: ${{ vars.APPLICATION }}
+  TIMEZONE: ${{ vars.TIMEZONE }}
+
+jobs:
+  # 1. Base actions configrations
+  setup:
+    name: Setup 🔧
+    runs-on: [self-hosted, linux, deployment]
+    outputs:
+      application: ${{ env.APPLICATION }}
+      environment: ${{ steps.environment.outputs.environment }}
+      timezone: ${{ env.TIMEZONE }}
+
+    steps:
+      - name: Environment 🧪
+        id: environment
+        run: |
+          echo "environment=infrastructure" >> "$GITHUB_OUTPUT"
+
+      - name: Timezone 🌐
+        run: echo "Timezone set to ${{ env.TIMEZONE }}"
+
+  # 2. Azure purge
+  purge:
+    name: Purge 🗑️
+    needs: [setup]
+    environment: ${{ needs.setup.outputs.environment }}
+    runs-on: [self-hosted, APIM, deployment]
+    env:
+      ENVIRONMENT: ${{ needs.setup.outputs.environment }}
+
+    strategy:
+      # Do not cancel in-progress jobs upon failure
+      fail-fast: false
+      # Single dimension matrix
+      matrix:
+        acr: ['crapimdev001', 'crapimstaging001']
+
+    concurrency:
+      group: acr-purge-${{ github.workflow }}-${{ github.workflow_ref }}-${{ matrix.acr }}
+      cancel-in-progress: true
+
+    steps:
+      - name: Repository 🗂️
+        uses: actions/checkout@v4
+
+      - name: Subscription 🛠️
+        run: |
+          if [[ "${{ matrix.acr }}" == *"dev"* ]]; then
+            echo "SUBSCRIPTION=${{ secrets.DEV_SUBSCRIPTION }}" >> $GITHUB_ENV
+          elif [[ "${{ matrix.acr }}" == *"staging"* ]]; then
+            echo "SUBSCRIPTION=${{ secrets.STAGING_SUBSCRIPTION }}" >> $GITHUB_ENV
+          fi
+
+      - name: Resource group 🛠️
+        run: |
+          if [[ "${{ matrix.acr }}" == *"dev"* ]]; then
+            echo "RESOURCE_GROUP=${{ secrets.DEV_RESOURCE_GROUP }}" >> $GITHUB_ENV
+          elif [[ "${{ matrix.acr }}" == *"staging"* ]]; then
+            echo "RESOURCE_GROUP=${{ secrets.STAGING_RESOURCE_GROUP }}" >> $GITHUB_ENV
+          fi
+
+      - name: Execute ⚡
+        uses: ./.github/actions/acr
+        with:
+          credentials: ${{ secrets.AZURE_CREDENTIALS_ACR_PURGE }}
+          subscription: ${{ env.SUBSCRIPTION }}
+          group: ${{ env.RESOURCE_GROUP }}
+          acr: ${{ matrix.acr }}
+          days: ${{ vars.ACR_PURGE_NONPROD_DAYS }}
+
+      - name: Notification  🔔
+        uses: ./.github/actions/notify
+        with:
+          webhook: ${{ secrets.MSTEAMS_WEBHOOK }}
+          content: '{
+                      "@type": "MessageCard",
+                      "@context": "http://schema.org/extensions",
+                      "themeColor": "00703c",
+                      "title": "🗑️ ${{ matrix.acr }} purge",
+                      "summary": "Purged artefacts from ''${{ matrix.acr }}'' Azure container registry",
+                      "sections": [
+                        {
+                          "activityTitle": "ACR Purge",
+                          "activitySubtitle": "Purged artefacts from **${{ matrix.acr }}** Azure container registry",
+                          "facts": [
+                            { "name": "ACR", "value": "${{ matrix.acr }}" },
+                            { "name": "Resource group", "value": "${{ env.RESOURCE_GROUP }}" },
+                            { "name": "Commit", "value": "${{ github.sha }}" }
+                          ],
+                          "markdown": true
+                        }
+                      ],
+                      "potentialAction": [
+                        {
+                          "@type": "OpenUri",
+                          "name": "Workflow",
+                          "targets": [
+                            {
+                              "os": "default",
+                              "uri": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+                            }
+                          ]
+                        }
+                      ]
+                    }'