feat(ci): cleanup published dev container images (#743)

* feat(ci): cleanup published dev container images * run workflow to clean up container images built for specific Pull Request * schedule cleanup job for cleaning up old untagged and/or PR related container images pusblished to GHCR and older than 1 months * fix(ci): use dev image names * fix(ci): use 1s cut-off for PR cleanup * feat(ci): add workflow dispatch to event triggers * fix(ci): use env for storing image names
openclarity · Oct 6, 2023 · 1d62447 · 1d62447
1 parent 4b8b7dc
commit 1d62447
Showing 1 changed file with 85 additions and 0 deletions.
diff --git a/.github/workflows/image-cleanup.yml b/.github/workflows/image-cleanup.yml
@@ -0,0 +1,85 @@
+name: Container image cleanup
+
+on:
+# FIXME(chrisgacsal): re-enable PR and scheduled trigger after successful testing
+#  pull_request:
+#    types:
+#      - closed
+#  schedule:
+#    # At 06:00 on every day-of-week from Monday through Friday.
+#    # https://crontab.guru/#0_6_*_*_1-5
+#    - cron: '0 6 * * 1-5'
+  workflow_dispatch:
+    inputs:
+      cut-off:
+        required: false
+        type: string
+        description: |
+          The timezone-aware datetime you want to delete container versions that are older than.
+          The parsed datetime must contain a timezone.
+
+          The `dateparser` is ued to parse the cut-off specified. See: [dateparser](https://dateparser.readthedocs.io/en/latest/)
+        default: '14 days ago UTC'
+      dry-run:
+        required: false
+        type: boolean
+        description: Prints output showing images which would be deleted but does not actually delete any images.
+        default: true
+
+env:
+  images: vmclarity-apiserver-dev,vmclarity-cli-dev,vmclarity-ui-backend-dev,vmclarity-ui-dev
+
+permissions:
+  packages: write
+
+jobs:
+  pull-request:
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    name: Cleanup container images for Pull Request
+    steps:
+      - name: Remove images for PR#${{ github.event.pull_request.number }}
+        uses: snok/container-retention-policy@v2
+        with:
+          image-names: ${{ env.images }}
+          cut-off: 1 second ago UTC
+          timestamp-to-use: created_at
+          account-type: org
+          org-name: openclarity
+          token: ${{ secrets.GITHUB_TOKEN }}
+          filter-tags: ${{ format( 'pr{0}-*', github.event.pull_request.number) }}
+          dry-run: true
+
+  schedule:
+    if: github.event_name == 'schedule'
+    runs-on: ubuntu-latest
+    name: Cleanup stale container images
+    steps:
+      - name: Remove stale images
+        uses: snok/container-retention-policy@v2
+        with:
+          image-names: ${{ env.images }}
+          cut-off: 14 days ago UTC
+          timestamp-to-use: created_at
+          account-type: org
+          org-name: openclarity
+          token: ${{ secrets.GITHUB_TOKEN }}
+          filter-include-untagged: true
+          dry-run: true
+
+  dispatch:
+    if: github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    name: Cleanup stale container images
+    steps:
+      - name: Remove stale images
+        uses: snok/container-retention-policy@v2
+        with:
+          image-names: ${{ env.images }}
+          cut-off: ${{ inputs.cut-off }}
+          timestamp-to-use: created_at
+          account-type: org
+          org-name: openclarity
+          token: ${{ secrets.GITHUB_TOKEN }}
+          filter-include-untagged: true
+          dry-run: ${{ inputs.dry-run }}