feat: implement cleanup script

reusable cleanup script so we can manage private container storage usage otherwise private container images may use all 50GB/months of our storage plan
GeoNet · Oct 16, 2023 · 166264c · 166264c
1 parent 838b3b3
commit 166264c
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 7 deletions.
diff --git a/.github/workflows/reusable-clean-containers.yml b/.github/workflows/reusable-clean-containers.yml
@@ -0,0 +1,49 @@
+name: Reusable container image cleanup
+on:
+  workflow_call:
+      inputs:
+        package-name:
+          type: string
+          required: true
+          description: |
+           name of package/container to remove
+           starts with repository name e.g. base-images/centos
+        ignored-regex:
+          type: string
+          required: true
+          description: |
+            regex which is applied against image tags to ignore/keep those versions
+        number-kept:
+          type: number
+          required: true
+          default: 3
+          description: |
+            number of untagged versions to keep in package history
+jobs:
+  clean:
+    runs-on: ubuntu-latest
+    steps:
+      - if: ${{ startsWith(github.repository, 'GeoNet/') == false }}
+        name: require GeoNet org
+        run: |
+          exit 1
+      - uses: actions/delete-package-versions@0d39a63126868f5eefaa47169615edd3c0f61e20 #v4.1.1
+        with:
+        # Can be a single package version id, or a comma separated list of package version ids.
+        # Defaults to an empty string.
+          ignore-versions: ${{ inputs.ignored-regex }}
+          # Owner of the package.
+          # Defaults to the owner of the repo executing the workflow.
+          # Required if deleting a version from a package hosted in a different org than the one executing the workflow.
+          owner: geonet
+          # Name of the package.
+          # Required
+          package-name: ${{ inputs.package-name }}
+          # Type of the package. Can be one of container, maven, npm, nuget, or rubygems.
+          # Required
+          package-type: container
+          # The number of latest versions to keep.
+          # This cannot be specified with `num-old-versions-to-delete`. By default, `min-versions-to-keep` takes precedence over `num-old-versions-to-delete`.
+          # When set to 0, all deletable versions will be deleted.
+          # When set greater than 0, all deletable package versions except the specified number will be deleted.
+          min-versions-to-keep: ${{ inputs.number-kept }}
diff --git a/README.md b/README.md
@@ -24,6 +24,7 @@
     - [GitHub Actions action validator](#github-actions-action-validator)
     - [Markdown lint](#markdown-lint)
     - [Copy to S3](#copy-to-s3)
+    - [Clean container versions](#clean-container-versions)
   - [Other documentation](#other-documentation)
     - [Dependabot and Actions workflow imports](#dependabot-and-actions-workflow-imports)
     - [Versioning for container images](#versioning-for-container-images)
@@ -682,9 +683,9 @@ jobs:
 each repo where this action is applied must contain a `.conform.yaml` in the root of the repo.
 Conform configuration examples:
 
-- https://github.com/siderolabs/talos/blob/main/.conform.yaml
-- https://github.com/siderolabs/conform/blob/main/.conform.yaml
-- https://github.com/BobyMCbobs/sample-ko-monorepo/blob/main/.conform.yaml
+- <https://github.com/siderolabs/talos/blob/main/.conform.yaml>
+- <https://github.com/siderolabs/conform/blob/main/.conform.yaml>
+- <https://github.com/BobyMCbobs/sample-ko-monorepo/blob/main/.conform.yaml>
 
 here's an in-line example
 
@@ -730,10 +731,10 @@ notes:
   - _feat_
   - _fix_
 
-links: 
+links:
 
-- https://github.com/siderolabs/conform
-- https://www.conventionalcommits.org/en/v1.0.0/
+- <https://github.com/siderolabs/conform>
+- <https://www.conventionalcommits.org/en/v1.0.0/>
 
 ### Go container apps
 
@@ -1061,6 +1062,28 @@ GitHub Actions artifacts are used to bring state between jobs, this is not possi
 
 for configuration see [`on.workflow_call.inputs` in .github/workflows/reusable-copy-to-s3.yml](.github/workflows/reusable-copy-to-s3.yml).
 
+### Clean container versions
+
+STATUS: stable
+
+```yaml
+name: clean-images
+permissions:
+  packages: write
+on:
+  schedule:
+    - cron:  '30 11,23 * * *'
+  workflow_dispatch: {}
+jobs:
+  clean:
+    runs-on: ubuntu-latest
+    uses: GeoNet/Actions/.github/workflows/reusable-clean-containers.yml@main
+    with:
+      package-name: base-images/fedora
+      ignored-regex: '(stable)|(38)'
+      number-kept: 7
+```
+
 ## Other documentation
 
 ### Dependabot and Actions workflow imports
@@ -1083,4 +1106,3 @@ crane digest IMAGE_REF
 ```
 
 or in the logs of the workflow run.
-