Delete old container images #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Delete old container images | |
| on: workflow_dispatch | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| jobs: | |
| build-containers: | |
| name: Build a few images | |
| runs-on: ubuntu-latest | |
| env: | |
| IMAGE: ghcr.io/sredevopsorg/ghcr-retention-policy-test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.ref }} | |
| persist-credentials: false | |
| - uses: docker/setup-buildx-action@v1 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@master | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| # Each build should be different because of the $RANDOM addition | |
| - name: Build latest | |
| run: | | |
| randomString=$(LC_ALL=C tr -dc A-Za-z </dev/urandom | head -c 10) | |
| echo "FROM scratch as $randomString" > Dockerfile.test | |
| cat Dockerfile.test | |
| docker buildx build . -f Dockerfile.test -t "${{ env.IMAGE }}:latest" --cache-to=type=inline --cache-from="ghcr.io/sredevopsorg/ghcr-retention-policy-test:latest" --push | |
| - name: Build latest | |
| run: | | |
| randomString=$(LC_ALL=C tr -dc A-Za-z </dev/urandom | head -c 11) | |
| echo "FROM scratch as $randomString" > Dockerfile.test | |
| cat Dockerfile.test | |
| docker buildx build . -f Dockerfile.test -t "${{ env.IMAGE }}:latest" --cache-to=type=inline --cache-from="ghcr.io/sredevopsorg/ghcr-retention-policy-test:latest" --push | |
| - name: Build latest | |
| run: | | |
| randomString=$(LC_ALL=C tr -dc A-Za-z </dev/urandom | head -c 12) | |
| echo "FROM scratch as $randomString" > Dockerfile.test | |
| cat Dockerfile.test | |
| docker buildx build . -f Dockerfile.test -t "${{ env.IMAGE }}:latest" --cache-to=type=inline --cache-from="ghcr.io/sredevopsorg/ghcr-retention-policy-test:latest" --push | |
| - name: Build latest | |
| run: | | |
| randomString=$(LC_ALL=C tr -dc A-Za-z </dev/urandom | head -c 13) | |
| echo "FROM scratch as $randomString" > Dockerfile.test | |
| cat Dockerfile.test | |
| docker buildx build . -f Dockerfile.test -t "${{ env.IMAGE }}:latest" --cache-to=type=inline --cache-from="ghcr.io/sredevopsorg/ghcr-retention-policy-test:latest" --push | |
| clean-ghcr: | |
| needs: build-containers | |
| name: Then delete them | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Cache image versions to skip | |
| uses: actions/cache@v3 | |
| id: cache | |
| with: | |
| path: skip-image-versions.txt | |
| # key will always *not* match for a new commit, but | |
| # restore-key will match if there's a previously stored | |
| # file; so cache will *both be loaded and stored*. | |
| key: image-versions-to-skip-${{ github.sha }} | |
| restore-keys: image-versions-to-skip | |
| - name: Create file if it doesn't exist | |
| run: touch skip-image-versions.txt | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| - name: Set image-versions output | |
| id: image-version | |
| run: | | |
| images="$(cat skip-image-versions.txt)" | |
| echo $images | |
| echo "image-versions=$images" >> $GITHUB_OUTPUT | |
| - name: Delete images more than 2 seconds old | |
| uses: sredevopsorg/container-retention-policy@main | |
| id: delete-images | |
| continue-on-error: true | |
| with: | |
| image-names: ghcr-retention-policy-test | |
| cut-off: 2 seconds ago UTC+0 | |
| account-type: org | |
| token: ${{ github.token }} | |
| skip-tags: ${{ steps.image-version.outputs.image-versions }} | |
| - name: Write skipped tags to cache | |
| run: | | |
| echo "${{ steps.delete-images.outputs.failed }}" > skip-image-versions.txt |