docker/.github/workflows/cleanup.yaml at b177f3f1438049b3a9b92cb7f81f8a3563a9226f · chatmail/docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# Clean up old Docker images from GHCR.
#
# Triggers:
#   1. Weekly schedule -- prune untagged manifests, keep 20 most recent
#   2. Branch delete -- remove images tagged with that branch name
#   3. Manual -- workflow_dispatch for ad-hoc cleanup
#
# Requires: packages:write permission (for delete-package-versions)

name: Clean up GHCR images

on:
  schedule:
    - cron: '23 3 * * 1'  # Monday 03:23 UTC
  delete:  # branch/tag deletion
  workflow_dispatch:

env:
  PACKAGE_NAME: docker

jobs:
  prune-untagged:
    name: Prune untagged images
    runs-on: ubuntu-latest
    if: github.event_name != 'delete'
    permissions:
      packages: write
    steps:
      - name: Delete untagged versions
        uses: actions/delete-package-versions@e5bc658cc4c965c472efe991f8beea3981499c55 # v5
        with:
          package-name: ${{ env.PACKAGE_NAME }}
          package-type: container
          delete-only-untagged-versions: true
          min-versions-to-keep: 20

  prune-old-sha:
    name: Prune old SHA tags
    runs-on: ubuntu-latest
    if: github.event_name != 'delete'
    permissions:
      packages: write
    steps:
      - name: Delete old SHA-tagged versions
        uses: actions/delete-package-versions@e5bc658cc4c965c472efe991f8beea3981499c55 # v5
        with:
          package-name: ${{ env.PACKAGE_NAME }}
          package-type: container
          min-versions-to-keep: 30
          ignore-versions: '^(main|latest|\d+\.\d+)$'

  cleanup-branch:
    name: Clean up branch images
    runs-on: ubuntu-latest
    if: github.event_name == 'delete'
    permissions:
      packages: write
    steps:
      - name: Compute branch tag
        id: tag
        env:
          EVENT_REF: ${{ github.event.ref }}
        run: |
          # refs/heads/j4n/foo -> j4n-foo
          TAG=$(echo "$EVENT_REF" | sed 's|/|-|g')
          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"

      - name: Delete branch-tagged versions
        uses: actions/delete-package-versions@e5bc658cc4c965c472efe991f8beea3981499c55 # v5
        with:
          package-name: ${{ env.PACKAGE_NAME }}
          package-type: container
          ignore-versions: '^(?!${{ steps.tag.outputs.tag }}$).*$'
          num-old-versions-to-delete: 100