feat: DEV Registry delete workflows (#19)

* style: formats and phrases

* style(logs): skip notifying tag age

* perf: add delete_tag input support

* fix: remove unneeded restrictions

* fix: always run dc-registry-delete on dev

* test: clone cicd-deployment-scripts@dc-registry-delete

* perf: use gh runner

* fix: use DEV_CONTAINER_REGISTRY instead of CONTAINER_REGISTRY

* style(logs): verbose error logging

* fix: add shell=bash to dc-registry-delete run step

* fix: repo_tags iteration syntax

* perf: add validate_image_tag function

* fix: syntax error

* fix: fetching manifest created dttm

* test: debug manifest

* test: debug manifest

* fix: argument passing to validate_image_tag

* perf: function failure exit

* fix: quote if test clause vars

* style(logs): improve error messages

* perf: silent curl DELETE

* fix: digest calculation

* perf: app_name input

* perf: checkout cicd repo instead of cloning it

* perf: fetch-depth on registry delete

* fix: cicd repo checkout path

* perf: align dc_registry_delete to dev ref

Author: andhreljaKern

.github/workflows/dc_registry_delete.yml

@@ -0,0 +1,53 @@
+name: 'DC: Delete Registry Images'
+
+on:
+  workflow_call:
+    inputs:
+      delete_since_days:
+        required: false
+        type: string
+        description: "Delete images older than the specified number of days and exit gracefully"
+        default: ''
+      delete_tag:
+        required: false
+        type: string
+        description: "Delete images with the specified tag and exit gracefully"
+        default: ''
+      app_name:
+        required: false
+        type: string
+        description: "Application name - provided by the caller unless called from an application repository"
+        default: ''
+
+env:
+  GH_TOKEN: ${{ secrets.GH_TOKEN }}
+
+jobs:
+  dc-registry-delete:
+    name: 'Docker Compose: Delete Registry Images'
+    runs-on: ubuntu-latest
+    environment: dev
+    env:
+      ENVIRONMENT_NAME: dev
+      REGISTRY_HTTPS_USERNAME: "${{ secrets.REGISTRY_HTTPS_USERNAME }}"
+      DEV_CONTAINER_REGISTRY: ${{ vars.DEV_CONTAINER_REGISTRY }}
+      DEV_LOGIN_USERNAME: ${{ secrets.DEV_LOGIN_USERNAME }}
+      DEV_LOGIN_PASSWORD: ${{ secrets.DEV_LOGIN_PASSWORD }}
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        repository: 'code-kern-ai/cicd-deployment-scripts'
+
+    - name: Perform Registry Image Deletion
+      shell: bash
+      run: |
+        bash ./dc/registry_delete.sh \
+          -e ${{ env.ENVIRONMENT_NAME }} \
+          -g ${{ github.repository_owner }} \
+          -r ${{ env.DEV_CONTAINER_REGISTRY }} \
+          -a ${{ inputs.app_name || github.event.repository.name }} \
+          -t "${{ inputs.delete_tag }}" \
+          -u "${{ env.DEV_LOGIN_USERNAME }}:${{ env.DEV_LOGIN_PASSWORD }}" \
+          -d "${{ inputs.delete_since_days }}"

.github/workflows/pi_merge_parent_image.yml

@@ -97,7 +97,7 @@ jobs:
             platform=linux/arm64
             label=dockerfile-path=https://github.com/refinery-${{ env.PARENT_IMAGE_TYPE }}-parent-image/blob/${{ github.sha }}/Dockerfile
 
-      - name: Build & Push ${{ env.PARENT_IMAGE_NAME }}:sha-${{ env.PARENT_IMAGE_TYPE }}
+      - name: Build & Push ${{ env.PARENT_IMAGE_NAME }}:${{ github.sha }}-${{ env.PARENT_IMAGE_TYPE }}
         uses: docker/build-push-action@v5
         with:
           context: .
@@ -111,7 +111,7 @@ jobs:
             platform=linux/amd64
             label=dockerfile-path=https://github.com/refinery-${{ env.PARENT_IMAGE_TYPE }}-parent-image/blob/${{ github.sha }}/Dockerfile
 
-      - name: Build & Push ${{ env.PARENT_IMAGE_NAME }}:sha-${{ env.PARENT_IMAGE_TYPE }}-arm64
+      - name: Build & Push ${{ env.PARENT_IMAGE_NAME }}:${{ github.sha }}-${{ env.PARENT_IMAGE_TYPE }}-arm64
         uses: docker/build-push-action@v5
         with:
           context: .

.github/workflows/pi_merge_submodule.yml

@@ -86,9 +86,9 @@ jobs:
     needs: [pi-matrix, pi-update-submodule]
     if: ${{ !failure() }}
     runs-on: ubuntu-latest
-    strategy:
-      matrix: 
-        parent_image_type: ${{ fromJson(needs.pi-matrix.outputs.parent_image_type) }}
+    # strategy:
+    #   matrix: 
+    #     parent_image_type: ${{ fromJson(needs.pi-matrix.outputs.parent_image_type) }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4

dc/registry_delete.sh

@@ -0,0 +1,90 @@
+# !/bin/bash
+
+trap "exit 1" TERM
+export TOP_PID=$$
+
+set -e
+
+ENVIRONMENT_NAME="dev"
+GITHUB_OWNER="code-kern-ai"
+REGISTRY_URL="registry.dev.kern.ai"
+APP_NAME="hosted-inference-api"
+DELETE_TAG=""
+HTTPS_USERNAME=""
+DELETE_SINCE_DAYS=""
+
+while getopts e:g:r:a:t:u:d: flag
+do
+    case "${flag}" in
+        e) ENVIRONMENT_NAME=${OPTARG};;
+        g) GITHUB_OWNER=${OPTARG};;
+        r) REGISTRY_URL=${OPTARG};;
+        a) APP_NAME=${OPTARG};;
+        t) DELETE_TAG=${OPTARG};;
+        u) HTTPS_USERNAME=${OPTARG};;
+        d) DELETE_SINCE_DAYS=${OPTARG};;
+    esac
+done
+
+
+function validate_image_tag() {
+    manifest=$1
+    image=$2
+    errors=$(echo $manifest | jq -r '.errors')
+    if [ "$errors" != "null" ]; then
+        echo "::error::$image => $(echo $errors | jq -r '.[0].code')"
+        echo $manifest | jq -rc '.errors'
+        kill -s TERM $TOP_PID
+    fi
+}
+
+# Delete images older than DELETE_SINCE_DAYS and exit 0
+if [ -n "$DELETE_SINCE_DAYS" ]; then
+    echo "::notice::Deleting images older than $DELETE_SINCE_DAYS days"
+    repo_tags=$(curl -s -u $HTTPS_USERNAME https://$REGISTRY_URL/v2/$GITHUB_OWNER/$APP_NAME/tags/list | jq -r '.tags[]')
+    while IFS= read -r tag; do
+        manifest=$(curl -s -u $HTTPS_USERNAME \
+            -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+            https://$REGISTRY_URL/v2/$GITHUB_OWNER/$APP_NAME/manifests/$tag)
+        
+        validate_image_tag "$manifest" "$REGISTRY_URL/$GITHUB_OWNER/$APP_NAME:$tag"
+
+        created=$(curl -s -u $HTTPS_USERNAME \
+            https://$REGISTRY_URL/v2/$GITHUB_OWNER/$APP_NAME/manifests/$tag \
+            | jq -r '.history[0].v1Compatibility' | jq -r '.created')
+        created_date=$(date -d $created +%s)
+        current_date=$(date +%s)
+        days_since=$(( (current_date - created_date) / (60*60*24) ))
+        
+        if [ $days_since -gt $DELETE_SINCE_DAYS ]; then
+            digest=$(curl -s -u $HTTPS_USERNAME \
+                -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+                https://$REGISTRY_URL/v2/$GITHUB_OWNER/$APP_NAME/manifests/$tag \
+                | sha256sum | cut -d ' ' -f 1)
+            curl -X DELETE -u $HTTPS_USERNAME -s https://$REGISTRY_URL/v2/$GITHUB_OWNER/$APP_NAME/manifests/sha256:$digest
+            echo "::warning::deleted $APP_NAME:$tag, $days_since days old"
+        else
+            echo "$APP_NAME:$tag is $days_since days old"
+        fi
+    done <<< "$repo_tags"
+    exit 0
+fi
+
+# Delete a specific image and exit 0
+if [ -n $DELETE_TAG ]; then
+    manifest=$(curl -s -u $HTTPS_USERNAME \
+        -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+        https://$REGISTRY_URL/v2/$GITHUB_OWNER/$APP_NAME/manifests/$DELETE_TAG)
+    
+    validate_image_tag "$manifest" "$REGISTRY_URL/$GITHUB_OWNER/$APP_NAME:$DELETE_TAG"
+
+    digest=$(curl -s -u $HTTPS_USERNAME \
+        -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+        https://$REGISTRY_URL/v2/$GITHUB_OWNER/$APP_NAME/manifests/$DELETE_TAG \
+        | sha256sum | cut -d ' ' -f 1)
+    curl -X DELETE -u $HTTPS_USERNAME -s \
+        https://$REGISTRY_URL/v2/$GITHUB_OWNER/$APP_NAME/manifests/sha256:$digest
+    
+    echo "::warning::deleted $REGISTRY_URL/$GITHUB_OWNER/$APP_NAME:$DELETE_TAG"
+    exit 0
+fi