Cleanup #84
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Cleanup | |
on: | |
schedule: | |
- cron: "0 0 * * *" # Daily at midnight | |
permissions: | |
contents: read | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
images: | |
runs-on: mirror-node-linux-medium | |
strategy: | |
matrix: | |
module: | |
[ | |
graphql, | |
grpc, | |
importer, | |
monitor, | |
rest, | |
rest-java, | |
rest-monitor, | |
rosetta, | |
test, | |
web3, | |
] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
with: | |
egress-policy: audit | |
- name: Authenticate to Google Cloud | |
uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6 | |
with: | |
credentials_json: "${{ secrets.GCR_KEY }}" | |
- name: Setup gcloud | |
uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7 # v2.1.1 | |
- name: Configure Docker | |
run: gcloud auth configure-docker gcr.io,marketplace.gcr.io | |
- name: Delete old untagged images | |
run: | | |
set -ex | |
DELETE_BEFORE_MS="$(date -d "-7 days" '+%s')000" | |
IMAGE_REPO=mirrornode/hedera-mirror-${{ matrix.module }} | |
IMAGE_PATH="gcr.io/$IMAGE_REPO" | |
BASE_REGISTRY_API_URL="https://gcr.io/v2/$IMAGE_REPO" | |
IMAGES_JSON_FILE="/tmp/images.json" | |
curl "$BASE_REGISTRY_API_URL/tags/list" | \ | |
# select manifests older than DELETE_BEFORE_MS, then select manifests with tag matching "main-.+" | |
jq --arg delete_before_ms "$DELETE_BEFORE_MS" '.manifest | to_entries | | |
map(select(.value.timeUploadedMs < $delete_before_ms)) | | |
map(select(.value.tag | map(test("main-.+")) | any))' | \ | |
tee "$IMAGES_JSON_FILE" | |
ALL_DIGESTS=($(cat "$IMAGES_JSON_FILE" | jq -r '[.[].key] | join(" ")')) | |
CHILD_DIGESTS=() | |
MULTI_PLATFORM_DIGESTS=($(cat "$IMAGES_JSON_FILE" | \ | |
jq -r 'map(select(.value.mediaType == "application/vnd.docker.distribution.manifest.list.v2+json")) | | |
[.[].key] | join(" ")')) | |
for digest in ${MULTI_PLATFORM_DIGESTS[*]}; do | |
# add child image digests to ALL_DIGESTS | |
CHILD_DIGESTS+=($(curl "$BASE_REGISTRY_API_URL/manifests/$digest" | \ | |
jq -r '[.manifests[].digest] | join(" ")')) | |
done | |
# dedup the child digests since some may be shared by list type images | |
CHILD_DIGESTS=($(printf '%s\n' "${CHILD_DIGESTS[@]}" | sort -u)) | |
ALL_DIGESTS+=(${CHILD_DIGESTS[@]}) | |
for digest in ${ALL_DIGESTS[@]}; do | |
gcloud container images delete --force-delete-tags -q "${IMAGE_PATH}@${digest}" | |
done |