Skip to content

Cleanup

Cleanup #103

Workflow file for this run

name: Cleanup
on:
schedule:
- cron: "0 0 * * *" # Daily at midnight
permissions:
contents: read
defaults:
run:
shell: bash
jobs:
images:
runs-on: mirror-node-linux-medium
strategy:
matrix:
module:
[
graphql,
grpc,
importer,
monitor,
rest,
rest-java,
rest-monitor,
rosetta,
test,
web3,
]
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6
with:
credentials_json: "${{ secrets.GCR_KEY }}"
- name: Setup gcloud
uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7 # v2.1.1
- name: Configure Docker
run: gcloud auth configure-docker gcr.io,marketplace.gcr.io
- name: Delete old untagged images
run: |
set -ex
DELETE_BEFORE_MS="$(date -d "-7 days" '+%s')000"
IMAGE_REPO=mirrornode/hedera-mirror-${{ matrix.module }}
IMAGE_PATH="gcr.io/$IMAGE_REPO"
BASE_REGISTRY_API_URL="https://gcr.io/v2/$IMAGE_REPO"
IMAGES_JSON_FILE="/tmp/images.json"
curl "$BASE_REGISTRY_API_URL/tags/list" | \
# select manifests older than DELETE_BEFORE_MS, then select manifests with tag matching "main-.+"
jq --arg delete_before_ms "$DELETE_BEFORE_MS" '.manifest | to_entries |
map(select(.value.timeUploadedMs < $delete_before_ms)) |
map(select(.value.tag | map(test("main-.+")) | any))' | \
tee "$IMAGES_JSON_FILE"
ALL_DIGESTS=($(cat "$IMAGES_JSON_FILE" | jq -r '[.[].key] | join(" ")'))
CHILD_DIGESTS=()
MULTI_PLATFORM_DIGESTS=($(cat "$IMAGES_JSON_FILE" | \
jq -r 'map(select(.value.mediaType == "application/vnd.docker.distribution.manifest.list.v2+json")) |
[.[].key] | join(" ")'))
for digest in ${MULTI_PLATFORM_DIGESTS[*]}; do
# add child image digests to ALL_DIGESTS
CHILD_DIGESTS+=($(curl "$BASE_REGISTRY_API_URL/manifests/$digest" | \
jq -r '[.manifests[].digest] | join(" ")'))
done
# dedup the child digests since some may be shared by list type images
CHILD_DIGESTS=($(printf '%s\n' "${CHILD_DIGESTS[@]}" | sort -u))
ALL_DIGESTS+=(${CHILD_DIGESTS[@]})
for digest in ${ALL_DIGESTS[@]}; do
gcloud container images delete --force-delete-tags -q "${IMAGE_PATH}@${digest}"
done