9. Delete old Pre-Releases and tags #53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "9. Delete old Pre-Releases and tags" | |
on: | |
schedule: | |
# Run at 00:00 twice a month. | |
# https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07 | |
- cron: '0 0 6,20 * *' | |
# Allow manual triggering | |
workflow_dispatch: | |
inputs: | |
dry_run: | |
description: 'Always do a dry-run first' | |
required: true | |
type: boolean | |
default: true | |
older_than: | |
description: 'Delete pre-releases published older than this many days ago' | |
required: true | |
type: string | |
default: 45 | |
keep_latest: | |
description: 'Number of latest pre-releases to keep' | |
required: true | |
type: string | |
default: 10 | |
tag_pattern: | |
description: 'Pre-releases matching this git tag regex pattern' | |
required: true | |
type: string | |
default: ^v | |
jobs: | |
gate-check: | |
# Adding an `if:` that evaluates to false for this gate-check job prevents other dependent jobs from running. | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkUserMember | |
# Only check for manual runs, not scheduled runs | |
if: github.event_name == 'workflow_dispatch' | |
uses: tspascoal/[email protected] | |
with: | |
username: ${{ github.actor }} | |
team: 'vro-restricted' | |
GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN_READ_TEAM }} | |
- name: "Check permission" | |
id: check-permission | |
# Only check for manual runs, not scheduled runs | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
echo "${{ github.actor }} isTeamMember: ${{ steps.checkUserMember.outputs.isTeamMember }}" | |
echo "Member of teams: ${{ steps.checkUserMember.outputs.teams }}" | |
if [ "${{ steps.checkUserMember.outputs.isTeamMember }}" = 'false' ]; then | |
echo "Only VRO-RESTRICTED team members can run this action!" | tee -a "$GITHUB_STEP_SUMMARY" | |
exit 3 | |
fi | |
delete_releases: | |
needs: gate-check | |
# Deletions in public repo will be automatically propagated to internal repo when mirror.yml runs, at which point: | |
# - Git release tags (associated with GitHub pre-releases) will be deleted in the internal repo | |
# - Tag deletions will result in GitHub releases disappearing in internal repo: https://github.com/department-of-veterans-affairs/abd-vro-internal/releases | |
# but the number of releases (shown on the front page) is incorrect (i.e., there are orphaned GH releases) | |
# Submitted bug report to GitHub: https://support.github.com/ticket/personal/0/2247467 | |
if: github.repository == 'department-of-veterans-affairs/abd-vro' | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Delete old releases in GHCR" | |
uses: yoomlam/[email protected] | |
with: | |
dry_run: ${{ inputs.dry_run || false }} | |
delete_tags: true | |
pre_release_only: true | |
keep_latest: ${{ inputs.keep_latest || 10 }} | |
older_than: ${{ inputs.older_than || 45 }} | |
delete_tag_pattern: ${{ inputs.tag_pattern || '^v' }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |