-
Notifications
You must be signed in to change notification settings - Fork 107
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
46 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,4 @@ | ||
| # TODO: rename this action name and filename to Delete infra resources | ||
| name: Delete GCP resources | ||
|
|
||
| on: | ||
|
|
@@ -17,6 +18,9 @@ env: | |
| # But keep the latest $KEEP_LATEST_IMAGE_COUNT images of each type. | ||
| # We keep this small to reduce storage costs. | ||
| KEEP_LATEST_IMAGE_COUNT: 2 | ||
| # Delete all artifacts in registry created before $DELETE_IMAGE_HOURS hours ago. | ||
| # We keep this long enough for PRs that are still on the same commit can re-run with the same image. | ||
| DELETE_IMAGE_HOURS: 504h # 21 days | ||
|
|
||
| jobs: | ||
| delete-resources: | ||
|
|
@@ -168,3 +172,45 @@ jobs: | |
| gcloud compute images delete "${IMAGE}" || continue | ||
| done | ||
| # We're using a generic approach here, which allows multiple registries to be included, | ||
| # even those not related to GCP. Enough reason to create a separate job. | ||
| clean-registries: | ||
| name: Delete unused artifacts in registry | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: 'read' | ||
| id-token: 'write' | ||
| steps: | ||
| - uses: actions/[email protected] | ||
| with: | ||
| persist-credentials: false | ||
|
|
||
| # Setup gcloud CLI | ||
| - name: Authenticate to Google Cloud | ||
| id: auth | ||
| uses: google-github-actions/[email protected] | ||
| with: | ||
| retries: '3' | ||
| workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' | ||
| service_account: '[email protected]' | ||
| token_format: 'access_token' | ||
|
|
||
| - name: Login to Google Artifact Registry | ||
| uses: docker/[email protected] | ||
| with: | ||
| registry: us-docker.pkg.dev | ||
| username: oauth2accesstoken | ||
| password: ${{ steps.auth.outputs.access_token }} | ||
|
|
||
| # Deletes all images older than $DELETE_IMAGE_HOURS days. | ||
| - uses: 'docker://us-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli' | ||
| continue-on-error: true # TODO: remove after fixig https://github.com/ZcashFoundation/zebra/issues/5933 | ||
| # Refer to the official documentation to understand available arguments: | ||
| # https://github.com/GoogleCloudPlatform/gcr-cleaner | ||
| with: | ||
| args: >- | ||
| -repo=us-docker.pkg.dev/zealous-zebra/zebra/zebrad-test | ||
| -repo=us-docker.pkg.dev/zealous-zebra/zebra/lightwalletd | ||
| -grace=${{ env.DELETE_IMAGE_HOURS }} | ||
| -keep=${{ env.KEEP_LATEST_IMAGE_COUNT }} | ||