Skip to content

Cleanup

Cleanup #1089

Workflow file for this run

name: Cleanup
on:
schedule:
- cron: "0 0 * * *" # Daily at midnight
permissions:
contents: read
jobs:
images:
runs-on: ubuntu-latest
strategy:
matrix:
module:
[
graphql,
grpc,
importer,
monitor,
rest,
rest-java,
rest-monitor,
rosetta,
test,
web3,
]
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
with:
credentials_json: "${{ secrets.GCR_KEY }}"
- name: Setup gcloud
uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0
- name: Configure Docker
run: gcloud auth configure-docker gcr.io,marketplace.gcr.io
- name: Delete old untagged images
run: |
set -ex
DELETE_BEFORE_MS="$(date -d "-7 days" '+%s')000"
IMAGE_REPO=mirrornode/hedera-mirror-${{ matrix.module }}
IMAGE_PATH="gcr.io/$IMAGE_REPO"
BASE_REGISTRY_API_URL="https://gcr.io/v2/$IMAGE_REPO"
IMAGES_JSON_FILE="/tmp/images.json"
curl "$BASE_REGISTRY_API_URL/tags/list" | \
# select manifests older than DELETE_BEFORE_MS, then select manifests with tag matching "main-.+"
jq --arg delete_before_ms "$DELETE_BEFORE_MS" '.manifest | to_entries |
map(select(.value.timeUploadedMs < $delete_before_ms)) |
map(select(.value.tag | map(test("main-.+")) | any))' | \
tee "$IMAGES_JSON_FILE"
ALL_DIGESTS=($(cat "$IMAGES_JSON_FILE" | jq -r '[.[].key] | join(" ")'))
CHILD_DIGESTS=()
MULTI_PLATFORM_DIGESTS=($(cat "$IMAGES_JSON_FILE" | \
jq -r 'map(select(.value.mediaType == "application/vnd.docker.distribution.manifest.list.v2+json")) |
[.[].key] | join(" ")'))
for digest in ${MULTI_PLATFORM_DIGESTS[*]}; do
# add child image digests to ALL_DIGESTS
CHILD_DIGESTS+=($(curl "$BASE_REGISTRY_API_URL/manifests/$digest" | \
jq -r '[.manifests[].digest] | join(" ")'))
done
# dedup the child digests since some may be shared by list type images
CHILD_DIGESTS=($(printf '%s\n' "${CHILD_DIGESTS[@]}" | sort -u))
ALL_DIGESTS+=(${CHILD_DIGESTS[@]})
for digest in ${ALL_DIGESTS[@]}; do
gcloud container images delete --force-delete-tags -q "${IMAGE_PATH}@${digest}"
done