forked from coreos/coreos-assembler
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
cmd/prune-contaiers: add a GC script for containers images
This script calls skopeo delete to prune image from a remote directory. Currently only supports the FCOS tag structure. This consumes the same policy.yaml defined in coreos#3798 See coreos/fedora-coreos-tracker#1367 See coreos/fedora-coreos-pipeline#995
- Loading branch information
1 parent
3823521
commit c127d6c
Showing
2 changed files
with
170 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,169 @@ | ||
#!/usr/bin/python3 -u | ||
|
||
# Prune containers from a remote registry | ||
# according to the images age | ||
|
||
import argparse | ||
import datetime | ||
import json | ||
import re as regexp | ||
import os | ||
import subprocess | ||
from dateutil.relativedelta import relativedelta | ||
import requests | ||
import yaml | ||
|
||
# Dict of known streams | ||
STREAMS = {"next": 1, "testing": 2, "stable": 3, | ||
"next-devel": 10, "testing-devel": 20, | ||
"rawhide": 91, "branched": 92} | ||
|
||
|
||
def parse_args(): | ||
parser = argparse.ArgumentParser(prog="coreos-assembler prune-containers") | ||
parser.add_argument("--policy", required=True, type=str, help="Path to policy YAML file") | ||
parser.add_argument("--dry-run", help="Don't actually delete anything", action='store_true') | ||
parser.add_argument("-v", help="Increase verbosity", action='store_true') | ||
parser.add_argument("--registry-auth-file", default=os.environ.get("REGISTRY_AUTHFILE"), help="Path to AWS config file") | ||
parser.add_argument("--stream", type=str, help="CoreOS stream", required=True, choices=STREAMS.keys()) | ||
parser.add_argument("repository_url", help="container images URL") | ||
return parser.parse_args() | ||
|
||
|
||
def convert_to_days(duration_arg): | ||
|
||
days = 0 | ||
match = regexp.match(r'^([0-9]+)([dDmMyYwW])$', duration_arg) | ||
|
||
if match is None: | ||
raise ValueError(f"Incorrect duration '{duration_arg}'. Valid values are in the form of 1d, 2w, 3m, 4y") | ||
|
||
unit = match.group(2) | ||
value = int(match.group(1)) | ||
match unit: | ||
case "y" | "Y": | ||
days = value * 365 | ||
case "m" | "M": | ||
days = value * 30 | ||
case "w" | "W": | ||
days = value * 7 | ||
case "d" | "D": | ||
days = value | ||
case _: | ||
raise ValueError(f"Invalid unit '{match.group(2)}'. Please use y (years), m (months), w (weeks), or d (days).") | ||
|
||
return days | ||
|
||
|
||
def skopeo_delete(repo, image, auth): | ||
|
||
skopeo_args = ["skopeo", "delete", f"docker://{repo}:{image}"] | ||
if auth is not None: | ||
skopeo_args.append(f"--authfile {auth}") | ||
|
||
subprocess.run(skopeo_args) | ||
|
||
|
||
# FIXME : move to cosa_lib | ||
# https://github.com/coreos/coreos-assembler/pull/3798/files#r1673481990 | ||
|
||
def parse_fcos_version(version): | ||
m = regexp.match(r'^([0-9]{2})\.([0-9]{8})\.([0-9]+)\.([0-9]+)$', version) | ||
if m is None: | ||
raise Exception(f"Incorrect versioning for FCOS build {version}") | ||
try: | ||
timestamp = datetime.datetime.strptime(m.group(2), '%Y%m%d') | ||
except ValueError: | ||
raise Exception(f"FCOS build {version} has incorrect date format. It should be in (%Y%m%d)") | ||
return (timestamp, int(m.group(3))) | ||
|
||
|
||
def get_update_graph(stream): | ||
|
||
url = f"https://raw.githubusercontent.com/coreos/fedora-coreos-streams/main/updates/{stream}.json" | ||
r = requests.get(url) | ||
if r.status_code != 200: | ||
raise Exception(f"Could not download update graph for {stream}. HTTP {r.status_code}") | ||
return r.json() | ||
|
||
|
||
class BarrierRelease(Exception): | ||
pass | ||
|
||
|
||
def main(): | ||
|
||
args = parse_args() | ||
|
||
# Load the policy file | ||
with open(args.policy, "r") as f: | ||
policy = yaml.safe_load(f) | ||
if args.stream not in policy: | ||
raise Exception(f"Stream {args.stream} is not defined in policy file.") | ||
if 'containers' not in policy[args.stream]: | ||
raise Exception(f"No containers section for {args.stream} stream in policy.") | ||
policy = policy[args.stream]["containers"] | ||
|
||
print(f"Pulling tags from {args.repository_url}") | ||
# This is a JSON object: | ||
# {"Repository": "quay.io/jbtrystramtestimages/fcos", | ||
# "Tags": [ | ||
# "40.20"40.20240301.1.0",.....]} | ||
tags_cmd = subprocess.run(["skopeo", "list-tags", | ||
f"docker://{args.repository_url}"], | ||
capture_output=True) | ||
tags_data = tags_cmd.stdout | ||
if tags_cmd.returncode != 0: | ||
raise Exception(f"Error retrieving tags list from repo: {tags_cmd.stdout}") | ||
|
||
tags_json = json.loads(tags_data) | ||
tags = tags_json['Tags'] | ||
# Compute the date before we should prune images | ||
# today - prune-policy | ||
today = datetime.datetime.now() | ||
date_limit = today - relativedelta(days=convert_to_days(policy)) | ||
if args.v: | ||
print(f"This will delete any images older than {date_limit} from the stream {args.stream}") | ||
|
||
stream_id = STREAMS[args.stream] | ||
# Get the update graph for stable streams | ||
if stream_id in [1, 2, 3]: | ||
update_graph = get_update_graph(args.stream)['releases'] | ||
|
||
for tag in tags: | ||
# ignore the named moving tags ("stable", "next" etc..) | ||
if tag in STREAMS.keys(): | ||
if args.v: | ||
print(f"skipping tag {tag}.") | ||
continue | ||
|
||
# Process the build id and stream number | ||
# TODO reuse this from https://github.com/coreos/coreos-assembler/pull/3798/files#r1673481990 | ||
(build_date, tag_stream) = parse_fcos_version(tag) | ||
|
||
if stream_id != tag_stream: | ||
if args.v: | ||
print(f"Skipping tag {tag} not in {args.stream} stream") | ||
continue | ||
|
||
# Make sure this is not a barrier release (for stable streams) | ||
if stream_id in [1, 2, 3]: | ||
try: | ||
for release in update_graph: | ||
if release["version"] == tag and "barrier" in release["metadata"]: | ||
print(f"Release {tag} is a karrier release, keeping.") | ||
raise BarrierRelease | ||
except BarrierRelease: | ||
continue | ||
|
||
if build_date < date_limit: | ||
if args.dry_run: | ||
print(f"Dry-run: would prune image {args.repository_url}:{tag}") | ||
continue | ||
else: | ||
print(f"Production tag {tag} is older than {date_limit.strftime("%Y%m%d")}, pruning.") | ||
skopeo_delete(args.repository_url, tag, args.registry_auth_file) | ||
|
||
|
||
if __name__ == "__main__": | ||
main() |