Cleanup old images in Test, Staging & Prod ACRs #274
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Cleanup old images in Test, Staging & Prod ACRs | |
on: | |
schedule: | |
- cron: "0 0 * * *" # Runs daily at midnight UTC | |
jobs: | |
Cleanup_old_ACR_images: | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Check out changes" | |
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | |
- name: Connect to VPN & Login into Azure | |
uses: ./.github/actions/vpn-azure | |
with: | |
tls-key: ${{ secrets.TLS_KEY }} | |
ca-cert: ${{ secrets.CA_CRT}} | |
user-crt: ${{ secrets.USER_CRT }} | |
user-key: ${{ secrets.USER_KEY }} | |
sp-creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }} | |
- name: List test repository images | |
id: list-test-images | |
run: | | |
az acr login --name pdhtestcontainerregistry | |
az acr repository show-tags --name pdhtestcontainerregistry --repository pdhtest --orderby time_asc --output table | head -n -2 > test-images.txt | |
sed -i '1,2d' test-images.txt | |
- name: Delete old images in TEST env | |
env: | |
IMAGE_FILE: test-images.txt | |
run: | | |
if [ -e "$IMAGE_FILE" ]; then | |
while IFS= read -r image_id; do | |
az acr repository delete --name pdhtestcontainerregistry --image pdhtest:$image_id --yes | |
if [ $? -eq 0 ]; then | |
echo "Deleted image: pdhtestcontainerregistry:$image_id" | |
else | |
echo "Failed to delete image: pdhtestcontainerregistry:$image_id" | |
fi | |
done < "$IMAGE_FILE" | |
else | |
echo "File not found: $IMAGE_FILE" | |
fi | |
- name: List staging repository images | |
id: list-stg-images | |
run: | | |
az acr login --name pdhstagingcontainerregistry | |
az acr repository show-tags --name pdhstagingcontainerregistry --repository pdhstaging --orderby time_asc --output table | head -n -2 > stg-images.txt | |
sed -i '1,2d' stg-images.txt | |
- name: Delete old images in Staging env | |
env: | |
STG_FILE: stg-images.txt | |
run: | | |
if [ -e "$STG_FILE" ]; then | |
while IFS= read -r image_id; do | |
az acr repository delete --name pdhstagingcontainerregistry --image pdhstaging:$image_id --yes | |
if [ $? -eq 0 ]; then | |
echo "Deleted image: pdhstagingcontainerregistry:$image_id" | |
else | |
echo "Failed to delete image: pdhstagingcontainerregistry:$image_id" | |
fi | |
done < "$STG_FILE" | |
else | |
echo "File not found: $STG_FILE" | |
fi | |
- name: List prod repository images | |
id: list-prod-images | |
run: | | |
az acr login --name pdhprodcontainerregistry | |
az acr repository show-tags --name pdhprodcontainerregistry --repository pdhprod --orderby time_asc --output table | head -n -16 > prod-images.txt | |
sed -i '1,2d' prod-images.txt | |
- name: Delete old images in prod env | |
env: | |
PROD_FILE: prod-images.txt | |
run: | | |
if [ -e "$PROD_FILE" ]; then | |
while IFS= read -r image_id; do | |
az acr repository delete --name pdhprodcontainerregistry --image pdhprod:$image_id --yes | |
if [ $? -eq 0 ]; then | |
echo "Deleted image: pdhprodcontainerregistry:$image_id" | |
else | |
echo "Failed to delete image: pdhprodcontainerregistry:$image_id" | |
fi | |
done < "$PROD_FILE" | |
else | |
echo "File not found: $PROD_FILE" | |
fi | |
# Pushing a modified image using an existing tag untags the previously pushed image, | |
# resulting in an orphaned (or "dangling") image. | |
# The previously pushed image's manifest--and its layer data--remains in the registry. | |
# They still need to be removed | |
- name: List image manifests in Test env | |
id: list-test-untaged-images | |
run: | | |
az acr login --name pdhtestcontainerregistry | |
az acr repository show-manifests --name pdhtestcontainerregistry --repository pdhtest --orderby time_asc --output tsv --query "[*].{Digest:digest}" | head -n -4 > test-untaged-images.txt | |
- name: Delete image manifest in test env | |
env: | |
TEST_UNTAGED_FILE: test-untaged-images.txt | |
run: | | |
if [ -e "$TEST_UNTAGED_FILE" ]; then | |
while IFS= read -r manifest_id; do | |
az acr repository delete --name pdhtestcontainerregistry --image pdhtest@$manifest_id --yes | |
if [ $? -eq 0 ]; then | |
echo "Deleted image: pdhtest:$manifest_id" | |
else | |
echo "Failed to delete image: pdhtest:$manifest_id" | |
fi | |
done < "$TEST_UNTAGED_FILE" | |
else | |
echo "File not found: $TEST_UNTAGED_FILE" | |
fi | |
- name: List image manifests in Staging env | |
id: list-stg-untaged-images | |
run: | | |
az acr login --name pdhstagingcontainerregistry | |
az acr repository show-manifests --name pdhstagingcontainerregistry --repository pdhstaging --orderby time_asc --output tsv --query "[*].{Digest:digest}" | head -n -4 > stg-untaged-images.txt | |
- name: Delete image manifest in Staging env | |
env: | |
STG_UNTAGED_FILE: stg-untaged-images.txt | |
run: | | |
if [ -e "$STG_UNTAGED_FILE" ]; then | |
while IFS= read -r manifest_id; do | |
az acr repository delete --name pdhstagingcontainerregistry --image pdhstaging@$manifest_id --yes | |
if [ $? -eq 0 ]; then | |
echo "Deleted image: pdhstagingcontainerregistry:$manifest_id" | |
else | |
echo "Failed to delete image: pdhstagingcontainerregistry:$manifest_id" | |
fi | |
done < "$STG_UNTAGED_FILE" | |
else | |
echo "File not found: $STG_UNTAGED_FILE" | |
fi | |
- name: List image manifests in Prod env | |
id: list-prod-untaged-images | |
run: | | |
az acr login --name pdhprodcontainerregistry | |
az acr repository show-manifests --name pdhprodcontainerregistry --repository pdhprod --orderby time_asc --output tsv --query "[*].{Digest:digest}" | head -n -16 > prod-untaged-images.txt | |
- name: Delete image manifest in Prod env | |
env: | |
PROD_UNTAGED_FILE: prod-untaged-images.txt | |
run: | | |
if [ -e "$PROD_UNTAGED_FILE" ]; then | |
while IFS= read -r manifest_id; do | |
az acr repository delete --name pdhprodcontainerregistry --image pdhprod@$manifest_id --yes | |
if [ $? -eq 0 ]; then | |
echo "Deleted image: pdhprodcontainerregistry:$manifest_id" | |
else | |
echo "Failed to delete image: pdhprodcontainerregistry:$manifest_id" | |
fi | |
done < "$PROD_UNTAGED_FILE" | |
else | |
echo "File not found: $PROD_UNTAGED_FILE" | |
fi | |