Cleanup registries #1024
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# THIS FILE IS GENERATED, PLEASE DO NOT EDIT. | |
# | |
# Copyright 2022 Flant JSC | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
name: Cleanup registries | |
on: | |
schedule: | |
- cron: '12 0 * * *' | |
workflow_dispatch: | |
env: | |
WERF_DRY_RUN: "false" | |
# <template: werf_envs> | |
WERF_CHANNEL: "ea" | |
WERF_ENV: "FE" | |
TEST_TIMEOUT: "15m" | |
# Use fixed string 'sys/deckhouse-oss' for repo name. ${CI_PROJECT_PATH} is not available here in GitHub. | |
DEV_REGISTRY_PATH: "${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/sys/deckhouse-oss" | |
# Registry for additional repositories used for testing Github Actions workflows. | |
GHA_TEST_REGISTRY_PATH: "ghcr.io/${{ github.repository }}" | |
# Need for ssh: default. | |
DOCKER_BUILDKIT: "1" | |
WERF_LOG_TERMINAL_WIDTH: "200" | |
# </template: werf_envs> | |
# Always run a single job at a time. | |
# Note: Concurrency is currently in beta and subject to change. | |
# https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#concurrency | |
concurrency: | |
group: schedule-cleanup | |
jobs: | |
# Note: git_info is needed for werf.yaml | |
# <template: git_info_job> | |
git_info: | |
name: Get git info | |
runs-on: ubuntu-latest | |
outputs: | |
ci_commit_tag: ${{ steps.git_info.outputs.ci_commit_tag }} | |
ci_commit_branch: ${{ steps.git_info.outputs.ci_commit_branch }} | |
ci_commit_ref_name: ${{ steps.git_info.outputs.ci_commit_ref_name }} | |
ci_commit_ref_slug: ${{ steps.git_info.outputs.ci_commit_ref_slug }} | |
ref_full: ${{ steps.git_info.outputs.ref_full }} | |
github_sha: ${{ steps.git_info.outputs.github_sha }} | |
pr_number: ${{ steps.git_info.outputs.pr_number }} | |
# Skip the CI for automation PRs, e.g. changelog | |
if: ${{ github.event.pull_request.user.login != 'deckhouse-BOaTswain' }} | |
steps: | |
- id: git_info | |
name: Get tag name and SHA | |
uses: actions/github-script@v6.4.1 | |
with: | |
script: | | |
const { GITHUB_REF_TYPE, GITHUB_REF_NAME, GITHUB_REF } = process.env | |
let refSlug = '' | |
let refName = '' | |
let refFull = '' | |
let githubBranch = '' | |
let githubTag = '' | |
let githubSHA = '' | |
let prNumber = '' | |
if (context.eventName === "workflow_dispatch" && context.payload.inputs && context.payload.inputs.pull_request_ref) { | |
// Trigger: workflow_dispatch with pull_request_ref. | |
// Extract pull request number from 'refs/pull/<NUM>/merge' | |
prNumber = context.payload.inputs.pull_request_ref.replace('refs/pull/', '').replace('/merge', '').replace('/head', '') | |
refSlug = `pr${prNumber}` | |
refName = context.payload.inputs.ci_commit_ref_name | |
refFull = context.payload.inputs.pull_request_ref | |
githubBranch = refName | |
githubSHA = context.payload.inputs.pull_request_sha | |
core.info(`workflow_dispatch event: set git info from inputs. inputs: ${JSON.stringify(context.payload.inputs)}`) | |
} else if (context.eventName === "pull_request" || context.eventName === "pull_request_target" ) { | |
// For PRs from forks, tag images with `prXXX` to avoid clashes between branches. | |
const targetRepo = context.payload.repository.full_name; | |
const prRepo = context.payload.pull_request.head.repo.full_name | |
const prRef = context.payload.pull_request.head.ref | |
refSlug = `pr${context.issue.number}`; | |
refName = (prRepo === targetRepo) ? prRef : refSlug; | |
refFull = `refs/pull/${context.issue.number}/head` | |
githubBranch = refName | |
githubSHA = context.payload.pull_request.head.sha | |
core.info(`pull request event: set git info from pull_request.head. pr:${prRepo}:${prRef} target:${targetRepo}:${context.ref}`) | |
prNumber = context.issue.number | |
} else { | |
// Other triggers: workflow_dispatch without pull_request_ref, schedule, push... | |
// refName is 'main' or tag name, so slugification is not necessary. | |
refSlug = GITHUB_REF_NAME | |
refName = GITHUB_REF_NAME | |
refFull = GITHUB_REF | |
githubTag = GITHUB_REF_TYPE == "tag" ? refName : "" | |
githubBranch = GITHUB_REF_TYPE == "branch" ? refName : "" | |
githubSHA = context.sha | |
core.info(`${context.eventName} event: set git info from context: ${JSON.stringify({GITHUB_REF_NAME, GITHUB_REF_TYPE, sha: context.sha })}`) | |
} | |
core.setCommandEcho(true) | |
core.setOutput('ci_commit_ref_slug', refSlug) | |
core.setOutput('ci_commit_ref_name', refName) | |
core.setOutput(`ci_commit_tag`, githubTag) | |
core.setOutput(`ci_commit_branch`, githubBranch) | |
core.setOutput(`ref_full`, refFull) | |
core.setOutput('github_sha', githubSHA) | |
core.setOutput('pr_number', prNumber) | |
core.setCommandEcho(false) | |
# </template: git_info_job> | |
cleanup_registry: | |
name: Cleanup registry | |
needs: | |
- git_info | |
runs-on: [self-hosted, regular] | |
steps: | |
# <template: checkout_full_step> | |
- name: Checkout sources | |
uses: actions/checkout@v3.5.2 | |
with: | |
fetch-depth: 0 | |
# </template: checkout_full_step> | |
# <template: login_dev_registry_step> | |
- name: Check dev registry credentials | |
id: check_dev_registry | |
env: | |
HOST: ${{secrets.DECKHOUSE_DEV_REGISTRY_HOST}} | |
run: | | |
if [[ -n $HOST ]]; then | |
echo "has_credentials=true" >> $GITHUB_OUTPUT | |
echo "web_registry_path=${{secrets.DECKHOUSE_DEV_REGISTRY_HOST }}/deckhouse/site" >> $GITHUB_OUTPUT | |
fi | |
- name: Login to dev registry | |
uses: docker/login-action@v2.1.0 | |
if: ${{ steps.check_dev_registry.outputs.has_credentials == 'true' }} | |
with: | |
registry: ${{ secrets.DECKHOUSE_DEV_REGISTRY_HOST }} | |
username: ${{ secrets.DECKHOUSE_DEV_REGISTRY_USER }} | |
password: ${{ secrets.DECKHOUSE_DEV_REGISTRY_PASSWORD }} | |
logout: false | |
# </template: login_dev_registry_step> | |
# <template: werf_install_step> | |
- name: Install werf CLI | |
uses: werf/actions/install@43075e4ab81952b181d33e125ef15b9c060a782e | |
with: | |
channel: ${{env.WERF_CHANNEL}} | |
# </template: werf_install_step> | |
- name: Cleanup | |
env: | |
CI_COMMIT_TAG: ${{needs.git_info.outputs.ci_commit_tag}} | |
CI_COMMIT_REF_NAME: ${{needs.git_info.outputs.ci_commit_ref_name}} | |
ENABLE_REGISTRY_CLEANUP: ${{secrets.ENABLE_REGISTRY_CLEANUP}} | |
run: | | |
if [[ ${ENABLE_REGISTRY_CLEANUP} != "true" ]] ; then | |
echo "⚓️ [$(date -u)] ENABLE_REGISTRY_CLEANUP is not 'true', skip running 'werf cleanup'." | |
exit 0 | |
fi | |
export WERF_REPO=${DEV_REGISTRY_PATH} | |
type werf && source $(werf ci-env github --config werf_cleanup.yaml --verbose --as-file) | |
werf cleanup --config werf_cleanup.yaml --without-kube |