Delete Obsolete GHCR Images #257
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Delete obsolete container images | |
| on: | |
| schedule: | |
| - cron: "0 1 * * *" # every day at midnight | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| clean-ghcr: | |
| name: Delete obsolete container images | |
| if: ${{ github.repository == 'statnett/image-scanner-operator' }} | |
| permissions: | |
| packages: write # for snok/container-retention-policy to delete images | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 | |
| with: | |
| egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
| - name: Delete untagged container images older than a week | |
| uses: snok/container-retention-policy@04c70fd030033036d69c0057e0d125bf25820544 # v2.1.2 | |
| with: | |
| image-names: image-scanner-operator | |
| cut-off: A week ago UTC | |
| account-type: org | |
| org-name: statnett | |
| untagged-only: true | |
| token: ${{ secrets.BOT_PAT }} |