Conversation
- Updated imports and exports in strategyRegistry.js, deleteAction.js, loader.js, wildcardMatcher.js, wrapper.js to use ES module syntax. - Refactored tests in container.test.js, report.test.js, wildcardMatcher.test.js, and wrapper.test.js to accommodate ES module imports. - Adjusted mocking of dependencies in tests to align with ES module structure.
…e packages separately with error handling
github-actions
bot
added
bug
nookyo
added
enhancement
borislavr
approved these changes
Mar 16, 2026
nookyo
deleted the
534-bug-cleanup-job-remove-images-included-in-image-manifest-for-tag
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request
Summary
Fix dangling layer detection for private/multi-arch container images in the
container-package-cleanupaction.When a tagged image is private,
docker manifest inspectwas failing withunauthorized, causing arch layers of protected tags to not be added toprotectedDigests, and subsequently being incorrectly marked as dangling and deleted.Issue
Fixes #534
Breaking Change?
Scope / Project
actions/container-package-cleanupImplementation Notes
ensureDockerLogin()method toOctokitWrapperthat performsdocker login ghcr.iousing thePACKAGE_TOKENbefore callingdocker manifest inspect. This allows the action to fetch manifests for private images.manifest.manifests ?? []to handle single-arch images that do not have amanifestsarray in their manifest response."type": "module"inpackage.json), matching the approach used inmetadata-action.esbuild(same asmetadata-action) withdist/package.jsonset to{"type":"commonjs"}so the compiled bundle runs correctly under Node.jest.unstable_mockModule+await import()for ESM compatibility.listPackagesForOrganizationnow makes three parallel requests with explicitvisibility: 'public','internal', and'private'usingPromise.allSettled, so each visibility bucket is logged separately and partial failures don't abort the whole fetch.getManifestDigestsshowing the ref and returned digests for each tag, making it easier to trace which arch layers belong to which tag.action.ymlusingfromnode20tonode24.Tests / Evidence
npm test).testpatchesorg/qubership-kafkaconfirms:latestand1.0.2(protected) → their arch layers correctly added toprotectedDigests→danglingLayers: nonekafka-3.9.1-patched-8andfeature_integration-build(not protected, old) → tagged version + its arch layers correctly scheduled for deletionAdditional Notes
visibility: private) are not returned bylistPackagesForOrganizationGitHub REST API even with an admin token — this is a known GitHub API limitation and is out of scope for this PR.Found X public/internal/private packages) are intentionally kept for observability.