3131 fi
3232
3333id : generate-tag
34+ name : Generate random PR tag
3435 run : |
36+ # Generate a random tag to be deleted that cannot collide with an open PR tag
3537 TAG="pr-$(( 1 + RANDOM % 210))"
3638 echo "tag=$TAG" >> "$GITHUB_OUTPUT"
3739
@@ -55,10 +57,55 @@ jobs:
5557 }
5658 ]
5759
60+ arrange-verify :
61+ name : Arrange - Verify built images
62+ runs-on : ubuntu-latest
63+ needs : arrange
64+ permissions :
65+ contents : read
66+ packages : read
67+ outputs :
68+ base-image : ${{ steps.assert-built-images.outputs.base-image }}
69+ steps :
70+ - name : Assert - Ensure images have been built
71+ id : assert-built-images
72+ uses : actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
73+ env :
74+ IMAGE_NAME : ${{ env.IMAGE_NAME }}
75+ BUILT_IMAGES : ${{ needs.arrange.outputs.built-images }}
76+ with :
77+ script : |
78+ const packages = process.env.PACKAGES.split("\n").map(packageName => packageName.trim()).filter(Boolean);
79+
80+ for(const packageName of packages) {
81+ const packagePayload = {
82+ package_type: 'container',
83+ package_name: packageName,
84+ org: process.env.GITHUB_REPOSITORY_OWNER,
85+ };
86+
87+ // Ensure that package exists
88+ const packageExists = await github.rest.packages.getPackageForOrganization(packagePayload);
89+ if (!packageExists) {
90+ return core.setFailed(`Package "${packageName}" does not exist`);
91+ }
92+ }
93+
94+ // Ensure base image has been built
95+ const builtImagesOutput = process.env.BUILT_IMAGES;
96+ const builtImages = JSON.parse(builtImagesOutput);
97+ if (!builtImages[process.env.IMAGE_NAME] || !builtImages[process.env.IMAGE_NAME].images.length) {
98+ return core.setFailed(`No built images found for image name "${process.env.IMAGE_NAME}"`);
99+ }
100+ const baseImage = builtImages[process.env.IMAGE_NAME].images[0];
101+ await exec.exec("docker", ["pull", baseImage]);
102+
103+ core.setOutput("base-image", baseImage);
104+
58105act :
59106 name : Act - Prune pull requests image tags
60107 runs-on : ubuntu-latest
61- needs : [setup, arrange]
108+ needs : [setup, arrange, arrange-verify ]
62109 permissions :
63110 packages : write
64111 steps :
@@ -71,9 +118,13 @@ jobs:
71118 password : ${{ secrets.GITHUB_TOKEN }}
72119
73120 - name : Generate a image tag that should be deleted
121+ env :
122+ BASE_IMAGE : ${{ needs.arrange-verify.outputs.base-image }}
123+ IMAGE_NAME : ${{ env.IMAGE_NAME }}
124+ TAG_TO_DELETE : ${{ needs.setup.outputs.tag }}
125+ BUILT_IMAGES : ${{ needs.arrange.outputs.built-images }}
74126 run : |
75- BASE_IMAGE=$(echo '${{ needs.arrange.outputs.built-images }}' | jq -r '."${{ env.IMAGE_NAME }}".images[0]')
76- NEW_IMAGE=ghcr.io/hoverkraft-tech/ci-github-container/${{ env.IMAGE_NAME }}:${{ needs.setup.outputs.tag }}
127+ NEW_IMAGE="ghcr.io/hoverkraft-tech/ci-github-container/$IMAGE_NAME:$TAG_TO_DELETE"
77128
78129 docker pull "$BASE_IMAGE"
79130 docker tag "$BASE_IMAGE" "$NEW_IMAGE"
91142 steps :
92143 - name : Assert - Ensure expected packages versions have been deleted
93144 uses : actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
145+ env :
146+ TAG_TO_DELETE : ${{ needs.setup.outputs.tag }}
94147 with :
95148 github-token : ${{ secrets.GITHUB_TOKEN }}
96149 script : |
@@ -105,16 +158,20 @@ jobs:
105158 org: process.env.GITHUB_REPOSITORY_OWNER,
106159 };
107160
161+ // Ensure that package still exists
162+ const packageExists = await github.rest.packages.getPackageForOrganization(packagePayload);
163+ assert(packageExists, `Package "${packageName}" does not exist`);
164+
108165 const packageVersions = await github.paginate(
109166 github.rest.packages.getAllPackageVersionsForPackageOwnedByOrg.endpoint.merge(packagePayload)
110167 );
111168
112169 const packageVersionExists = packageVersions.some(
113170 (packageVersion) => packageVersion.metadata.container.tags.some(
114- (tag) => tag === "${{ needs.setup.outputs.tag }}"
171+ (tag) => tag === process.env.TAG_TO_DELETE
115172 )
116173 );
117- assert.equal(packageVersionExists, false, `Package version "${{ needs.setup.outputs.tag } }" has not been deleted`);
174+ assert.equal(packageVersionExists, false, `Package version "${process.env.TAG_TO_DELETE }" has not been deleted`);
118175 }
119176
120177uses : docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
@@ -126,6 +183,8 @@ jobs:
126183
127184 - name : Assert - Ensure current image tag didn't get deleted
128185 if : ${{ github.event_name == 'pull_request' }}
186+ env :
187+ IMAGE_NAME : ${{ env.IMAGE_NAME }}
129188 run : |
130189 for IMAGE_TAG in $(echo '${{ needs.arrange.outputs.built-images }}' | jq -r '."${{ env.IMAGE_NAME }}".images[]'); do
131190 docker pull "$IMAGE_TAG"
@@ -139,7 +198,7 @@ jobs:
139198
140199 # Ensure all manifests digest didn't get deleted
141200 for DIGEST in $(echo "$MANIFEST" | jq -r '.manifests[].digest'); do
142- IMAGE_MANIFEST="ghcr.io/hoverkraft-tech/ci-github-container/${{ env. IMAGE_NAME }} @$DIGEST"
201+ IMAGE_MANIFEST="ghcr.io/hoverkraft-tech/ci-github-container/$IMAGE_NAME@$DIGEST"
143202 docker pull "$IMAGE_MANIFEST"
144203 if ! docker manifest inspect "$IMAGE_MANIFEST" > /dev/null; then
145204 echo "Failed to inspect manifest for image: ${IMAGE_MANIFEST}"
0 commit comments