Add option to exclude recently pulled images

[ddelange]

Hi 👋

It would be awesome if we could protect old yet recently pulled images from deletion.

The following stats are available in GitHub UI:

We have the following job running to clean up our org:

jobs:
  container_retention_policy:
    runs-on: ubuntu-latest
    steps:
      - uses: snok/container-retention-policy@v3.0.0
        with:
          account: ${{ github.repository_owner }}
          token: ${{ secrets.GH_BOT_TOKEN }}
          image-names: '*'
          keep-n-most-recent: 20
          cut-off: 4w

The above combination of keep-n-most-recent and cut-off is pretty safe, but leaves the chance of deleting production images in case there were no pushes to main for a repo (live on production) for more than 4 weeks, plus we accumulated many images from commits pushed to PRs / feature branches (20+ images created after last push to main).

I would love to combine these two options with an additional "not been pulled for 30 days" filter. That would also leave a slight chance in case our kubernetes cluster didn't rebalance for 30 days and so didn't have to re-pull the old image to a new node, but that chance is very small (much smaller than the chance of the above scenario for some of our less actively developed repos).

[sondrelg]

Yeah that sounds reasonable! I don't personally have time to contribute this feature, but if you want to have a go at it, please do!