app-bricks-py/.github/workflows/docker-cleanup.yml at main · arduino/app-bricks-py · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
name: Cleanup branch containers from GHCR

on:
  delete:

permissions:
  packages: write

jobs:
  cleanup:
    runs-on: ubuntu-24.04-arm
    if: github.event.ref_type == 'branch'
    steps:
      - name: Sanitize branch name
        id: branch
        run: |
          # Apply the same transform as docker/metadata-action type=ref,event=branch with prefix=dev-:
          # lowercase, replace non-alphanumeric (except dot, underscore, dash) with dash, strip leading/trailing dashes
          RAW="${{ github.event.ref }}"
          SANITIZED=$(echo "$RAW" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9._-]/-/g' | sed 's/^-//;s/-$//')
          echo "tag=dev-$SANITIZED" >> $GITHUB_OUTPUT

      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Delete branch-tagged images from GHCR
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          TAG: ${{ steps.branch.outputs.tag }}
          OWNER: ${{ github.repository_owner }}
        run: |
          # Discover packages from containers/ directory
          mapfile -t PACKAGES < <(ls -d containers/*/ | xargs -I{} basename {} | sed 's|^|app-bricks/|' | jq -Rr @uri)

          for PKG in "${PACKAGES[@]}"; do
            echo "Processing package: $PKG (tag: $TAG)"

            API_PATH="/orgs/$OWNER/packages/container/$PKG/versions"
            DELETE_PATH="/orgs/$OWNER/packages/container/$PKG/versions"

            # List all versions and find ones that match our branch tag or its buildcache
            VERSIONS=$(gh api \
              "$API_PATH" \
              --paginate \
              --jq ".[] | select(any(.metadata.container.tags[]; test(\"^${TAG}(-buildcache|-[0-9]+)?$\"))) | .id" 2>/dev/null || true)

            if [[ -z "$VERSIONS" ]]; then
              echo "  No versions found with tag '$TAG' for $PKG"
              continue
            fi

            while IFS= read -r VERSION_ID; do
              echo "  Deleting version $VERSION_ID from $PKG"
              gh api --method DELETE "$DELETE_PATH/$VERSION_ID" || \
                echo "  Warning: failed to delete version $VERSION_ID (may require delete:packages scope)"
            done <<< "$VERSIONS"
          done