ci(scorecard): clean up images for both push and pr ci (#620)

Signed-off-by: Thuan Vo <thvo@redhat.com>
cryostatio · Aug 31, 2023 · 5c3769f · 5c3769f
1 parent 3fe4b93
commit 5c3769f
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 37 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -38,6 +38,36 @@ env:
   OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04"
 
 jobs:
+  get-test-image-tag:
+    runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'cryostatio' }}
+    outputs:
+      tag: ${{ steps.compute-tag.outputs.tag }}
+    steps:
+    - name: Compute test image tag
+      id: compute-tag
+      run: |
+        prefix="ci"
+        if [ -n "${{ github.event.number }}" ]; then
+          prefix="pr-${{ github.event.number }}"
+        fi
+        echo "tag=${prefix}-$GITHUB_SHA" >> $GITHUB_OUTPUT
+  clean-up-test-images:
+    runs-on: ubuntu-latest
+    needs: [get-test-image-tag, scorecard-test]
+    if: github.repository_owner == 'cryostatio'
+    strategy:
+      matrix:
+        image: [cryostat-operator, cryostat-operator-bundle, cryostat-operator-scorecard]
+    steps:
+    - uses: r26d/ghcr-delete-image-action@v1.3.0
+      with:
+        owner: ${{ github.repository_owner }}
+        name: ${{ matrix.image }}
+        token: ${{ secrets.GHCR_PR_TOKEN }}
+        ignore-missing-package: true
+        tag-regex: ${{ needs.get-test-image-tag.outputs.tag }}
+        tagged-keep-latest: 0
   controller-test:
     runs-on: ubuntu-latest
     if: ${{ github.repository_owner == 'cryostatio' }}
@@ -64,6 +94,9 @@ jobs:
       run: make test-envtest
   scorecard-test:
     runs-on: ubuntu-latest
+    needs: [get-test-image-tag]
+    env:
+      TAG: ${{ needs.get-test-image-tag.outputs.tag }}
     if: ${{ github.repository_owner == 'cryostatio' }}
     steps:
     - name: Fail if safe-to-test label NOT applied
@@ -82,17 +115,9 @@ jobs:
         curl -fsSL $OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg
         sudo apt update
         sudo apt install podman
-    - name: Compute test image tags
-      id: compute-tag
-      run: |
-        prefix="ci"
-        if [ -n "${{ github.event.number }}" ]; then
-          prefix="pr-${{ github.event.number }}"
-        fi
-        echo "tag=${prefix}-$GITHUB_SHA" >> $GITHUB_OUTPUT
     - name: Build scorecard image for test
       run: |
-        CUSTOM_SCORECARD_IMG=ghcr.io/${{ github.repository_owner }}/cryostat-operator-scorecard:${{ steps.compute-tag.outputs.tag }} \
+        CUSTOM_SCORECARD_IMG=ghcr.io/${{ github.repository_owner }}/cryostat-operator-scorecard:${{ env.TAG }} \
         PLATFORMS=linux/amd64 \
         MANIFEST_PUSH=false \
         make scorecard-build
@@ -101,36 +126,36 @@ jobs:
       uses: redhat-actions/push-to-registry@v2
       with:
         image: cryostat-operator-scorecard
-        tags: ${{ steps.compute-tag.outputs.tag }}
+        tags: ${{ env.TAG }}
         registry: ghcr.io/${{ github.repository_owner }}
         username: ${{ github.repository_owner }}
         password: ${{ secrets.GHCR_PR_TOKEN }}
     - name: Build operator image for test
       run: |
-        OPERATOR_IMG=ghcr.io/${{ github.repository_owner }}/cryostat-operator:${{ steps.compute-tag.outputs.tag }} \
+        OPERATOR_IMG=ghcr.io/${{ github.repository_owner }}/cryostat-operator:${{ env.TAG }} \
         SKIP_TESTS=true \
         make oci-build
     - name: Push operator image to ghcr.io for test
       id: push-operator-to-ghcr
       uses: redhat-actions/push-to-registry@v2
       with:
         image: cryostat-operator
-        tags: ${{ steps.compute-tag.outputs.tag }}
+        tags: ${{ env.TAG }}
         registry: ghcr.io/${{ github.repository_owner }}
         username: ${{ github.repository_owner }}
         password: ${{ secrets.GHCR_PR_TOKEN }}
     - name: Build bundle image for test
       run: |
         yq -i '.spec.template.spec.imagePullSecrets = [{"name": "registry-key"}]' config/manager/manager.yaml
         OPERATOR_IMG=${{ steps.push-operator-to-ghcr.outputs.registry-path }} \
-        BUNDLE_IMG=ghcr.io/${{ github.repository_owner }}/cryostat-operator-bundle:${{ steps.compute-tag.outputs.tag }} \
+        BUNDLE_IMG=ghcr.io/${{ github.repository_owner }}/cryostat-operator-bundle:${{ env.TAG }} \
         make bundle bundle-build
     - name: Push bundle image to ghcr.io for test
       id: push-bundle-to-ghcr
       uses: redhat-actions/push-to-registry@v2
       with:
         image: cryostat-operator-bundle
-        tags: ${{ steps.compute-tag.outputs.tag }}
+        tags: ${{ env.TAG }}
         registry: ghcr.io/${{ github.repository_owner }}
         username: ${{ github.repository_owner }}
         password: ${{ secrets.GHCR_PR_TOKEN }}

diff --git a/.github/workflows/image-cleanup.yml b/.github/workflows/image-cleanup.yml