Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GHCR: actions/delete-package-versions@v4 #6757

Merged
merged 1 commit into from
Oct 24, 2023
Merged

GHCR: actions/delete-package-versions@v4 #6757

merged 1 commit into from
Oct 24, 2023

Conversation

alismx
Copy link
Collaborator

@alismx alismx commented Oct 16, 2023
edited
Loading

DEVOPS PULL REQUEST

Related Issue

Changes Proposed

  • This PR changes the GitHub Actions workflow to delete any untagged container images for the following: backend, cypress, database, frontend, frontend-lighthouse, and nginx.

Additional Information

  • The change to actions/delete-package-versions@v4 allows us to delete container images without needing a personal access token. Previously, we were using the snok/container-retention-policy@v2 action, which wouldn't work without a PAT.
  • This only deletes untagged images, which is a huge improvement over nothing, but future work would allow us to clean up all images by filtering tags. That functionality is on the radar of delete-package-versions folks.

Testing

  • Reviewers can verify this PR by checking on the GitHub Actions tab following the merge. Ensure there is a reduction or absence of untagged container images in the repository. The workflow runs once every day at 00:00.

Checklist for Primary Reviewer

Infrastructure

  • Consult the results of the terraform-plan job inside the "Terraform Checks" workflow run for this PR. Confirm that there are no unexpected changes!

Security

  • Changes with security implications have been approved by a security engineer (changes to authentication, encryption, handling of PII, etc.)
  • Any dependencies introduced have been vetted and discussed

Cloud

  • Oncall has been notified if this change is going in after-hours
  • If there are changes that cannot be tested locally, this has been deployed to our Azure test, dev, or pentest environment for verification

Documentation

  • Any changes to the startup configuration have been documented in the README

@alismx alismx marked this pull request as ready for review October 16, 2023 17:22
@alismx alismx force-pushed the alis/ghcr_cleanup branch from 8d355ab to e706edc Compare October 16, 2023 17:23
@alismx alismx changed the title feat: replace container retention policy with delete-package-versions… GHCR: actions/delete-package-versions@v4 Oct 16, 2023
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

emyl3
emyl3 reviewed Oct 18, 2023
View reviewed changes
.github/workflows/ghcrCleanup.yml
with:
package-name: 'backend'
package-type: 'container'
min-versions-to-keep: 10
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(for my own knowledge 😅) if we are only deleting untagged versions is there a reason we need to keep a minimum of 10 versions of them? 🤔

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have a good reason except that I want to see the arguments at work. 😃

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that sounds good to me! I would also like to see that too! 😹

emyl3
emyl3 approved these changes Oct 18, 2023
View reviewed changes
Copy link
Collaborator

@emyl3 emyl3 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

I went here to see how many untagged images for particular containers we have
https://github.com/orgs/CDCgov/packages?ecosystem=container&tab=packages&ecosystem=container&q=prime-simplereport

Some I couldn't even load the page like frontend container since I am assuming we have so many images 😅

I was able to open frontend-lighthouse: https://github.com/CDCgov/prime-simplereport/pkgs/container/prime-simplereport%2Ffrontend-lighthouse/versions?filters%5Bversion_type%5D=tagged

Based on this PR, after it is merged, I should only see tagged ones left and 10 of the last untagged images right?

@alismx
Copy link
Collaborator Author

alismx commented Oct 18, 2023

Looks good!

I went here to see how many untagged images for particular containers we have https://github.com/orgs/CDCgov/packages?ecosystem=container&tab=packages&ecosystem=container&q=prime-simplereport

Some I couldn't even load the page like frontend container since I am assuming we have so many images 😅

I was able to open frontend-lighthouse: https://github.com/CDCgov/prime-simplereport/pkgs/container/prime-simplereport%2Ffrontend-lighthouse/versions?filters%5Bversion_type%5D=tagged

Based on this PR, after it is merged, I should only see tagged ones left and 10 of the last untagged images right?

That's exactly what I would expect after this is merged and runs at the scheduled time.

@emyl3
Copy link
Collaborator

emyl3 commented Oct 18, 2023

Looks good!
I went here to see how many untagged images for particular containers we have https://github.com/orgs/CDCgov/packages?ecosystem=container&tab=packages&ecosystem=container&q=prime-simplereport
Some I couldn't even load the page like frontend container since I am assuming we have so many images 😅
I was able to open frontend-lighthouse: https://github.com/CDCgov/prime-simplereport/pkgs/container/prime-simplereport%2Ffrontend-lighthouse/versions?filters%5Bversion_type%5D=tagged
Based on this PR, after it is merged, I should only see tagged ones left and 10 of the last untagged images right?

That's exactly what I would expect after this is merged and runs at the scheduled time.

Awesome I will keep my eyes out for this 👀

@alismx alismx enabled auto-merge October 24, 2023 00:25
@alismx alismx added this pull request to the merge queue Oct 24, 2023
Merged via the queue into main with commit c253a59 Oct 24, 2023
@alismx alismx deleted the alis/ghcr_cleanup branch October 24, 2023 17:23
@emyl3
Copy link
Collaborator

emyl3 commented Oct 25, 2023

@alismx following up on this -- I'm seeing this is failing: https://github.com/CDCgov/prime-simplereport/actions/runs/6634378624/job/18023713248
Screenshot 2023-10-25 at 08 17 03
Wanted to flag this for you!

@alismx
Copy link
Collaborator Author

alismx commented Oct 25, 2023

@alismx following up on this -- I'm seeing this is failing: https://github.com/CDCgov/prime-simplereport/actions/runs/6634378624/job/18023713248 Screenshot 2023-10-25 at 08 17 03 Wanted to flag this for you!

@emyl3 Thank you for calling this out! I'm planning on looking into it today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emyl3 emyl3 emyl3 approved these changes

@rin-skylight rin-skylight rin-skylight approved these changes

@zdeveloper zdeveloper Awaiting requested review from zdeveloper

@mehansen mehansen Awaiting requested review from mehansen

@mpbrown mpbrown Awaiting requested review from mpbrown

@nathancrtr nathancrtr Awaiting requested review from nathancrtr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alismx @emyl3 @rin-skylight