diff --git a/.github/workflows/build-test-deploy.yml b/.github/workflows/build-test-deploy.yml index 489e05bc28..76631cc4e9 100644 --- a/.github/workflows/build-test-deploy.yml +++ b/.github/workflows/build-test-deploy.yml @@ -535,7 +535,7 @@ jobs: runs-on: ubuntu-latest env: REGISTRY: 679752396206.dkr.ecr.us-east-1.amazonaws.com - IMAGE_TAG: ${{ github.sha }} + IMAGE_TAG: ${{ github.ref_name }}-${{ github.sha }} REPOSITORY: nxtp-cartographer steps: @@ -579,7 +579,7 @@ jobs: runs-on: ubuntu-latest env: REGISTRY: 679752396206.dkr.ecr.us-east-1.amazonaws.com - IMAGE_TAG: ${{ github.sha }} + IMAGE_TAG: ${{ github.ref_name }}-${{ github.sha }} REPOSITORY: nxtp-lighthouse steps: @@ -833,8 +833,8 @@ jobs: SEQUENCER_SERVER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-server-image.outputs.json).tags[0] }} SEQUENCER_PUBLISHER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-publisher-image.outputs.json).tags[0] }} SEQUENCER_SUBSCRIBER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-subscriber-image.outputs.json).tags[0] }} - CARTOGRAPHER_IMAGE: ghcr.io/connext/cartographer:${{ github.sha }} - LIGHTHOUSE_IMAGE: ghcr.io/connext/lighthouse:${{ github.sha }} + CARTOGRAPHER_IMAGE: ghcr.io/connext/cartographer:${{ github.ref_name }}-${{ github.sha }} + LIGHTHOUSE_IMAGE: ghcr.io/connext/lighthouse:${{ github.ref_name }}-${{ github.sha }} LIGHTHOUSE_PROVER_SUBSCRIBER_IMAGE: ${{ fromJSON(needs.build-and-push-lighthouse-prover-subscriber-image.outputs.json).tags[0] }} RELAYER_IMAGE: ${{ fromJSON(needs.build-and-push-relayer-image.outputs.json).tags[0] }} WATCHER_IMAGE: ${{ fromJSON(needs.build-and-push-watcher-image.outputs.json).tags[0] }} @@ -919,7 +919,7 @@ jobs: SEQUENCER_SERVER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-server-image.outputs.json).tags[0] }} SEQUENCER_PUBLISHER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-publisher-image.outputs.json).tags[0] }} SEQUENCER_SUBSCRIBER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-subscriber-image.outputs.json).tags[0] }} - LIGHTHOUSE_IMAGE: ghcr.io/connext/lighthouse:${{ github.sha }} + LIGHTHOUSE_IMAGE: ghcr.io/connext/lighthouse:${{ github.ref_name }}-${{ github.sha }} LIGHTHOUSE_PROVER_SUBSCRIBER_IMAGE: ${{ fromJSON(needs.build-and-push-lighthouse-prover-subscriber-image.outputs.json).tags[0] }} RELAYER_IMAGE: ${{ fromJSON(needs.build-and-push-relayer-image.outputs.json).tags[0] }} WATCHER_IMAGE: ${{ fromJSON(needs.build-and-push-watcher-image.outputs.json).tags[0] }} @@ -1001,7 +1001,7 @@ jobs: needs: [smoke-tests, terraform-infra] env: AWS_PROFILE: aws-deployer-connext - TF_VAR_cartographer_image_tag: ${{ github.sha }} + TF_VAR_cartographer_image_tag: ${{ github.ref_name }}-${{ github.sha }} TF_VAR_full_image_name_sdk_server: ${{ fromJSON(needs.smoke-tests.outputs.sdk-server-tags).tags[0] }} runs-on: ubuntu-latest @@ -1066,7 +1066,7 @@ jobs: TF_VAR_full_image_name_watcher: ${{ fromJSON(needs.smoke-tests.outputs.watcher-tags).tags[0] }} TF_VAR_full_image_name_relayer: ${{ fromJSON(needs.smoke-tests.outputs.relayer-tags).tags[0] }} TF_VAR_full_image_name_lighthouse_prover_subscriber: ${{ fromJSON(needs.smoke-tests.outputs.lighthouse-prover-subscriber-tags).tags[0] }} - TF_VAR_lighthouse_image_tag: ${{ github.sha }} + TF_VAR_lighthouse_image_tag: ${{ github.ref_name }}-${{ github.sha }} runs-on: ubuntu-latest permissions: @@ -1141,7 +1141,7 @@ jobs: TF_VAR_full_image_name_relayer: ${{ fromJSON(needs.e2e-tests.outputs.relayer-tags).tags[0] }} TF_VAR_full_image_name_watcher: ${{ fromJSON(needs.e2e-tests.outputs.watcher-tags).tags[0] }} TF_VAR_full_image_name_lighthouse_prover_subscriber: ${{ fromJSON(needs.e2e-tests.outputs.lighthouse-prover-subscriber-tags).tags[0] }} - TF_VAR_lighthouse_image_tag: ${{ github.sha }} + TF_VAR_lighthouse_image_tag: ${{ github.ref_name }}-${{ github.sha }} runs-on: ubuntu-latest permissions: @@ -1207,7 +1207,7 @@ jobs: needs: [e2e-tests] env: AWS_PROFILE: aws-deployer-connext - TF_VAR_cartographer_image_tag: ${{ github.sha }} + TF_VAR_cartographer_image_tag: ${{ github.ref_name }}-${{ github.sha }} TF_VAR_full_image_name_sdk_server: ${{ fromJSON(needs.e2e-tests.outputs.sdk-server-tags).tags[0] }} runs-on: ubuntu-latest @@ -1275,7 +1275,7 @@ jobs: needs: [terraform-services-core-prod-testnet, terraform-services-backend-prod-testnet] env: AWS_PROFILE: aws-deployer-connext - TF_VAR_cartographer_image_tag: ${{ github.sha }} + TF_VAR_cartographer_image_tag: ${{ github.ref_name }}-${{ github.sha }} TF_VAR_full_image_name_sdk_server: ${{ fromJSON(needs.terraform-services-backend-prod-testnet.outputs.sdk-server-tags).tags[0] }} runs-on: ubuntu-latest @@ -1340,7 +1340,7 @@ jobs: TF_VAR_full_image_name_relayer: ${{ fromJSON(needs.terraform-services-backend-prod-testnet.outputs.relayer-tags).tags[0] }} TF_VAR_full_image_name_watcher: ${{ fromJSON(needs.terraform-services-backend-prod-testnet.outputs.watcher-tags).tags[0] }} TF_VAR_full_image_name_lighthouse_prover_subscriber: ${{ fromJSON(needs.terraform-services-backend-prod-testnet.outputs.lighthouse-prover-subscriber-tags).tags[0] }} - TF_VAR_lighthouse_image_tag: ${{ github.sha }} + TF_VAR_lighthouse_image_tag: ${{ github.ref_name }}-${{ github.sha }} runs-on: ubuntu-latest permissions: diff --git a/ops/modules/ecr/main.tf b/ops/modules/ecr/main.tf index 11fc928801..06a89ef092 100644 --- a/ops/modules/ecr/main.tf +++ b/ops/modules/ecr/main.tf @@ -12,12 +12,52 @@ resource "aws_ecr_lifecycle_policy" "remove_old_images" { "rules": [ { "rulePriority": 1, - "description": "Expire images older than 20 days", + "description": "Expire main images that are not the last 50", "selection": { - "tagStatus": "any", + "tagStatus": "tagged", + "tagPrefixList": ["main-"], + "countType": "imageCountMoreThan", + "countNumber": 50 + }, + "action": { + "type": "expire" + } + }, + { + "rulePriority": 2, + "description": "Expire staging images that are not the last 20", + "selection": { + "tagStatus": "tagged", + "tagPrefixList": ["staging-"], + "countType": "imageCountMoreThan", + "countNumber": 20 + }, + "action": { + "type": "expire" + } + }, + { + "rulePriority": 3, + "description": "Expire prod images that are not the last 5", + "selection": { + "tagStatus": "tagged", + "tagPrefixList": ["prod-"], + "countType": "imageCountMoreThan", + "countNumber": 5 + }, + "action": { + "type": "expire" + } + }, + { + "rulePriority": 4, + "description": "Expire images older than 60 days", + "selection": { + "tagStatus": "tagged", + "tagPrefixList": ["main-", "staging-", "prod-"], "countType": "sinceImagePushed", "countUnit": "days", - "countNumber": 20 + "countNumber": 180 }, "action": { "type": "expire"