From 966a98537a49296e388fb4687f1c336454857d96 Mon Sep 17 00:00:00 2001 From: carlomazzaferro <carlo.mazzaferro@gmail.com> Date: Fri, 6 Oct 2023 15:58:53 +0100 Subject: [PATCH 1/5] fix: expire images but keep 20 at least --- ops/modules/ecr/main.tf | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/ops/modules/ecr/main.tf b/ops/modules/ecr/main.tf index 11fc928801..3795f9da40 100644 --- a/ops/modules/ecr/main.tf +++ b/ops/modules/ecr/main.tf @@ -11,7 +11,7 @@ resource "aws_ecr_lifecycle_policy" "remove_old_images" { { "rules": [ { - "rulePriority": 1, + "rulePriority": 2, "description": "Expire images older than 20 days", "selection": { "tagStatus": "any", @@ -22,6 +22,18 @@ resource "aws_ecr_lifecycle_policy" "remove_old_images" { "action": { "type": "expire" } + }, + { + "rulePriority": 1, + "description": "Expire all images that are not the last 20", + "selection": { + "tagStatus": "any", + "countType": "imageCountMoreThan", + "countNumber": 20 + }, + "action": { + "type": "expire" + } } ] } From 352185b9ee76ff49aaa8d468f12cfdb9163781c6 Mon Sep 17 00:00:00 2001 From: carlomazzaferro <carlo.mazzaferro@gmail.com> Date: Fri, 6 Oct 2023 16:15:43 +0100 Subject: [PATCH 2/5] fix: fix lifecycle priority --- ops/modules/ecr/main.tf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ops/modules/ecr/main.tf b/ops/modules/ecr/main.tf index 3795f9da40..d1538c0da4 100644 --- a/ops/modules/ecr/main.tf +++ b/ops/modules/ecr/main.tf @@ -11,10 +11,11 @@ resource "aws_ecr_lifecycle_policy" "remove_old_images" { { "rules": [ { - "rulePriority": 2, + "rulePriority": 1, "description": "Expire images older than 20 days", "selection": { - "tagStatus": "any", + "tagStatus": "tagged", + "tagPrefixList": ["sha"], "countType": "sinceImagePushed", "countUnit": "days", "countNumber": 20 @@ -24,7 +25,7 @@ resource "aws_ecr_lifecycle_policy" "remove_old_images" { } }, { - "rulePriority": 1, + "rulePriority": 2, "description": "Expire all images that are not the last 20", "selection": { "tagStatus": "any", From e7932abcfd3125310246d334d92042bf34893800 Mon Sep 17 00:00:00 2001 From: carlomazzaferro <carlo.mazzaferro@gmail.com> Date: Sat, 7 Oct 2023 09:32:46 +0100 Subject: [PATCH 3/5] tag images with the branch name --- .github/workflows/build-test-deploy.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build-test-deploy.yml b/.github/workflows/build-test-deploy.yml index 489e05bc28..f09e14319d 100644 --- a/.github/workflows/build-test-deploy.yml +++ b/.github/workflows/build-test-deploy.yml @@ -535,7 +535,7 @@ jobs: runs-on: ubuntu-latest env: REGISTRY: 679752396206.dkr.ecr.us-east-1.amazonaws.com - IMAGE_TAG: ${{ github.sha }} + IMAGE_TAG: ${{ github.ref_name }}-${{ github.sha }} REPOSITORY: nxtp-cartographer steps: @@ -579,7 +579,7 @@ jobs: runs-on: ubuntu-latest env: REGISTRY: 679752396206.dkr.ecr.us-east-1.amazonaws.com - IMAGE_TAG: ${{ github.sha }} + IMAGE_TAG: ${{ github.ref_name }}-${{ github.sha }} REPOSITORY: nxtp-lighthouse steps: @@ -1001,7 +1001,7 @@ jobs: needs: [smoke-tests, terraform-infra] env: AWS_PROFILE: aws-deployer-connext - TF_VAR_cartographer_image_tag: ${{ github.sha }} + TF_VAR_cartographer_image_tag: ${{ github.ref_name }}-${{ github.sha }} TF_VAR_full_image_name_sdk_server: ${{ fromJSON(needs.smoke-tests.outputs.sdk-server-tags).tags[0] }} runs-on: ubuntu-latest @@ -1066,7 +1066,7 @@ jobs: TF_VAR_full_image_name_watcher: ${{ fromJSON(needs.smoke-tests.outputs.watcher-tags).tags[0] }} TF_VAR_full_image_name_relayer: ${{ fromJSON(needs.smoke-tests.outputs.relayer-tags).tags[0] }} TF_VAR_full_image_name_lighthouse_prover_subscriber: ${{ fromJSON(needs.smoke-tests.outputs.lighthouse-prover-subscriber-tags).tags[0] }} - TF_VAR_lighthouse_image_tag: ${{ github.sha }} + TF_VAR_lighthouse_image_tag: ${{ github.ref_name }}-${{ github.sha }} runs-on: ubuntu-latest permissions: @@ -1141,7 +1141,7 @@ jobs: TF_VAR_full_image_name_relayer: ${{ fromJSON(needs.e2e-tests.outputs.relayer-tags).tags[0] }} TF_VAR_full_image_name_watcher: ${{ fromJSON(needs.e2e-tests.outputs.watcher-tags).tags[0] }} TF_VAR_full_image_name_lighthouse_prover_subscriber: ${{ fromJSON(needs.e2e-tests.outputs.lighthouse-prover-subscriber-tags).tags[0] }} - TF_VAR_lighthouse_image_tag: ${{ github.sha }} + TF_VAR_lighthouse_image_tag: ${{ github.ref_name }}-${{ github.sha }} runs-on: ubuntu-latest permissions: @@ -1207,7 +1207,7 @@ jobs: needs: [e2e-tests] env: AWS_PROFILE: aws-deployer-connext - TF_VAR_cartographer_image_tag: ${{ github.sha }} + TF_VAR_cartographer_image_tag: ${{ github.ref_name }}-${{ github.sha }} TF_VAR_full_image_name_sdk_server: ${{ fromJSON(needs.e2e-tests.outputs.sdk-server-tags).tags[0] }} runs-on: ubuntu-latest @@ -1275,7 +1275,7 @@ jobs: needs: [terraform-services-core-prod-testnet, terraform-services-backend-prod-testnet] env: AWS_PROFILE: aws-deployer-connext - TF_VAR_cartographer_image_tag: ${{ github.sha }} + TF_VAR_cartographer_image_tag: ${{ github.ref_name }}-${{ github.sha }} TF_VAR_full_image_name_sdk_server: ${{ fromJSON(needs.terraform-services-backend-prod-testnet.outputs.sdk-server-tags).tags[0] }} runs-on: ubuntu-latest @@ -1340,7 +1340,7 @@ jobs: TF_VAR_full_image_name_relayer: ${{ fromJSON(needs.terraform-services-backend-prod-testnet.outputs.relayer-tags).tags[0] }} TF_VAR_full_image_name_watcher: ${{ fromJSON(needs.terraform-services-backend-prod-testnet.outputs.watcher-tags).tags[0] }} TF_VAR_full_image_name_lighthouse_prover_subscriber: ${{ fromJSON(needs.terraform-services-backend-prod-testnet.outputs.lighthouse-prover-subscriber-tags).tags[0] }} - TF_VAR_lighthouse_image_tag: ${{ github.sha }} + TF_VAR_lighthouse_image_tag: ${{ github.ref_name }}-${{ github.sha }} runs-on: ubuntu-latest permissions: From d8c3070650b39c348c01d2556e143f861b9ae31f Mon Sep 17 00:00:00 2001 From: carlomazzaferro <carlo.mazzaferro@gmail.com> Date: Sat, 7 Oct 2023 18:32:05 +0100 Subject: [PATCH 4/5] fix: add branch name to images --- .github/workflows/build-test-deploy.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-test-deploy.yml b/.github/workflows/build-test-deploy.yml index f09e14319d..76631cc4e9 100644 --- a/.github/workflows/build-test-deploy.yml +++ b/.github/workflows/build-test-deploy.yml @@ -833,8 +833,8 @@ jobs: SEQUENCER_SERVER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-server-image.outputs.json).tags[0] }} SEQUENCER_PUBLISHER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-publisher-image.outputs.json).tags[0] }} SEQUENCER_SUBSCRIBER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-subscriber-image.outputs.json).tags[0] }} - CARTOGRAPHER_IMAGE: ghcr.io/connext/cartographer:${{ github.sha }} - LIGHTHOUSE_IMAGE: ghcr.io/connext/lighthouse:${{ github.sha }} + CARTOGRAPHER_IMAGE: ghcr.io/connext/cartographer:${{ github.ref_name }}-${{ github.sha }} + LIGHTHOUSE_IMAGE: ghcr.io/connext/lighthouse:${{ github.ref_name }}-${{ github.sha }} LIGHTHOUSE_PROVER_SUBSCRIBER_IMAGE: ${{ fromJSON(needs.build-and-push-lighthouse-prover-subscriber-image.outputs.json).tags[0] }} RELAYER_IMAGE: ${{ fromJSON(needs.build-and-push-relayer-image.outputs.json).tags[0] }} WATCHER_IMAGE: ${{ fromJSON(needs.build-and-push-watcher-image.outputs.json).tags[0] }} @@ -919,7 +919,7 @@ jobs: SEQUENCER_SERVER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-server-image.outputs.json).tags[0] }} SEQUENCER_PUBLISHER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-publisher-image.outputs.json).tags[0] }} SEQUENCER_SUBSCRIBER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-subscriber-image.outputs.json).tags[0] }} - LIGHTHOUSE_IMAGE: ghcr.io/connext/lighthouse:${{ github.sha }} + LIGHTHOUSE_IMAGE: ghcr.io/connext/lighthouse:${{ github.ref_name }}-${{ github.sha }} LIGHTHOUSE_PROVER_SUBSCRIBER_IMAGE: ${{ fromJSON(needs.build-and-push-lighthouse-prover-subscriber-image.outputs.json).tags[0] }} RELAYER_IMAGE: ${{ fromJSON(needs.build-and-push-relayer-image.outputs.json).tags[0] }} WATCHER_IMAGE: ${{ fromJSON(needs.build-and-push-watcher-image.outputs.json).tags[0] }} From 9f242858589b28a384e188b4b4d6156b70fc3a97 Mon Sep 17 00:00:00 2001 From: carlomazzaferro <carlo.mazzaferro@gmail.com> Date: Mon, 9 Oct 2023 10:21:26 +0100 Subject: [PATCH 5/5] fix: better lifecycle policy --- ops/modules/ecr/main.tf | 41 ++++++++++++++++++++++++++++++++++------- 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/ops/modules/ecr/main.tf b/ops/modules/ecr/main.tf index d1538c0da4..06a89ef092 100644 --- a/ops/modules/ecr/main.tf +++ b/ops/modules/ecr/main.tf @@ -12,13 +12,12 @@ resource "aws_ecr_lifecycle_policy" "remove_old_images" { "rules": [ { "rulePriority": 1, - "description": "Expire images older than 20 days", + "description": "Expire main images that are not the last 50", "selection": { "tagStatus": "tagged", - "tagPrefixList": ["sha"], - "countType": "sinceImagePushed", - "countUnit": "days", - "countNumber": 20 + "tagPrefixList": ["main-"], + "countType": "imageCountMoreThan", + "countNumber": 50 }, "action": { "type": "expire" @@ -26,15 +25,43 @@ resource "aws_ecr_lifecycle_policy" "remove_old_images" { }, { "rulePriority": 2, - "description": "Expire all images that are not the last 20", + "description": "Expire staging images that are not the last 20", "selection": { - "tagStatus": "any", + "tagStatus": "tagged", + "tagPrefixList": ["staging-"], "countType": "imageCountMoreThan", "countNumber": 20 }, "action": { "type": "expire" } + }, + { + "rulePriority": 3, + "description": "Expire prod images that are not the last 5", + "selection": { + "tagStatus": "tagged", + "tagPrefixList": ["prod-"], + "countType": "imageCountMoreThan", + "countNumber": 5 + }, + "action": { + "type": "expire" + } + }, + { + "rulePriority": 4, + "description": "Expire images older than 60 days", + "selection": { + "tagStatus": "tagged", + "tagPrefixList": ["main-", "staging-", "prod-"], + "countType": "sinceImagePushed", + "countUnit": "days", + "countNumber": 180 + }, + "action": { + "type": "expire" + } } ] }