From 966a98537a49296e388fb4687f1c336454857d96 Mon Sep 17 00:00:00 2001
From: carlomazzaferro <carlo.mazzaferro@gmail.com>
Date: Fri, 6 Oct 2023 15:58:53 +0100
Subject: [PATCH 1/5] fix: expire images but keep 20 at least

---
 ops/modules/ecr/main.tf | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/ops/modules/ecr/main.tf b/ops/modules/ecr/main.tf
index 11fc928801..3795f9da40 100644
--- a/ops/modules/ecr/main.tf
+++ b/ops/modules/ecr/main.tf
@@ -11,7 +11,7 @@ resource "aws_ecr_lifecycle_policy" "remove_old_images" {
 {
     "rules": [
         {
-            "rulePriority": 1,
+            "rulePriority": 2,
             "description": "Expire images older than 20 days",
             "selection": {
                 "tagStatus": "any",
@@ -22,6 +22,18 @@ resource "aws_ecr_lifecycle_policy" "remove_old_images" {
             "action": {
                 "type": "expire"
             }
+        },
+        {
+            "rulePriority": 1,
+            "description": "Expire all images that are not the last 20",
+            "selection": {
+                "tagStatus": "any",
+                "countType": "imageCountMoreThan",
+                "countNumber": 20
+            },
+            "action": {
+                "type": "expire"
+            }
         }
     ]
 }

From 352185b9ee76ff49aaa8d468f12cfdb9163781c6 Mon Sep 17 00:00:00 2001
From: carlomazzaferro <carlo.mazzaferro@gmail.com>
Date: Fri, 6 Oct 2023 16:15:43 +0100
Subject: [PATCH 2/5] fix: fix lifecycle priority

---
 ops/modules/ecr/main.tf | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ops/modules/ecr/main.tf b/ops/modules/ecr/main.tf
index 3795f9da40..d1538c0da4 100644
--- a/ops/modules/ecr/main.tf
+++ b/ops/modules/ecr/main.tf
@@ -11,10 +11,11 @@ resource "aws_ecr_lifecycle_policy" "remove_old_images" {
 {
     "rules": [
         {
-            "rulePriority": 2,
+            "rulePriority": 1,
             "description": "Expire images older than 20 days",
             "selection": {
-                "tagStatus": "any",
+                "tagStatus": "tagged",
+                "tagPrefixList": ["sha"],
                 "countType": "sinceImagePushed",
                 "countUnit": "days",
                 "countNumber": 20
@@ -24,7 +25,7 @@ resource "aws_ecr_lifecycle_policy" "remove_old_images" {
             }
         },
         {
-            "rulePriority": 1,
+            "rulePriority": 2,
             "description": "Expire all images that are not the last 20",
             "selection": {
                 "tagStatus": "any",

From e7932abcfd3125310246d334d92042bf34893800 Mon Sep 17 00:00:00 2001
From: carlomazzaferro <carlo.mazzaferro@gmail.com>
Date: Sat, 7 Oct 2023 09:32:46 +0100
Subject: [PATCH 3/5] tag images with the branch name

---
 .github/workflows/build-test-deploy.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/build-test-deploy.yml b/.github/workflows/build-test-deploy.yml
index 489e05bc28..f09e14319d 100644
--- a/.github/workflows/build-test-deploy.yml
+++ b/.github/workflows/build-test-deploy.yml
@@ -535,7 +535,7 @@ jobs:
     runs-on: ubuntu-latest
     env:
       REGISTRY: 679752396206.dkr.ecr.us-east-1.amazonaws.com
-      IMAGE_TAG: ${{ github.sha }}
+      IMAGE_TAG: ${{ github.ref_name }}-${{ github.sha }}
       REPOSITORY: nxtp-cartographer
 
     steps:
@@ -579,7 +579,7 @@ jobs:
     runs-on: ubuntu-latest
     env:
       REGISTRY: 679752396206.dkr.ecr.us-east-1.amazonaws.com
-      IMAGE_TAG: ${{ github.sha }}
+      IMAGE_TAG: ${{ github.ref_name }}-${{ github.sha }}
       REPOSITORY: nxtp-lighthouse
 
     steps:
@@ -1001,7 +1001,7 @@ jobs:
     needs: [smoke-tests, terraform-infra]
     env:
       AWS_PROFILE: aws-deployer-connext
-      TF_VAR_cartographer_image_tag: ${{ github.sha }}
+      TF_VAR_cartographer_image_tag: ${{ github.ref_name }}-${{ github.sha }}
       TF_VAR_full_image_name_sdk_server: ${{ fromJSON(needs.smoke-tests.outputs.sdk-server-tags).tags[0] }}
 
     runs-on: ubuntu-latest
@@ -1066,7 +1066,7 @@ jobs:
       TF_VAR_full_image_name_watcher: ${{ fromJSON(needs.smoke-tests.outputs.watcher-tags).tags[0] }}
       TF_VAR_full_image_name_relayer: ${{ fromJSON(needs.smoke-tests.outputs.relayer-tags).tags[0] }}
       TF_VAR_full_image_name_lighthouse_prover_subscriber: ${{ fromJSON(needs.smoke-tests.outputs.lighthouse-prover-subscriber-tags).tags[0] }}
-      TF_VAR_lighthouse_image_tag: ${{ github.sha }}
+      TF_VAR_lighthouse_image_tag: ${{ github.ref_name }}-${{ github.sha }}
 
     runs-on: ubuntu-latest
     permissions:
@@ -1141,7 +1141,7 @@ jobs:
       TF_VAR_full_image_name_relayer: ${{ fromJSON(needs.e2e-tests.outputs.relayer-tags).tags[0] }}
       TF_VAR_full_image_name_watcher: ${{ fromJSON(needs.e2e-tests.outputs.watcher-tags).tags[0] }}
       TF_VAR_full_image_name_lighthouse_prover_subscriber: ${{ fromJSON(needs.e2e-tests.outputs.lighthouse-prover-subscriber-tags).tags[0] }}
-      TF_VAR_lighthouse_image_tag: ${{ github.sha }}
+      TF_VAR_lighthouse_image_tag: ${{ github.ref_name }}-${{ github.sha }}
 
     runs-on: ubuntu-latest
     permissions:
@@ -1207,7 +1207,7 @@ jobs:
     needs: [e2e-tests]
     env:
       AWS_PROFILE: aws-deployer-connext
-      TF_VAR_cartographer_image_tag: ${{ github.sha }}
+      TF_VAR_cartographer_image_tag: ${{ github.ref_name }}-${{ github.sha }}
       TF_VAR_full_image_name_sdk_server: ${{ fromJSON(needs.e2e-tests.outputs.sdk-server-tags).tags[0] }}
 
     runs-on: ubuntu-latest
@@ -1275,7 +1275,7 @@ jobs:
     needs: [terraform-services-core-prod-testnet, terraform-services-backend-prod-testnet]
     env:
       AWS_PROFILE: aws-deployer-connext
-      TF_VAR_cartographer_image_tag: ${{ github.sha }}
+      TF_VAR_cartographer_image_tag: ${{ github.ref_name }}-${{ github.sha }}
       TF_VAR_full_image_name_sdk_server: ${{ fromJSON(needs.terraform-services-backend-prod-testnet.outputs.sdk-server-tags).tags[0] }}
 
     runs-on: ubuntu-latest
@@ -1340,7 +1340,7 @@ jobs:
       TF_VAR_full_image_name_relayer: ${{ fromJSON(needs.terraform-services-backend-prod-testnet.outputs.relayer-tags).tags[0] }}
       TF_VAR_full_image_name_watcher: ${{ fromJSON(needs.terraform-services-backend-prod-testnet.outputs.watcher-tags).tags[0] }}
       TF_VAR_full_image_name_lighthouse_prover_subscriber: ${{ fromJSON(needs.terraform-services-backend-prod-testnet.outputs.lighthouse-prover-subscriber-tags).tags[0] }}
-      TF_VAR_lighthouse_image_tag: ${{ github.sha }}
+      TF_VAR_lighthouse_image_tag: ${{ github.ref_name }}-${{ github.sha }}
 
     runs-on: ubuntu-latest
     permissions:

From d8c3070650b39c348c01d2556e143f861b9ae31f Mon Sep 17 00:00:00 2001
From: carlomazzaferro <carlo.mazzaferro@gmail.com>
Date: Sat, 7 Oct 2023 18:32:05 +0100
Subject: [PATCH 4/5] fix: add branch name to images

---
 .github/workflows/build-test-deploy.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-test-deploy.yml b/.github/workflows/build-test-deploy.yml
index f09e14319d..76631cc4e9 100644
--- a/.github/workflows/build-test-deploy.yml
+++ b/.github/workflows/build-test-deploy.yml
@@ -833,8 +833,8 @@ jobs:
       SEQUENCER_SERVER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-server-image.outputs.json).tags[0] }}
       SEQUENCER_PUBLISHER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-publisher-image.outputs.json).tags[0] }}
       SEQUENCER_SUBSCRIBER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-subscriber-image.outputs.json).tags[0] }}
-      CARTOGRAPHER_IMAGE: ghcr.io/connext/cartographer:${{ github.sha }}
-      LIGHTHOUSE_IMAGE: ghcr.io/connext/lighthouse:${{ github.sha }}
+      CARTOGRAPHER_IMAGE: ghcr.io/connext/cartographer:${{ github.ref_name }}-${{ github.sha }}
+      LIGHTHOUSE_IMAGE: ghcr.io/connext/lighthouse:${{ github.ref_name }}-${{ github.sha }}
       LIGHTHOUSE_PROVER_SUBSCRIBER_IMAGE: ${{ fromJSON(needs.build-and-push-lighthouse-prover-subscriber-image.outputs.json).tags[0] }}
       RELAYER_IMAGE: ${{ fromJSON(needs.build-and-push-relayer-image.outputs.json).tags[0] }}
       WATCHER_IMAGE: ${{ fromJSON(needs.build-and-push-watcher-image.outputs.json).tags[0] }}
@@ -919,7 +919,7 @@ jobs:
       SEQUENCER_SERVER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-server-image.outputs.json).tags[0] }}
       SEQUENCER_PUBLISHER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-publisher-image.outputs.json).tags[0] }}
       SEQUENCER_SUBSCRIBER_IMAGE: ${{ fromJSON(needs.build-and-push-sequencer-subscriber-image.outputs.json).tags[0] }}
-      LIGHTHOUSE_IMAGE: ghcr.io/connext/lighthouse:${{ github.sha }}
+      LIGHTHOUSE_IMAGE: ghcr.io/connext/lighthouse:${{ github.ref_name }}-${{ github.sha }}
       LIGHTHOUSE_PROVER_SUBSCRIBER_IMAGE: ${{ fromJSON(needs.build-and-push-lighthouse-prover-subscriber-image.outputs.json).tags[0] }}
       RELAYER_IMAGE: ${{ fromJSON(needs.build-and-push-relayer-image.outputs.json).tags[0] }}
       WATCHER_IMAGE: ${{ fromJSON(needs.build-and-push-watcher-image.outputs.json).tags[0] }}

From 9f242858589b28a384e188b4b4d6156b70fc3a97 Mon Sep 17 00:00:00 2001
From: carlomazzaferro <carlo.mazzaferro@gmail.com>
Date: Mon, 9 Oct 2023 10:21:26 +0100
Subject: [PATCH 5/5] fix: better lifecycle policy

---
 ops/modules/ecr/main.tf | 41 ++++++++++++++++++++++++++++++++++-------
 1 file changed, 34 insertions(+), 7 deletions(-)

diff --git a/ops/modules/ecr/main.tf b/ops/modules/ecr/main.tf
index d1538c0da4..06a89ef092 100644
--- a/ops/modules/ecr/main.tf
+++ b/ops/modules/ecr/main.tf
@@ -12,13 +12,12 @@ resource "aws_ecr_lifecycle_policy" "remove_old_images" {
     "rules": [
         {
             "rulePriority": 1,
-            "description": "Expire images older than 20 days",
+            "description": "Expire main images that are not the last 50",
             "selection": {
                 "tagStatus": "tagged",
-                "tagPrefixList": ["sha"],
-                "countType": "sinceImagePushed",
-                "countUnit": "days",
-                "countNumber": 20
+                "tagPrefixList": ["main-"],
+                "countType": "imageCountMoreThan",
+                "countNumber": 50
             },
             "action": {
                 "type": "expire"
@@ -26,15 +25,43 @@ resource "aws_ecr_lifecycle_policy" "remove_old_images" {
         },
         {
             "rulePriority": 2,
-            "description": "Expire all images that are not the last 20",
+            "description": "Expire staging images that are not the last 20",
             "selection": {
-                "tagStatus": "any",
+                "tagStatus": "tagged",
+                "tagPrefixList": ["staging-"],
                 "countType": "imageCountMoreThan",
                 "countNumber": 20
             },
             "action": {
                 "type": "expire"
             }
+        },
+        {
+            "rulePriority": 3,
+            "description": "Expire prod images that are not the last 5",
+            "selection": {
+                "tagStatus": "tagged",
+                "tagPrefixList": ["prod-"],
+                "countType": "imageCountMoreThan",
+                "countNumber": 5
+            },
+            "action": {
+                "type": "expire"
+            }
+        },
+        {
+            "rulePriority": 4,
+            "description": "Expire images older than 60 days",
+            "selection": {
+                "tagStatus": "tagged",
+                "tagPrefixList": ["main-", "staging-", "prod-"],
+                "countType": "sinceImagePushed",
+                "countUnit": "days",
+                "countNumber": 180
+            },
+            "action": {
+                "type": "expire"
+            }
         }
     ]
 }