From df36207b814dcb35e696187a57c04e630fb95761 Mon Sep 17 00:00:00 2001 From: Matthias Neugebauer Date: Fri, 12 Jul 2024 10:54:48 +0200 Subject: [PATCH] Fix multi-platform container image cleanup --- .github/workflows/container-images.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/container-images.yml b/.github/workflows/container-images.yml index 89f1db3..ca48009 100644 --- a/.github/workflows/container-images.yml +++ b/.github/workflows/container-images.yml @@ -58,7 +58,6 @@ jobs: fi echo "VERSION=${VERSION}" | tee -a "$GITHUB_OUTPUT" - # FIXME: disable provenance due to https://github.com/snok/container-retention-policy/issues/63 - name: build and push container images run: | case "${{ github.event_name }}" in @@ -69,7 +68,13 @@ jobs: make image-${{ matrix.image }} \ VERSION=${{ steps.info.outputs.VERSION }} \ IMAGE_PLATFORMS=${{ env.IMAGE_PLATFORMS }} \ - BUILDX_OUTPUT="${BUILDX_OUTPUT} --provenance=false" + BUILDX_OUTPUT="${BUILDX_OUTPUT}" + + - name: fetch container image shas + id: container-image + run: | + shas=$(docker manifest inspect ghcr.io/nagare-media/engine/${{ matrix.image }}:${{ steps.info.outputs.VERSION }} | jq -r '.manifests.[] | .digest' | paste -s -d ' ' -) + echo "SHAS=$shas" >> $GITHUB_OUTPUT - name: delete untagged container images uses: snok/container-retention-policy@v3.0.0 @@ -79,4 +84,6 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} tag-selection: untagged image-names: engine/${{ matrix.image }} - cut-off: 1d + image-tags: ${{ steps.info.outputs.VERSION }} + skip-shas: ${{ steps.container-image.outputs.SHAS }} + cut-off: 0s