Skip to content

Make ghcr.io cleanup more robust#1332

Merged
simu merged 2 commits intomasterfrom
ci/ghcr-cleanup-continue-on-error
Mar 25, 2026
Merged

Make ghcr.io cleanup more robust#1332
simu merged 2 commits intomasterfrom
ci/ghcr-cleanup-continue-on-error

Conversation

@simu
Copy link
Copy Markdown
Member

@simu simu commented Mar 25, 2026
edited
Loading

We configure the cleanup job to not fail the container image merge job when the cleanup fails.

Additionally, we need to ensure that we don't accidentally delete not-yet-tagged images created by other PR's jobs. We do this by only deleting untagged images that are older than 5 minutes in the PR job.

Finally, we enable delete-untagged with no image age restrictions for the job that deletes the PR tag after the PR gets closed, this should ensure that all remaining untagged images left over from the PR are deleted.

Checklist

  • Keep pull requests small so they can be easily reviewed.
  • Categorize the PR by setting a good title and adding one of the labels:
    bug, enhancement, documentation, change, breaking, dependency, internal
    as they show up in the changelog

@simu simu added the internal Internal changes which don't affect users but should appear in the changelog label Mar 25, 2026
@simu simu changed the title Don't fail container image build when ghcr.io cleanup fails Make ghcr.io cleanup more robust Mar 25, 2026
@simu
Make ghcr.io cleanup more robust
f930dd3 
We need to ensure that we don't accidentally delete not-yet-tagged
images created by other PR's jobs. Additionally, we enable
`delete-untagged` for the job that deletes the PR tag after the PR gets
closed.
@simu simu force-pushed the ci/ghcr-cleanup-continue-on-error branch from a4072d3 to f930dd3 Compare March 25, 2026 08:55
@simu simu marked this pull request as ready for review March 25, 2026 09:08
@simu simu requested a review from a team as a code owner March 25, 2026 09:08
@simu simu requested a review from a team March 25, 2026 09:08
@simu
Copy link
Copy Markdown
Member Author

simu commented Mar 25, 2026

Additionally, we need to ensure that we don't accidentally delete not-yet-tagged images created by other PR's jobs. We do this by only deleting untagged images that are older than 5 minutes in the PR job.

Rationale here: there's a window of opportunity of 1-2 minutes after the per-arch images have been pushed by digest (and are therefore untagged) until the job which creates the tagged multi-arch image completes. Therefore, having a guard of "older than 5 minutes" when cleaning up untagged images after the multi-arch image merge for a PR should be sufficient to never delete not-yet-tagged arch images generated by another PR's job.

@simu simu merged commit 3628d1e into master Mar 25, 2026
29 checks passed
@simu simu deleted the ci/ghcr-cleanup-continue-on-error branch March 25, 2026 09:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bastjan bastjan bastjan approved these changes

Assignees

No one assigned

Labels

internal Internal changes which don't affect users but should appear in the changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@simu @bastjan