fix(github-actions): dependabot updates, add gar cleanup workflow

vincejv · Sep 1, 2023 · 4b32341 · 4b32341
1 parent 655a740
commit 4b32341
Show file tree

Hide file tree

Showing 3 changed files with 69 additions and 3 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,6 +9,7 @@ updates:
       - "vincejv"
     labels:
       - "dependencies"
+    open-pull-requests-limit: 20
 
   - package-ecosystem: "github-actions"
     # Workflow files stored in the
@@ -21,4 +22,5 @@ updates:
       - "vincejv"
     labels:
       - "dependencies"
-      - "ci-cd"
+      - "ci-cd"
+    open-pull-requests-limit: 20
diff --git a/.github/workflows/release-dev.yml b/.github/workflows/release-dev.yml
@@ -244,4 +244,36 @@ jobs:
         if: ${{ always() && needs.pre_job.outputs.should_skip != 'true' && needs.deploy_to_cloud.outputs.artifact_version == '' }}
         with:
           message: |
-            ❌ CI Build & Deployment failed, please check the [logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details
+            ❌ CI Build & Deployment failed, please check the [logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details
+            
+  gcr-cleaner:
+    name: Clean-up old artifact registry images
+    needs: deploy_to_cloud
+    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Google Auth
+        id: gcp-auth
+        uses: google-github-actions/auth@v1
+        with:
+          token_format: 'access_token'
+          workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
+          service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
+
+      - name: Login to Google Docker Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: 'oauth2accesstoken'
+          password: ${{ steps.gcp-auth.outputs.access_token }}
+
+      - name: Run GCR Cleaner
+        uses: docker://us-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli
+        with:
+          args: >-
+            -repo=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }}
+            -tag-filter-any "."
+            -keep=1
+            -recursive=true
diff --git a/.github/workflows/release-main.yml b/.github/workflows/release-main.yml
@@ -249,4 +249,36 @@ jobs:
           MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
-        run: mvn -B deploy -Dlib-only -Prelease-for-oss
+        run: mvn -B deploy -Dlib-only -Prelease-for-oss
+
+  gcr-cleaner:
+    name: Clean-up old artifact registry images
+    needs: deploy_to_cloud
+    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Google Auth
+        id: gcp-auth
+        uses: google-github-actions/auth@v1
+        with:
+          token_format: 'access_token'
+          workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
+          service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
+
+      - name: Login to Google Docker Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: 'oauth2accesstoken'
+          password: ${{ steps.gcp-auth.outputs.access_token }}
+
+      - name: Run GCR Cleaner
+        uses: docker://us-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli
+        with:
+          args: >-
+            -repo=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }}
+            -tag-filter-any "."
+            -keep=1
+            -recursive=true