From 38f4a8ff2c592cbdabda1f09e30e814282d1a023 Mon Sep 17 00:00:00 2001 From: Samuel Monson Date: Mon, 29 Sep 2025 12:05:44 -0400 Subject: [PATCH 1/3] Better error handling and add missing FQDN Signed-off-by: Samuel Monson --- .github/workflows/container-maintenance.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/container-maintenance.yml b/.github/workflows/container-maintenance.yml index ff75a3f4..e746371b 100644 --- a/.github/workflows/container-maintenance.yml +++ b/.github/workflows/container-maintenance.yml @@ -9,6 +9,9 @@ on: concurrency: group: ${{ github.workflow }} +permissions: + packages: write + jobs: cleanup-container-tags: runs-on: ubuntu-latest @@ -36,14 +39,15 @@ jobs: registry: ghcr.io/${{ github.repository_owner }} - name: Get list of tags run: | - skopeo list-tags docker://${{ github.repository }} | jq --raw-output '.Tags[]' > tags + set -euo pipefail # Fail pipe if any command fails + skopeo list-tags docker://ghcr.io/${{ github.repository }} | jq --raw-output '.Tags[]' > tags - name: Get latest release and rc tags run: | STABLE_TAG="$(grep -P '^v\d+\.\d+\.\d+$' tags | sort -rV | head -n1)" - echo "STABLE_TAG=${STABLE_TAG:-v0.0.0}" >> $GITHUB_ENV + echo "stable_tag=${STABLE_TAG:-v0.0.0}" >> $GITHUB_ENV LATEST_TAG="$(grep -P '^v\d+\.\d+\.\d+' tags | sort -rV | head -n1)" - echo "LATEST_TAG=${LATEST_TAG:-v0.0.0}" >> $GITHUB_ENV + echo "latest_tag=${LATEST_TAG:-v0.0.0}" >> $GITHUB_ENV - name: Update latest and stable tags run: | - skopeo copy docker://${{ github.repository }}:${{ env.stable_tag }} docker://${{ github.repository }}:stable - skopeo copy docker://${{ github.repository }}:${{ env.latest_tag }} docker://${{ github.repository }}:latest + skopeo copy docker://ghcr.io/${{ github.repository }}:${{ env.stable_tag }} docker://ghcr.io/${{ github.repository }}:stable + skopeo copy docker://ghcr.io/${{ github.repository }}:${{ env.latest_tag }} docker://ghcr.io/${{ github.repository }}:latest From aa436fb3d20f750f29e7ca3b1f12cd1745e4aa8e Mon Sep 17 00:00:00 2001 From: Samuel Monson Date: Mon, 29 Sep 2025 14:45:48 -0400 Subject: [PATCH 2/3] Use repo scope Signed-off-by: Samuel Monson --- .github/workflows/container-maintenance.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/container-maintenance.yml b/.github/workflows/container-maintenance.yml index e746371b..341718c2 100644 --- a/.github/workflows/container-maintenance.yml +++ b/.github/workflows/container-maintenance.yml @@ -19,7 +19,7 @@ jobs: - name: Delete PR and untagged images older than 2 weeks uses: snok/container-retention-policy@v3.0.0 with: - account: ${{ github.actor }} + account: ${{ github.repository_owner }} token: ${{ github.token }} image-names: ${{ github.event.repository.name }} image-tags: "pr-*" @@ -34,7 +34,7 @@ jobs: - name: Log into ghcr.io uses: redhat-actions/podman-login@v1 with: - username: ${{ github.actor }} + username: ${{ github.repository_owner }} password: ${{ github.token }} registry: ghcr.io/${{ github.repository_owner }} - name: Get list of tags From 7c3278093222af8864d9583896f8b9cf91ac7bef Mon Sep 17 00:00:00 2001 From: Samuel Monson Date: Mon, 29 Sep 2025 15:36:59 -0400 Subject: [PATCH 3/3] Disable dry run Signed-off-by: Samuel Monson --- .github/workflows/container-maintenance.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/container-maintenance.yml b/.github/workflows/container-maintenance.yml index 341718c2..86d54263 100644 --- a/.github/workflows/container-maintenance.yml +++ b/.github/workflows/container-maintenance.yml @@ -24,7 +24,7 @@ jobs: image-names: ${{ github.event.repository.name }} image-tags: "pr-*" cut-off: 2w - dry-run: true + dry-run: false push-container-tags: runs-on: ubuntu-latest