diff --git a/.github/workflows/container-registry-purge.yml b/.github/workflows/container-registry-purge.yml index 325de908fa..69e08c224a 100644 --- a/.github/workflows/container-registry-purge.yml +++ b/.github/workflows/container-registry-purge.yml @@ -2,8 +2,8 @@ name: Container Registry Purge on: - #schedule: - # - cron: '0 0 * * SUN' + schedule: + - cron: '0 0 * * SUN' workflow_dispatch: inputs: {} @@ -12,26 +12,45 @@ jobs: name: Purge old images runs-on: ubuntu-20.04 strategy: + fail-fast: false matrix: include: - name: bitwardenqa - name: bitwardenprod steps: - name: Login to Azure + if: matrix.name == 'bitwardenprod' uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + - name: Login to Azure + if: matrix.name == 'bitwardenqa' + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + with: + creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }} + - name: Purge images env: REGISTRY: ${{ matrix.name }} + AGO_DUR_VER: "180d" AGO_DUR: "30d" run: | REPO_LIST=$(az acr repository list -n $REGISTRY -o tsv) for REPO in $REPO_LIST do - PURGE_CMD="acr purge --filter '$REPO:.*' --ago $AGO_DUR --untagged --dry-run" - az acr run --cmd "$PURGE_CMD" --registry $REGISTRY /dev/null + TAG_LIST=$(az acr repository show-tags -n $REGISTRY --repository $REPO -o tsv) + for TAG in $TAG_LIST + do + if [ $TAG = "latest" ]; then + PURGE_CMD="acr purge --filter '$REPO:$TAG' --ago $AGO_DUR_VER --untagged --keep 1" + elif [[ $TAG =~ [0-9]+\.[0-9]+\.[0-9]+ ]]; then + PURGE_CMD="acr purge --filter '$REPO:$TAG' --ago $AGO_DUR_VER --untagged" + else + PURGE_CMD="acr purge --filter '$REPO:$TAG' --ago $AGO_DUR --untagged" + fi + az acr run --cmd "$PURGE_CMD" --registry $REGISTRY /dev/null + done done