mirror of
https://github.com/bitwarden/server.git
synced 2025-02-02 23:41:21 +01:00
Add Container Registry Purge workflow (#1826)
This commit is contained in:
Vince Grassia
GitHub
parent
85797bde07
commit
a1f34b5de4
77
.github/workflows/container-registry-purge.yml
vendored
Normal file
77
.github/workflows/container-registry-purge.yml
vendored
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
---
|
||||||
|
name: Container Registry Purge
|
||||||
|
|
||||||
|
on:
|
||||||
|
schedule:
|
||||||
|
- cron: '0 0 * * SUN'
|
||||||
|
workflow_dispatch:
|
||||||
|
inputs: {}
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
purge:
|
||||||
|
name: Purge old images
|
||||||
|
runs-on: ubuntu-20.04
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
include:
|
||||||
|
- name: bitwardenqa
|
||||||
|
- name: bitwardenprod
|
||||||
|
steps:
|
||||||
|
- name: Login to Azure
|
||||||
|
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
|
||||||
|
with:
|
||||||
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
||||||
|
|
||||||
|
- name: Purge images
|
||||||
|
env:
|
||||||
|
REGISTRY: ${{ matrix.name }}
|
||||||
|
AGO_DUR: "30d"
|
||||||
|
run: |
|
||||||
|
REPO_LIST=$(az acr repository list -n $REGISTRY -o tsv)
|
||||||
|
for REPO in $REPO_LIST
|
||||||
|
do
|
||||||
|
PURGE_CMD="acr purge --filter '$REPO:.*' --ago $AGO_DUR --untagged --dry-run"
|
||||||
|
az acr run --cmd "$PURGE_CMD" --registry $REGISTRY /dev/null
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
check-failures:
|
||||||
|
name: Check for failures
|
||||||
|
if: always()
|
||||||
|
runs-on: ubuntu-20.04
|
||||||
|
needs:
|
||||||
|
- purge
|
||||||
|
steps:
|
||||||
|
- name: Check if any job failed
|
||||||
|
if: |
|
||||||
|
github.ref == 'refs/heads/master'
|
||||||
|
|| github.ref == 'refs/heads/rc'
|
||||||
|
|| github.ref == 'refs/heads/hotfix'
|
||||||
|
env:
|
||||||
|
PURGE_STATUS: ${{ needs.purge.result }}
|
||||||
|
run: |
|
||||||
|
if [ "$PURGE_STATUS" = "failure" ]; then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Login to Azure - Prod Subscription
|
||||||
|
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
|
||||||
|
if: failure()
|
||||||
|
with:
|
||||||
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
||||||
|
|
||||||
|
- name: Retrieve secrets
|
||||||
|
id: retrieve-secrets
|
||||||
|
uses: Azure/get-keyvault-secrets@470858ec5d16542d1a87e1998c0988130ef304dd
|
||||||
|
if: failure()
|
||||||
|
with:
|
||||||
|
keyvault: "bitwarden-prod-kv"
|
||||||
|
secrets: "devops-alerts-slack-webhook-url"
|
||||||
|
|
||||||
|
- name: Notify Slack on failure
|
||||||
|
uses: act10ns/slack@186ef8b81dc1f91522af6998d8019e2e886da2ca # v1.2.2
|
||||||
|
if: failure()
|
||||||
|
env:
|
||||||
|
SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
|
||||||
|
with:
|
||||||
|
status: ${{ job.status }}
|
||||||
Loading…
Reference in New Issue
Block a user