--- name: Container registry cleanup on: pull_request: types: [closed] jobs: build-docker: name: Remove branch-specific Docker images runs-on: ubuntu-22.04 steps: - name: Check out repo uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 ########## ACR ########## - name: Log in to Azure - QA Subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }} - name: Log in to Azure ACR run: az acr login -n bitwardenqa - name: Log in to Azure - production subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Log in to Azure ACR run: az acr login -n bitwardenprod ########## Remove Docker images ########## - name: Remove the Docker image from ACR env: REGISTRIES: | registries: - bitwardenprod - bitwardenqa SERVICES: | services: - Admin - Api - Attachments - Events - EventsProcessor - Icons - Identity - K8S-Proxy - MsSql - Nginx - Notifications - Server - Setup - Sso run: | for SERVICE in $(echo "${{ env.SERVICES }}" | yq e ".services[]" - ) do for REGISTRY in $( echo "${{ env.REGISTRIES }}" | yq e ".registries[]" - ) do SERVICE_NAME=$(echo $SERVICE | awk '{print tolower($0)}') IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") # slash safe branch name echo "[*] Checking if remote exists: $REGISTRY.azurecr.io/$SERVICE_NAME:$IMAGE_TAG" TAG_EXISTS=$( az acr repository show-tags --name $REGISTRY --repository $SERVICE_NAME \ | jq --arg $TAG "$IMAGE_TAG" -e '. | any(. == "$TAG")' ) if [[ "$TAG_EXISTS" == "true" ]]; then echo "[*] Tag exists. Removing tag" az acr repository delete --name $REGISTRY --image $SERVICE_NAME:$IMAGE_TAG --yes else echo "[*] Tag does not exist. No action needed" fi done done - name: Log out of Docker run: docker logout