mirror of
https://github.com/bitwarden/server.git
synced 2024-11-25 12:45:18 +01:00
6d860acab4
* pin version tags in database cleanup and issues response wf * update all workflow for actions version pin * edit build strategy and a few version pin typo
108 lines
3.2 KiB
YAML
108 lines
3.2 KiB
YAML
---
|
|
name: Container Registry Purge
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '0 0 * * SUN'
|
|
workflow_dispatch:
|
|
inputs: {}
|
|
|
|
jobs:
|
|
purge:
|
|
name: Purge old images
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- name: Login to Azure
|
|
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Purge images
|
|
env:
|
|
REGISTRY: bitwardenprod
|
|
AGO_DUR_VER: "180d"
|
|
AGO_DUR: "30d"
|
|
run: |
|
|
REPO_LIST=$(az acr repository list -n $REGISTRY -o tsv)
|
|
for REPO in $REPO_LIST
|
|
do
|
|
|
|
PURGE_LATEST=""
|
|
PURGE_VERSION=""
|
|
PURGE_ELSE=""
|
|
|
|
TAG_LIST=$(az acr repository show-tags -n $REGISTRY --repository $REPO -o tsv)
|
|
for TAG in $TAG_LIST
|
|
do
|
|
if [ $TAG = "latest" ] || [ $TAG = "dev" ]; then
|
|
PURGE_LATEST+="--filter '$REPO:$TAG' "
|
|
elif [[ $TAG =~ [0-9]+\.[0-9]+\.[0-9]+ ]]; then
|
|
PURGE_VERSION+="--filter '$REPO:$TAG' "
|
|
else
|
|
PURGE_ELSE+="--filter '$REPO:$TAG' "
|
|
fi
|
|
done
|
|
|
|
if [ ! -z "$PURGE_LATEST" ]
|
|
then
|
|
PURGE_LATEST_CMD="acr purge $PURGE_LATEST --ago $AGO_DUR_VER --untagged --keep 1"
|
|
az acr run --cmd "$PURGE_LATEST_CMD" --registry $REGISTRY /dev/null &
|
|
fi
|
|
|
|
if [ ! -z "$PURGE_VERSION" ]
|
|
then
|
|
PURGE_VERSION_CMD="acr purge $PURGE_VERSION --ago $AGO_DUR_VER --untagged"
|
|
az acr run --cmd "$PURGE_VERSION_CMD" --registry $REGISTRY /dev/null &
|
|
fi
|
|
|
|
if [ ! -z "$PURGE_ELSE" ]
|
|
then
|
|
PURGE_ELSE_CMD="acr purge $PURGE_ELSE --ago $AGO_DUR --untagged"
|
|
az acr run --cmd "$PURGE_ELSE_CMD" --registry $REGISTRY /dev/null &
|
|
fi
|
|
|
|
wait
|
|
|
|
done
|
|
|
|
check-failures:
|
|
name: Check for failures
|
|
if: always()
|
|
runs-on: ubuntu-20.04
|
|
needs:
|
|
- purge
|
|
steps:
|
|
- name: Check if any job failed
|
|
if: |
|
|
github.ref == 'refs/heads/master'
|
|
|| github.ref == 'refs/heads/rc'
|
|
|| github.ref == 'refs/heads/hotfix-rc'
|
|
env:
|
|
PURGE_STATUS: ${{ needs.purge.result }}
|
|
run: |
|
|
if [ "$PURGE_STATUS" = "failure" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
- name: Login to Azure - CI subscription
|
|
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3
|
|
if: failure()
|
|
with:
|
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f
|
|
if: failure()
|
|
with:
|
|
keyvault: "bitwarden-ci"
|
|
secrets: "devops-alerts-slack-webhook-url"
|
|
|
|
- name: Notify Slack on failure
|
|
uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0
|
|
if: failure()
|
|
env:
|
|
SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
|
|
with:
|
|
status: ${{ job.status }}
|