1616permissions :
1717 id-token : write
1818 contents : read
19- packages : write # Required for Azure Container Registry operations
19+ packages : write
2020
2121jobs :
2222 cleanup-images :
6565 echo "acr_name=$acr_name" >> $GITHUB_OUTPUT
6666 fi
6767
68- - name : Check ACR Permissions
69- id : check-permissions
70- run : |
71- acr_name="${{ steps.get-acr.outputs.acr_name }}"
72-
73- if [ -z "$acr_name" ]; then
74- echo "No Azure Container Registry found. Skipping permission check."
75- exit 0
76- fi
77-
78- echo "Checking permissions for ACR: $acr_name"
79-
80- # Check if current identity has AcrDelete role
81- permissions=$(az role assignment list --assignee ${{ env.AZURE_CLIENT_ID }} --scope "/subscriptions/${{ env.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.ContainerRegistry/registries/$acr_name" --query "[?roleDefinitionName=='AcrDelete'].roleDefinitionName" -o tsv)
82-
83- if [ -z "$permissions" ]; then
84- echo "❌ Warning: Current identity does not have AcrDelete role on the registry"
85- echo "has_delete_permission=false" >> $GITHUB_OUTPUT
86- else
87- echo "✅ Current identity has AcrDelete role"
88- echo "has_delete_permission=true" >> $GITHUB_OUTPUT
89- fi
90-
91- # Check if current identity has AcrPush role (which includes delete capabilities)
92- push_permissions=$(az role assignment list --assignee ${{ env.AZURE_CLIENT_ID }} --scope "/subscriptions/${{ env.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.ContainerRegistry/registries/$acr_name" --query "[?roleDefinitionName=='AcrPush'].roleDefinitionName" -o tsv)
93-
94- if [ -n "$push_permissions" ]; then
95- echo "✅ Current identity has AcrPush role (includes delete capabilities)"
96- echo "has_delete_permission=true" >> $GITHUB_OUTPUT
97- fi
98-
9968 - name : Cleanup Old Container Images
100- if : steps.check-permissions.outputs.has_delete_permission == 'true'
10169 run : |
10270 acr_name="${{ steps.get-acr.outputs.acr_name }}"
10371 dry_run="${{ github.event.inputs.dry_run || 'false' }}"
@@ -215,30 +183,15 @@ jobs:
215183 echo "Total images failed to delete: $total_failed"
216184 echo "Container image cleanup completed!"
217185 fi
218- # Always exit successfully if we're in dry run mode
219- if [ "$dry_run" = "true" ]; then
220- echo "✅ Cleanup process completed successfully (DRY RUN)!"
221- exit 0
222- fi
223-
224- # If we deleted at least one image, consider it a success
225- if [ "$total_deleted" -gt 0 ]; then
226- if [ "$total_failed" -gt 0 ]; then
227- echo "⚠️ Cleanup completed with partial success"
228- echo " - Successfully deleted: $total_deleted images"
229- echo " - Failed to delete: $total_failed images"
230- else
231- echo "✅ Cleanup process completed successfully!"
232- fi
233- exit 0
234- fi
235-
236- # If we didn't delete anything but there were things to delete
237- if [ "$total_failed" -gt 0 ]; then
186+
187+ # Exit with error only if all deletions failed
188+ if [ "$total_failed" -gt 0 ] && [ "$total_deleted" -eq 0 ]; then
238189 echo "❌ All deletion attempts failed. Please check ACR permissions and image locks."
239190 exit 1
240191 fi
241-
242- # If we get here, there was nothing to delete
243- echo "✅ Cleanup process completed (no images needed deletion)"
244- exit 0
192+
193+ # Exit successfully if we deleted at least some images
194+ if [ "$total_deleted" -gt 0 ] || [ "$dry_run" = "true" ]; then
195+ echo "✅ Cleanup process completed successfully!"
196+ exit 0
197+ fi
0 commit comments