1+ name : Cleanup Container Images
2+
3+ # Run daily at 2 AM UTC to clean up old container images
4+ on :
5+ schedule :
6+ - cron : ' 0 2 * * *' # Daily at 2 AM UTC
7+ workflow_dispatch : # Allow manual triggering
8+
9+ # Set up permissions for Azure authentication
10+ permissions :
11+ id-token : write
12+ contents : read
13+
14+ jobs :
15+ cleanup-images :
16+ runs-on : ubuntu-latest
17+ env :
18+ AZURE_CLIENT_ID : ${{ vars.AZURE_CLIENT_ID }}
19+ AZURE_TENANT_ID : ${{ vars.AZURE_TENANT_ID }}
20+ AZURE_SUBSCRIPTION_ID : ${{ vars.AZURE_SUBSCRIPTION_ID }}
21+ AZURE_ENV_NAME : ${{ vars.AZURE_ENV_NAME }}
22+ AZURE_LOCATION : ${{ vars.AZURE_LOCATION }}
23+
24+ steps :
25+ - name : Checkout
26+ uses : actions/checkout@v4
27+
28+ - name : Install Azure CLI
29+ run : |
30+ curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
31+
32+ - name : Log in with Azure (Federated Credentials)
33+ uses : azure/login@v2
34+ with :
35+ client-id : ${{ env.AZURE_CLIENT_ID }}
36+ tenant-id : ${{ env.AZURE_TENANT_ID }}
37+ subscription-id : ${{ env.AZURE_SUBSCRIPTION_ID }}
38+
39+ - name : Get Azure Container Registry Name
40+ id : get-acr
41+ run : |
42+ # Get the resource group name
43+ rg_name="rg-${{ env.AZURE_ENV_NAME }}"
44+ echo "Resource group: $rg_name"
45+
46+ # Get the ACR name from the resource group
47+ acr_name=$(az acr list --resource-group "$rg_name" --query "[0].name" --output tsv)
48+ echo "ACR Name: $acr_name"
49+ echo "acr_name=$acr_name" >> $GITHUB_OUTPUT
50+
51+ - name : Cleanup Old Container Images
52+ run : |
53+ acr_name="${{ steps.get-acr.outputs.acr_name }}"
54+
55+ if [ -z "$acr_name" ]; then
56+ echo "No Azure Container Registry found. Skipping cleanup."
57+ exit 0
58+ fi
59+
60+ echo "Cleaning up old images in ACR: $acr_name"
61+
62+ # Get all repositories in the ACR
63+ repositories=$(az acr repository list --name "$acr_name" --output tsv)
64+
65+ if [ -z "$repositories" ]; then
66+ echo "No repositories found in ACR. Nothing to clean up."
67+ exit 0
68+ fi
69+
70+ # Process each repository
71+ for repo in $repositories; do
72+ echo "Processing repository: $repo"
73+
74+ # Get all tags for this repository, sorted by creation time (newest first)
75+ tags=$(az acr repository show-tags --name "$acr_name" --repository "$repo" \
76+ --orderby time_desc --output tsv)
77+
78+ if [ -z "$tags" ]; then
79+ echo " No tags found for repository $repo"
80+ continue
81+ fi
82+
83+ # Count total tags
84+ tag_count=$(echo "$tags" | wc -l)
85+ echo " Found $tag_count tags in repository $repo"
86+
87+ # If we have more than 5 tags, delete the older ones
88+ if [ "$tag_count" -gt 5 ]; then
89+ # Skip the first 5 tags (most recent) and delete the rest
90+ tags_to_delete=$(echo "$tags" | tail -n +6)
91+ delete_count=$(echo "$tags_to_delete" | wc -l)
92+
93+ echo " Deleting $delete_count old tags from repository $repo"
94+
95+ for tag in $tags_to_delete; do
96+ echo " Deleting tag: $repo:$tag"
97+ az acr repository delete --name "$acr_name" --image "$repo:$tag" --yes
98+ done
99+
100+ echo " Successfully deleted $delete_count old tags from repository $repo"
101+ else
102+ echo " Repository $repo has $tag_count tags (≤5), no cleanup needed"
103+ fi
104+ done
105+
106+ echo "Container image cleanup completed!"
0 commit comments