From b9b5a22549bb6de5b235b1451e5d46a254c393dd Mon Sep 17 00:00:00 2001
From: Evan Baker <rbtr@users.noreply.github.com>
Date: Wed, 27 Mar 2024 16:48:46 +0000
Subject: [PATCH] feat: add container cleanup cronjob

Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
---
 .github/workflows/container-cleanup.yaml | 33 ++++++++++++++++++++++++
 .github/workflows/release-charts.yaml    |  6 ++---
 2 files changed, 35 insertions(+), 4 deletions(-)
 create mode 100644 .github/workflows/container-cleanup.yaml

diff --git a/.github/workflows/container-cleanup.yaml b/.github/workflows/container-cleanup.yaml
new file mode 100644
index 0000000000..4e6aa28661
--- /dev/null
+++ b/.github/workflows/container-cleanup.yaml
@@ -0,0 +1,33 @@
+name: Container Registry Cleanup
+
+on:
+  schedule:
+    - cron: "0 0 * * *" # every day at midnight
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  container-cleanup:
+    name: delete-images
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        image:
+          - "retina/charts/retina"
+          - "retina/kubectl-retina"
+          - "retina/retina-agent"
+          - "retina/retina-init"
+          - "retina/retina-operator"
+    steps:
+      # This is a fork of the official actions/delete-package-versions which adds GHCR image tag support
+      # https://github.com/actions/delete-package-versions/pull/104
+      - uses: port-of-rotterdam-dtis/delete-package-versions@bf25fb8df311fdcbeac67ba2e5153495d76415a8
+        with:
+          package-name: ${{ matrix.image }}
+          package-type: "container"
+          min-versions-to-keep: 0
+          ignore-versions: "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(\\.*)$"
+          ignore-versions-include-tags: true
diff --git a/.github/workflows/release-charts.yaml b/.github/workflows/release-charts.yaml
index d01578a797..dbd15923e9 100644
--- a/.github/workflows/release-charts.yaml
+++ b/.github/workflows/release-charts.yaml
@@ -2,7 +2,6 @@ name: Release Retina Charts
 
 on:
   push:
-    branches: [main]
     tags: ["v*"]
 
 permissions:
@@ -25,7 +24,7 @@ jobs:
 
       - uses: azure/setup-helm@v4.2.0
         id: install
-      
+
       - name: Install Cosign
         uses: sigstore/cosign-installer@v3.5.0
 
@@ -33,7 +32,7 @@ jobs:
         run: |
           echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io -u $ --password-stdin
           echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
-      
+
       - name: Build, Push and Sign chart
         id: build_chart
         shell: bash
@@ -45,4 +44,3 @@ jobs:
           helm push retina-$TAG.tgz oci://ghcr.io/${{ github.repository }}/charts >> helm_push_result.txt 2>&1
           cat helm_push_result.txt
           cosign sign --yes ghcr.io/${{ github.repository }}/charts/retina@$(tail -n 1 helm_push_result.txt | awk '{ print $2 }')
-