Merge pull request #810 from sscheib/renovate/debian-molecule-images #923
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: 'Purge caches' | |
| on: # yamllint disable-line rule:truthy | |
| push: | |
| branches: | |
| - 'main' | |
| pull_request: | |
| branches: | |
| - 'main' | |
| paths: | |
| - '.github/workflows/purge_caches.yml' | |
| # delete caches once a night | |
| schedule: | |
| - cron: '45 0 * * *' | |
| workflow_dispatch: {} | |
| permissions: | |
| contents: 'read' | |
| jobs: | |
| check-user-permissions: | |
| runs-on: 'ubuntu-24.04' | |
| permissions: | |
| contents: 'read' | |
| outputs: | |
| require-result: '${{ steps.check-access.outputs.require-result }}' | |
| steps: | |
| - name: 'Harden Runner' | |
| uses: 'step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f' # v2.10.2 | |
| with: | |
| egress-policy: 'block' | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github.com:443 | |
| - name: 'Get User Permissions' | |
| id: 'check-access' | |
| uses: 'actions-cool/check-user-permission@956b2e73cdfe3bcb819bb7225e490cb3b18fd76e' # v2.2.1 | |
| with: | |
| require: 'write' | |
| username: '${{ github.triggering_actor }}' | |
| env: | |
| GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
| - name: 'Check User Permission' | |
| if: "steps.check-access.outputs.require-result == 'false'" | |
| shell: 'bash' | |
| run: | | |
| # fail if: | |
| # - a variable is unbound | |
| # - any command fails | |
| # - a command in a pipe fails | |
| # - a command in a sub-shell fails | |
| set -Eeuo pipefail | |
| # enable debug if runner runs in debug | |
| [[ "${{ runner.debug }}" -ne 1 ]] || { | |
| echo "INFO: Enabling bash trace"; | |
| set -x; | |
| }; | |
| echo "${{ github.triggering_actor }} does not have permissions on this repo." | |
| echo "Current permission level is ${{ steps.check-access.outputs.user-permission }}" | |
| echo "Job originally triggered by ${{ github.actor }}" | |
| purge-caches: | |
| name: 'Purge caches' | |
| if: "needs.check-user-permissions.outputs.require-result == 'true'" | |
| needs: 'check-user-permissions' | |
| runs-on: 'ubuntu-24.04' | |
| permissions: | |
| actions: 'write' | |
| steps: | |
| - name: 'Harden Runner' | |
| uses: 'step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f' # v2.10.2 | |
| with: | |
| disable-sudo: true | |
| egress-policy: 'block' | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github.com:443 | |
| - name: 'Purge caches that have not been accessed for more than two days' | |
| uses: 'actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea' # v7.0.1 | |
| with: | |
| script: | | |
| console.log('Clearing caches'); | |
| const caches = await github.paginate("GET /repos/{owner}/{repo}/actions/caches", { | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| per_page: 100, | |
| }); | |
| const today = new Date().getTime(); | |
| let deletedCaches = 0; | |
| console.log( | |
| 'Total caches retrieved: ' + caches.length | |
| ); | |
| for (const cache of caches) { | |
| console.log( | |
| 'Checking cache ' + cache.key + ' (ID: ' + cache.id + ')' | |
| ); | |
| let accessedDate = null; | |
| if (cache.last_accessed_at !== undefined) { | |
| accessedDate = Date.parse(cache.last_accessed_at); | |
| } | |
| // last accessed more than 2 days ago | |
| if (accessedDate !== null && today - accessedDate > 60 * 60 * 1000 * 24 * 2) { | |
| console.log( | |
| 'Deleting cache ' + cache.key + ' (ID: ' + cache.id + ')' | |
| ); | |
| github.rest.actions.deleteActionsCacheById({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| cache_id: cache.id, | |
| }) | |
| deletedCaches++; | |
| } | |
| } | |
| console.log( | |
| 'Number of deleted caches: ' + deletedCaches | |
| ); | |
| ... |