From 894fa3056aa0b8235b753f03bf89c741c33a46d4 Mon Sep 17 00:00:00 2001
From: Lucy Linder <lucy.derlin@gmail.com>
Date: Wed, 21 Dec 2022 15:47:10 +0100
Subject: [PATCH] chore: add manual workflow to cleanup ghcr images

This workflow is necessary to avoid having too many docker images
in the registry (it grows fast!).

It should be triggered manually once in a while.
---
 .github/workflows/cleanup-registry.yaml | 40 +++++++++++++++++++++++++
 README.md                               | 15 ++++++++++
 2 files changed, 55 insertions(+)
 create mode 100644 .github/workflows/cleanup-registry.yaml

diff --git a/.github/workflows/cleanup-registry.yaml b/.github/workflows/cleanup-registry.yaml
new file mode 100644
index 0000000..18f1d25
--- /dev/null
+++ b/.github/workflows/cleanup-registry.yaml
@@ -0,0 +1,40 @@
+name: Cleanup Docker Registry
+on:
+  workflow_dispatch:
+    inputs:
+      dryRun:
+        type: boolean
+        default: true
+        description: Do not perform the cleanup
+      days:
+        type: string
+        default: '7'
+        description: Retention in days
+      untagged:
+        type: boolean
+        default: true
+        description: Delete untagged images
+      sha:
+        type: boolean
+        default: true
+        description: Delete main-<sha> and develop-<sha> tags
+
+jobs:
+  release_grun:
+    name: Cleanup Registry (dry-run=${{ inputs.dryRun }}, untagged=${{ inputs.untagged }}, sha=${{ inputs.sha }})
+    runs-on: ubuntu-latest
+    steps:
+      - name: Prune
+        uses: vlaurin/action-ghcr-prune@main
+        with:
+          # The PAT should have scopes repo + packages:delete
+          token: ${{ secrets.PAT_CLEANUP_PACKAGES }}
+          user: derlin
+          container: rickroller
+          dry-run: ${{ inputs.dryRun }}
+          older-than: ${{ inputs.days }}
+          untagged: ${{ inputs.untagged }}
+          tag-regex: ${{ inputs.sha && '^(develop|main)-[0-9a-f]{7}$' || '' }}
+          keep-tags-regexes: |
+            ^latest$
+            ^\d+(\.\d+){0,3}$
\ No newline at end of file
diff --git a/README.md b/README.md
index b5c6fa7..f8cab2c 100644
--- a/README.md
+++ b/README.md
@@ -39,6 +39,7 @@ To run RickRoller locally or deploy it using Docker, see [docs/quickstart](docs/
   * [Multi-platform support](#multi-platform-support)
 - [GitHub CI](#github-ci)
   * [Building docker images](#building-docker-images)
+  * [Keeping the GitHub Registry clean](#keeping-the-github-registry-clean)
   * [Pushing docker images to both Docker Hub and GitHub Registry](#pushing-docker-images-to-both-docker-hub-and-github-registry)
   * [Release automation: release-please](#release-automation-release-please)
   * [Deploying to Cloud Run With GitHub Action](#deploying-to-cloud-run-with-github-action)
@@ -299,6 +300,20 @@ Moving tags:
 Moving tags are useful for users, while unique tags are useful for developers when they want to test a specific version of the
 code. 
 
+<!-- TOC --><a name="keeping-the-github-registry-clean"></a>
+### Keeping the GitHub Registry clean
+
+A lot of images will be pushed to the registry from the CI.
+
+To clean up old tags, a workflow triggered manually is available.
+It uses the [vlaurin/action-ghcr-prune](https://github.com/vlaurin/action-ghcr-prune/issues/64)
+action to do the dead, which proposes lots of useful options. See their documentation
+for details.
+
+Note that to be used, this action requires a PAT - **P**ersonal **A**ccess **T**oken
+(it cannot work with the default `GITHUB_TOKEN`), with at least the scopes `repo`
+and `packages:delete`.
+
 <!-- TOC --><a name="pushing-docker-images-to-both-docker-hub-and-github-registry"></a>
 ### Pushing docker images to both Docker Hub and GitHub Registry