Clean old cache in App registries #731
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Clean old cache in App registries | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 0 * * *' # Daily | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| purge: | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/master' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - name: "dev" | |
| registry: "radixdevapp" | |
| subscription_id: "16ede44b-1f74-40a5-b428-46cca9a5741b" | |
| client_id: "94ad7918-e504-4132-9916-0293689cd140" | |
| - name: "playground" | |
| registry: "radixplaygroundapp" | |
| subscription_id: "16ede44b-1f74-40a5-b428-46cca9a5741b" | |
| client_id: "cba1287a-42e8-4e1d-ba1f-d5a86021aa17" | |
| - name: "platform" | |
| registry: "radixprodapp" | |
| subscription_id: ded7ca41-37c8-4085-862f-b11d21ab341a | |
| client_id: "5b6da3d2-84f9-4703-b253-f6b7a528b080" | |
| - name: "c2" | |
| registry: "radixc2app" | |
| subscription_id: ded7ca41-37c8-4085-862f-b11d21ab341a | |
| client_id: "fa0fa160-648d-46f0-93ce-65fe0838a075" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: Azure/acr-cli | |
| ref: v0.8 | |
| - uses: actions/setup-go@v5 | |
| - name: Compile ACR binary | |
| run: make binaries | |
| - name: Get GitHub Public IP | |
| id: github_public_ip | |
| run: echo "ipv4=$(curl 'https://ifconfig.me/ip')" >> $GITHUB_OUTPUT | |
| - name: 'Az CLI login' | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ matrix.target.client_id }} | |
| tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" | |
| subscription-id: ${{ matrix.target.subscription_id }} | |
| - name: Enable Public Access to ACR | |
| id: enable_publicaccess | |
| run: az acr update --name ${{ matrix.target.registry }} --public-network-enabled true --query provisioningState | |
| - name: Add GitHub IP to ACR | |
| id: update_firewall | |
| run: az acr network-rule add --name ${{ matrix.target.registry }} --ip-address ${{ steps.github_public_ip.outputs.ipv4 }} --query provisioningState | |
| - name: Create ACR Token | |
| run: echo "token=$(az acr login --name=${{ matrix.target.registry }} --expose-token | jq -r '.accessToken')" >> $GITHUB_OUTPUT | |
| id: token | |
| - name: Purge old cache | |
| run: ./bin/acr purge --registry=${{ matrix.target.registry }}.azurecr.io --password=${{steps.token.outputs.token}} --username= --filter='*/cache:.*' --ago=7d --untagged | |
| - name: Revoke GitHub IP on ACR | |
| if: ${{ steps.update_firewall.outcome == 'success' && !cancelled()}} # Always run this step even if previous step failed | |
| run: az acr network-rule remove --name ${{ matrix.target.registry }} --ip-address ${{ steps.github_public_ip.outputs.ipv4 }} --query provisioningState | |
| - name: Disable Public Access to ACR | |
| id: disable_publicaccess | |
| if: ${{ steps.enable_publicaccess.outcome == 'success' && !cancelled()}} # Always run this step even if previous step failed | |
| run: az acr update --name ${{ matrix.target.registry }} --public-network-enabled false --query provisioningState |