From 3913d4c2c3ebca4eaf29b2c4f1324e58ee5314bc Mon Sep 17 00:00:00 2001 From: Vince Jerald Villamora Date: Sat, 2 Sep 2023 02:32:43 +0800 Subject: [PATCH] fix(github-actions): dependabot updates, add gar cleanup workflow --- .github/dependabot.yml | 4 +++- .github/workflows/release-dev.yml | 34 +++++++++++++++++++++++++++++- .github/workflows/release-main.yml | 34 +++++++++++++++++++++++++++++- 3 files changed, 69 insertions(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0279b4f..a76aeb5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,6 +9,7 @@ updates: - "vincejv" labels: - "dependencies" + open-pull-requests-limit: 20 - package-ecosystem: "github-actions" # Workflow files stored in the @@ -21,4 +22,5 @@ updates: - "vincejv" labels: - "dependencies" - - "ci-cd" \ No newline at end of file + - "ci-cd" + open-pull-requests-limit: 20 \ No newline at end of file diff --git a/.github/workflows/release-dev.yml b/.github/workflows/release-dev.yml index a7074f6..1b65a88 100644 --- a/.github/workflows/release-dev.yml +++ b/.github/workflows/release-dev.yml @@ -262,4 +262,36 @@ jobs: if: ${{ always() && needs.pre_job.outputs.should_skip != 'true' && needs.deploy_to_cloud.outputs.artifact_version == '' }} with: message: | - ❌ CI Build & Deployment failed, please check the [logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details \ No newline at end of file + ❌ CI Build & Deployment failed, please check the [logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details + + gcr-cleaner: + name: Clean-up old artifact registry images + needs: deploy_to_cloud + runs-on: 'ubuntu-latest' + permissions: + contents: read + id-token: write + steps: + - name: Google Auth + id: gcp-auth + uses: google-github-actions/auth@v1 + with: + token_format: 'access_token' + workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' + service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' + + - name: Login to Google Docker Registry + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: 'oauth2accesstoken' + password: ${{ steps.gcp-auth.outputs.access_token }} + + - name: Run GCR Cleaner + uses: docker://us-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli + with: + args: >- + -repo=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }} + -tag-filter-any "." + -keep=1 + -recursive=true \ No newline at end of file diff --git a/.github/workflows/release-main.yml b/.github/workflows/release-main.yml index b54d65a..9143b57 100644 --- a/.github/workflows/release-main.yml +++ b/.github/workflows/release-main.yml @@ -264,4 +264,36 @@ jobs: MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - run: mvn -B deploy -Dlib-only -Prelease-for-oss \ No newline at end of file + run: mvn -B deploy -Dlib-only -Prelease-for-oss + + gcr-cleaner: + name: Clean-up old artifact registry images + needs: deploy_to_cloud + runs-on: 'ubuntu-latest' + permissions: + contents: read + id-token: write + steps: + - name: Google Auth + id: gcp-auth + uses: google-github-actions/auth@v1 + with: + token_format: 'access_token' + workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' + service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' + + - name: Login to Google Docker Registry + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: 'oauth2accesstoken' + password: ${{ steps.gcp-auth.outputs.access_token }} + + - name: Run GCR Cleaner + uses: docker://us-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli + with: + args: >- + -repo=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }} + -tag-filter-any "." + -keep=1 + -recursive=true \ No newline at end of file