Scruffy is a tool designed to garbage collect unused tags on quay.io. This
tool assumes that the tags that should be kept in such repositories are only the
ones that match a commit SHA for any of the branches provided by
--stable-branches.
Features
Garbage collect unused tags on quay.io
Missing features
None :-)
Build
make scruffy
Usage
Login into quay.io with a bot account, for example ciliumbot. Note Your organization should create its own bot account.
Go to the organization that holds the images that you want to delete, for example Quay Cilium Organization
Invite that bot account, for example ciliumbot, as an admin of that organization.
Create a new Application with the name "GC CI Images"
In the Application settings generate a new Token with the permissions "Read/Write to any accessible repositories".
Copy the access token in a safe place until so that it can be used as a
GitHub secret for the GitHub action.
Remove the bot account from the list of owners / admin of that organization.
Verify that the bot account only has access to the repositories that it
should delete tags from by checking https://quay.io/repository/ while logged
in with that bots account.
Set the token as a secret in the GitHub repository, QUAY_TOKEN and deploy
the GitHub action.
GitHub action
name: Scruffy
on:
workflow_dispatch:
schedule:
# Run the GC every monday at 9am
- cron: "0 9 * * 1"
permissions: read-all
jobs:
scruffy:
# if: github.repository == '<my-org>/<my-repo>'
name: scruffy
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- uses: docker://quay.io/cilium/scruffy:v0.0.1@sha256:15e3926d8e74aa6a278cc07fb61d5888322fabdae49637384dc6a3fb32452969
with:
entrypoint: scruffy
args: --git-repository=./
env:
QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }}