Forked registry cleanup
Currently the workflow goes like this, build image Foo
in Upstream/foo
registry, forked projects check Upstream/foo
and copy the image into their forked registry. This means that even if we cleanup the upstream repo the forked repositories will still have references to the images preventing them from being cleaned up.
I was looking at how gitlab is tagging their "cache" container/volumes the other day and noticed that they have a special LABEL
which they are then able to filter for and purge them.
CONTAINERS=$(docker ps -a -q \
--filter=status=exited \
--filter=status=dead \
--filter=label=com.gitlab.gitlab-runner.type=cache)
if [ -n "${CONTAINERS}" ]; then
docker rm -v ${CONTAINERS}
fi
While this won't work as is since we want to go through the Gitlab API, we could maybe could adapt it and workaround it. Instead of copying the image as is, we build a new one with an extra layer of LABEL=org.freedesktop.registry.is_forked=true"
and push that. Then have a job that crawls the registry api and inspects the images for this layer, and if its not matching the current tag, delete it.
I can think of a couple edge cases though as is,
- Multiple stable images you want to keep, the
$TAG
will probably be different for stable branches - Outdated checkouts that need rebasing will have an older tag(s), that might end up causing unintended deletions (though always repullable)