Add org-wide maintenance workflow #12
Conversation
maintenance/delete_workflows.sh
Outdated
| while read -r line; do | ||
| id="$line" | ||
| artifact_count=$(gh api /repos/${repo}/actions/runs/${id}/artifacts | jq -r '.total_count') | ||
| if [ "${artifact_count}" = "0" ] |
There was a problem hiding this comment.
I assume the artifacts count is > 0 if there are logs but 0 once they where cleaned up? (wasn't able to confirm that with the docs)
There was a problem hiding this comment.
No, artifacts != logs. Artifacts are the binaries produced by workflows and uploaded using this action. More info here.
Right now we don't use artifacts anywhere but in JMP. See this workflow as an example. Artifacts are located at the bottom. Logs are the output of the job
Artifacts also expire, but might have a different expiration date than logs. That's why we need to set a preference order on what's more important, logs or artifacts.
For my script's logic, I choose that artifacts > logs. I assume that maintainers/teams that have configured the artifact retention period to be larger than the retention for logs have their reasons to do so, so I'm not allowed to remove workflows runs that might have valuable data.
How the script works:
As I mentioned, for each workflow, the script checks if there are artifacts:
- IF TRUE (total_count != 0): We continue the loop to the next one and ignore if the workflow run has logs or not because artifacts are more relevant.
- IF FALSE (total_count == 0): We call the API endpoint to download the logs (there is no API endpoint for querying for its existence, so I must perform the download straightaway). If the logs doesn't exist, GitHub will reply with HTTP 401 Gone, so we can remove the workflow run without further ado.
gh exits with code 1 when it receives the 401, so we can use the standard || in bash to run the deletion command. This happens in this line:
gh api --silent /repos/${repo}/actions/runs/${id}/logs || \
echo -n | gh api --method DELETE /repos/${repo}/actions/runs/${id} --input - && \
echo "Workflow run without logs and artifacts with ID $id deleted successfully!"
There was a problem hiding this comment.
wow I must have been blind not seeing that gh api --silent /repos/${repo}/actions/runs/${id}/logs, all good then xD
ferferga
force-pushed
the
maintenance
branch
from
2faa49b to
cf313d3
Compare
Adds a workflow that performs the following actions:
Job 1
Remove all the workflow runs from the specified repos except those that are successful or failed (
conclusionof workflows that will be removed: cancelled, skipped, startup_failure... See all the possible conclusions that the API has here)After that, remove all the failed or successful workflows that doesn't have logs or artifacts anymore.
I added all the repos on our org that use GitHub Actions as of today (08/09/2021), as this is unlikely to impact the workflow of somebody. However, any maintainer/team can opt out by commenting on this Pull Request before it's merged (or by removing the repo from the matrix used in the workflow at any time)
Job 2
See how many dangling images the jellyfin-vue container has (more than 5000), and it has been using GHCR for a relatively short period of time.
Needed tokens
This PR needs that the following org-wide secrets are made available in this repo:
workflow,write/read:packages,delete:packages,read:org