fix(ci): fix cleanup-ghcr-images workflow

pront · pront · commit ea0846e3592f · 2026-06-25T15:45:44.000-04:00
- Fix test-runner package name: 'test-runner' -&gt; 'vector/test-runner'
  (package lives under the vector namespace in GHCR)
- Remove invalid num-old-versions-to-delete input (mutually exclusive
  with min-versions-to-keep in actions/delete-package-versions v5)
- Remove cleanup-vector-nightlies job; GITHUB_TOKEN lacks the
  delete:packages scope needed for org-owned container packages.
  Will be re-added using the GitHub App token.
diff --git a/.github/workflows/cleanup-ghcr-images.yml b/.github/workflows/cleanup-ghcr-images.yml
@@ -2,8 +2,11 @@
 #
 # This workflow cleans up old images from GitHub Container Registry
 # to prevent unlimited storage growth. It runs weekly and removes:
-# 1. Old dated nightly tags for vector (keeps last 30)
-# 2. Old test-runner versions (keeps 5 most recent)
+# 1. Old test-runner versions (keeps 5 most recent)
+#
+# Note: cleanup of dated vector nightly images requires a token with
+# delete:packages scope (GITHUB_TOKEN is insufficient for org-owned
+# container packages). This is tracked separately.
 
 name: Cleanup GHCR Images
 
@@ -12,94 +15,11 @@ on:
     # Run weekly on Sundays at 2 AM UTC
     - cron: "0 2 * * 0"
   workflow_dispatch:
-    inputs:
-      max_deletions:
-        description: "Max versions to delete (use 1 for testing; 0 = unlimited)"
-        required: false
-        default: "1"
 
 permissions:
   contents: read # Restrictive default
 
 jobs:
-  cleanup-vector-nightlies:
-    runs-on: ubuntu-24.04
-    permissions:
-      packages: write # Required to delete package versions from GHCR
-    steps:
-      - name: Delete old dated nightly vector images
-        env:
-          GH_TOKEN: ${{ github.token }}
-          # Scheduled runs delete everything beyond the threshold; dispatch defaults to 1 for safety.
-          MAX_DELETIONS: ${{ inputs.max_deletions || '0' }}
-        run: |
-          # Fetch only tagged versions whose tags don't match the ignore pattern.
-          # (nightly = rolling tag, \d+\.\d+ = stable releases like 0.46, 0.46.1)
-          # Untagged arch-specific child manifests are excluded; GHCR cleans them up
-          # automatically when their parent manifest list is deleted.
-          mapfile -t eligible < <(
-            gh api /users/vectordotdev/packages/container/vector/versions \
-              --paginate \
-              --jq '.[] | select(
-                (.metadata.container.tags | length > 0) and
-                (.metadata.container.tags | map(test("^(nightly$|[0-9]+[.][0-9]+)")) | any | not)
-              ) | [.created_at, (.id | tostring), (.metadata.container.tags | join(","))] | @tsv' \
-            | sort
-          )
-
-          total=${#eligible[@]}
-          to_delete=$(( total > 30 ? total - 30 : 0 ))
-
-          if [[ "$MAX_DELETIONS" -gt 0 && "$to_delete" -gt "$MAX_DELETIONS" ]]; then
-            echo "Capping deletions at MAX_DELETIONS=$MAX_DELETIONS (would delete $to_delete)."
-            to_delete=$MAX_DELETIONS
-          fi
-
-          echo "Tagged eligible versions: $total; deleting $to_delete oldest, keeping at least 30."
-
-          deleted=0
-          failed=0
-          for (( i=0; i<to_delete; i++ )); do
-            version_id=$(cut -f2 <<< "${eligible[$i]}")
-            tag=$(cut -f3 <<< "${eligible[$i]}")
-            if gh api -X DELETE "/users/vectordotdev/packages/container/vector/versions/$version_id" > /dev/null; then
-              deleted=$(( deleted + 1 ))
-              echo "Deleted: $tag (id=$version_id)"
-            else
-              failed=$(( failed + 1 ))
-              echo "Failed to delete: $tag (id=$version_id)"
-            fi
-            if (( (i+1) % 100 == 0 )); then
-              echo "Progress: $deleted deleted, $failed failed so far..."
-            fi
-          done
-
-          echo "Done. Deleted: $deleted, failed: $failed."
-          if [[ "$failed" -gt 0 ]]; then
-            exit 1
-          fi
-
-      - name: Verify nightly cleanup succeeded
-        if: always()
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          mapfile -t remaining < <(
-            gh api /users/vectordotdev/packages/container/vector/versions \
-              --paginate \
-              --jq '.[] | select(
-                (.metadata.container.tags | length > 0) and
-                (.metadata.container.tags | map(test("^(nightly$|[0-9]+[.][0-9]+)")) | any | not)
-              ) | .id | tostring'
-          )
-          count=${#remaining[@]}
-          echo "Tagged eligible versions remaining after cleanup: $count"
-          if [[ "${{ github.event_name }}" == "schedule" && "$count" -gt 30 ]]; then
-            echo "::error::Cleanup may have failed: $count tagged eligible versions remain (threshold: 30)."
-            exit 1
-          fi
-          echo "Verified: $count tagged eligible versions remain."
-
   cleanup-test-runner:
     runs-on: ubuntu-24.04
     permissions:
