+# docker clean stage #
+# run during the check stage #
+# #
+#################################################################
+
+#
+# This stage will look for the docker images we currently have in
+# the registry and will remove any that are not tagged as 'latest'
+#
+.docker-clean: &docker_clean
+ stage: docker_check
+ image: registry.freedesktop.org/libinput/libinput/jq:latest
+ script:
+ # get the full docker image name (CURRENT_DOCKER_IMAGE still has indirections)
+ - DOCKER_IMAGE=$(eval echo "$CURRENT_DOCKER_IMAGE")
+ - REPOSITORY=$(echo $DOCKER_IMAGE | cut -f2- -d/)
+
+ # get the r/w token from the settings to access the registry
+ #
+ # each developer needs to register a secret variable that contains
+ # a personal token with api access in the form of:
+ # PERSONAL_TOKEN_$USER (for example PERSONAL_TOKEN_bentiss)
+ - tokenname="PERSONAL_TOKEN_$GITLAB_USER_LOGIN"
+ - token=$(eval echo "\$$tokenname")
+
+ # request a token for the registry API
+ - REGISTRY_TOKEN=$(curl https://gitlab.freedesktop.org/jwt/auth --get
+ --silent --show-error
+ -d client_id=docker
+ -d offline_token=true
+ -d service=container_registry
+ -d "scope=repository:$REPOSITORY:pull,*"
+ --fail
+ --user $GITLAB_USER_LOGIN:$token
+ | sed -r 's/(\{"token":"|"\})//g')
+
+ # get the digest of the latest image
+ - LATEST_MANIFEST=$(curl https://$CI_REGISTRY/v2/$REPOSITORY/manifests/latest --silent
+ -H "accept:application/vnd.docker.distribution.manifest.v2+json"
+ -H "authorization:Bearer $REGISTRY_TOKEN"
+ --head
+ | grep -i "Docker-Content-Digest"
+ | grep -oi "sha256:\w\+")
+
+ # get the list of tags
+ - TAGS=$(curl https://$CI_REGISTRY/v2/$REPOSITORY/tags/list --silent
+ -H "accept:application/vnd.docker.distribution.manifest.v2+json"
+ -H "authorization:Bearer $REGISTRY_TOKEN"
+ | jq -r '.tags[]')
+
+ # iterate over the tags
+ - for tag in $TAGS;
+ do
+ MANIFEST=$(curl https://$CI_REGISTRY/v2/$REPOSITORY/manifests/$tag --silent
+ -H "accept:application/vnd.docker.distribution.manifest.v2+json"
+ -H "authorization:Bearer $REGISTRY_TOKEN"
+ --head
+ | grep -i "Docker-Content-Digest"
+ | grep -oi "sha256:\w\+");
+ if test x"$MANIFEST" != x"$LATEST_MANIFEST";
+ then
+ echo removing $tag as $MANIFEST;
+ curl https://$CI_REGISTRY/v2/$REPOSITORY/manifests/$MANIFEST --silent
+ -H "accept:application/vnd.docker.distribution.manifest.v2+json"
+ -H "authorization:Bearer $REGISTRY_TOKEN"
+ --fail --show-error -X DELETE
+ ;fi
+ ;done
+ dependencies: []
+ allow_failure: true
+ <<: *restrict_docker_creation
+
+fedora:28@docker-clean:
+ variables:
+ GIT_STRATEGY: none
+ FEDORA_VERSION: 28
+ CURRENT_DOCKER_IMAGE: $FEDORA_DOCKER_IMAGE
+ <<: *docker_clean
+
+fedora:27@docker-clean:
+ variables:
+ GIT_STRATEGY: none
+ FEDORA_VERSION: 27
+ CURRENT_DOCKER_IMAGE: $FEDORA_DOCKER_IMAGE
+ <<: *docker_clean
+
+ubuntu:17.10@docker-clean:
+ variables:
+ GIT_STRATEGY: none
+ UBUNTU_VERSION: "17.10"
+ CURRENT_DOCKER_IMAGE: $UBUNTU_DOCKER_IMAGE
+ <<: *docker_clean
+
+ubuntu:18.04@docker-clean:
+ variables:
+ GIT_STRATEGY: none
+ UBUNTU_VERSION: "18.04"
+ CURRENT_DOCKER_IMAGE: $UBUNTU_DOCKER_IMAGE
+ <<: *docker_clean
+
+#################################################################
+# #