variables:
# The upstrem repository we will check for images
FDO_UPSTREAM_REPO: libevdev/libevdev
- # The image that has buildah installed
- BUILDAH_IMAGE: $CI_REGISTRY/wayland/ci-templates/buildah:latest
LIBEVDEV_SKIP_ROOT_TESTS: 1
GIT_DEPTH: 1
MESON_BUILDDIR: 'build dir'
# This stage will look for the container images we currently have in
# the registry and will remove any that are not tagged with the provided
# $container_image:$tag
-#
.container-clean:
stage: container_clean
- image: $BUILDAH_IMAGE
+ image: golang:alpine
+ before_script:
+ - apk add python3
+ - pip3 install --user python-gitlab
script:
- - CONTAINER_IMAGE=$DISTRO_CONTAINER_IMAGE
- - GITLAB=$(echo $CI_PROJECT_URL | cut -f3 -d/)
- - REPOSITORY=$(echo $CONTAINER_IMAGE | cut -f2- -d/ | cut -f1 -d:)
- - IMAGE_PATH=$(echo $CONTAINER_IMAGE | cut -f1 -d:)
- - LATEST_TAG=$(echo $CONTAINER_IMAGE | cut -f2 -d:)
-
- # log in to the registry (read only)
- - podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-
- # get the r/w token from the settings to access the registry
- #
- # each developer needs to register a secret variable that contains
- # a personal token with api access. The token
- # - must be named PERSONAL_TOKEN_$USER (for example PERSONAL_TOKEN_bentiss)
- # - must be registered in the CI/CD Variables section as type file
- # - value must be a netrc file as a single-line string:
- # default login <user> password <token value>
- # e.g. "default login bentiss password 1235abcde"
- - tokenname="PERSONAL_TOKEN_$GITLAB_USER_LOGIN"
- - netrcfile=$(eval echo "\$$tokenname")
- - if [[ ! -f "$netrcfile" ]]; then
- echo "No netrc file found or token is missing, skipping job" && false;
- fi
-
- # request a token for the registry API
- - REGISTRY_TOKEN=$(curl https://$GITLAB/jwt/auth --get
- --silent --show-error
- -d client_id=docker
- -d offline_token=true
- -d service=container_registry
- -d "scope=repository:$REPOSITORY:pull,*"
- --fail
- --netrc-file "$netrcfile"
- | sed -r 's/(\{"token":"|"\})//g')
-
- # get the digest of the latest image
- - LATEST_MANIFEST=$(skopeo inspect docker://$IMAGE_PATH:$LATEST_TAG | jq -r '.Digest')
-
- # get the list of tags
- - TAGS=$(skopeo inspect docker://$IMAGE_PATH:$LATEST_TAG | jq -r '.RepoTags[]')
- # FIXME: is the above command working properly? If not, use below:
- # - TAGS=$(curl -X GET -H "accept:application/vnd.docker.distribution.manifest.v2+json"
- # -H "authorization:Bearer $REGISTRY_TOKEN"
- # https://$CI_REGISTRY/v2/$REPOSITORY/tags/list | jq -r '.tags[]')
-
- # iterate over the tags
- - for tag in $TAGS;
- do
- MANIFEST=$(skopeo inspect docker://$IMAGE_PATH:$tag | jq -r '.Digest');
- if test x"$MANIFEST" != x"$LATEST_MANIFEST";
- then
- echo removing $tag as $MANIFEST;
- curl https://$CI_REGISTRY/v2/$REPOSITORY/manifests/$MANIFEST --silent
- -H "accept:application/vnd.docker.distribution.manifest.v2+json"
- -H "authorization:Bearer $REGISTRY_TOKEN"
- --fail --show-error -X DELETE || true
- ;fi
- ;done
+ - LATEST_TAG=$(echo $DISTRO_CONTAINER_IMAGE | cut -f2 -d:)
+ # Go to your Profile, Settings, Access Tokens
+ # Create a personal token with 'api' scope, copy the value.
+ # Go to Settings, CI/CD, Variables
+ # Define a variable of type File named AUTHFILE. Content is that token
+ # value.
+ - python3 .gitlab-ci/gitlab-container-delete $CI_SERVER_URL $CI_PROJECT_PATH
+ --repository $DISTRIB_NAME/$FDO_DISTRIBUTION_VERSION
+ --authfile $AUTHFILE --exclude-tag "$LATEST_TAG"
dependencies: []
allow_failure: true
only:
- schedules
- variables:
- GIT_STRATEGY: none
### fedora 30
fedora:30@container-clean:
variables:
# The upstrem repository we will check for images
FDO_UPSTREAM_REPO: libevdev/libevdev
- # The image that has buildah installed
- BUILDAH_IMAGE: $CI_REGISTRY/wayland/ci-templates/buildah:latest
LIBEVDEV_SKIP_ROOT_TESTS: 1
GIT_DEPTH: 1
MESON_BUILDDIR: 'build dir'
# This stage will look for the container images we currently have in
# the registry and will remove any that are not tagged with the provided
# $container_image:$tag
-#
.container-clean:
stage: container_clean
- image: $BUILDAH_IMAGE
+ image: golang:alpine
+ before_script:
+ - apk add python3
+ - pip3 install --user python-gitlab
script:
- - CONTAINER_IMAGE=$DISTRO_CONTAINER_IMAGE
- - GITLAB=$(echo $CI_PROJECT_URL | cut -f3 -d/)
- - REPOSITORY=$(echo $CONTAINER_IMAGE | cut -f2- -d/ | cut -f1 -d:)
- - IMAGE_PATH=$(echo $CONTAINER_IMAGE | cut -f1 -d:)
- - LATEST_TAG=$(echo $CONTAINER_IMAGE | cut -f2 -d:)
-
- # log in to the registry (read only)
- - podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-
- # get the r/w token from the settings to access the registry
- #
- # each developer needs to register a secret variable that contains
- # a personal token with api access. The token
- # - must be named PERSONAL_TOKEN_$USER (for example PERSONAL_TOKEN_bentiss)
- # - must be registered in the CI/CD Variables section as type file
- # - value must be a netrc file as a single-line string:
- # default login <user> password <token value>
- # e.g. "default login bentiss password 1235abcde"
- - tokenname="PERSONAL_TOKEN_$GITLAB_USER_LOGIN"
- - netrcfile=$(eval echo "\$$tokenname")
- - if [[ ! -f "$netrcfile" ]]; then
- echo "No netrc file found or token is missing, skipping job" && false;
- fi
-
- # request a token for the registry API
- - REGISTRY_TOKEN=$(curl https://$GITLAB/jwt/auth --get
- --silent --show-error
- -d client_id=docker
- -d offline_token=true
- -d service=container_registry
- -d "scope=repository:$REPOSITORY:pull,*"
- --fail
- --netrc-file "$netrcfile"
- | sed -r 's/(\{"token":"|"\})//g')
-
- # get the digest of the latest image
- - LATEST_MANIFEST=$(skopeo inspect docker://$IMAGE_PATH:$LATEST_TAG | jq -r '.Digest')
-
- # get the list of tags
- - TAGS=$(skopeo inspect docker://$IMAGE_PATH:$LATEST_TAG | jq -r '.RepoTags[]')
- # FIXME: is the above command working properly? If not, use below:
- # - TAGS=$(curl -X GET -H "accept:application/vnd.docker.distribution.manifest.v2+json"
- # -H "authorization:Bearer $REGISTRY_TOKEN"
- # https://$CI_REGISTRY/v2/$REPOSITORY/tags/list | jq -r '.tags[]')
-
- # iterate over the tags
- - for tag in $TAGS;
- do
- MANIFEST=$(skopeo inspect docker://$IMAGE_PATH:$tag | jq -r '.Digest');
- if test x"$MANIFEST" != x"$LATEST_MANIFEST";
- then
- echo removing $tag as $MANIFEST;
- curl https://$CI_REGISTRY/v2/$REPOSITORY/manifests/$MANIFEST --silent
- -H "accept:application/vnd.docker.distribution.manifest.v2+json"
- -H "authorization:Bearer $REGISTRY_TOKEN"
- --fail --show-error -X DELETE || true
- ;fi
- ;done
+ - LATEST_TAG=$(echo $DISTRO_CONTAINER_IMAGE | cut -f2 -d:)
+ # Go to your Profile, Settings, Access Tokens
+ # Create a personal token with 'api' scope, copy the value.
+ # Go to Settings, CI/CD, Variables
+ # Define a variable of type File named AUTHFILE. Content is that token
+ # value.
+ - python3 .gitlab-ci/gitlab-container-delete $CI_SERVER_URL $CI_PROJECT_PATH
+ --repository $DISTRIB_NAME/$FDO_DISTRIBUTION_VERSION
+ --authfile $AUTHFILE --exclude-tag "$LATEST_TAG"
dependencies: []
allow_failure: true
only:
- schedules
- variables:
- GIT_STRATEGY: none
{% for distro in distributions %}
{% for version in distro.versions %}
--- /dev/null
+#!/usr/bin/env python3
+#
+# Usage:
+# $ gitlab-container-delete <instance> <project>
+# Deletes all containers within that instance project.
+# Filter with --repository and --exclude.
+# $ echo $MY_GITLAB_TOKEN > auth.file
+# $ gitlab-container-delete https://gitlab.freedesktop.org \
+# libevdev/libevdev \
+# --exclude 2020-02-28.latest-tag \
+# --authfile auth.file
+
+import argparse
+import gitlab
+import logging
+
+from pathlib import Path
+
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(Path(__file__).stem)
+
+
+def delete_images(instance, project_name, repository=None, exclude=None, authfile=None):
+ if authfile is not None:
+ token = open(authfile).read().strip()
+ else:
+ token = None
+
+ gl = gitlab.Gitlab(instance, private_token=token)
+ p = gl.projects.list(search=project_name)[0]
+
+ repos = [r for r in p.repositories.list() if repository is None or repository == r.name]
+ for repo in repos:
+ logger.info('Repository {}'.format(repo.name))
+ for tag in repo.tags.list():
+ if tag.name != exclude:
+ logger.info('Deleting tag {}:{}'.format(repo.name, tag.name))
+ tag.delete()
+
+
+if __name__ == '__main__':
+ description = '''
+ This tool deletes all container images in the registry of the given
+ gitlab project.
+
+ Use with --repository and --exclude-tag to limit to one repository and
+ delete all but the given tag.
+
+ Where authentication is needed, use a --authfile containing the string
+ that is your gitlab private token value with 'api' access. Usually this
+ token looks like 12345678-abcdefgh. This tool will strip any whitespaces
+ from that file and use the rest of the file as token value.
+
+ '''
+ parser = argparse.ArgumentParser(description='Tool to delete all but one image from a gitlab registry')
+ parser.add_argument('instance', type=str, help='registry URL with transport, e.g. http://gitlab.freedesktop.org.')
+ parser.add_argument('project', type=str, help='project name in gitlab terminus, e.g. wayland/ci-templates')
+ parser.add_argument('--repository', type=str,
+ help='registry repository to work on, e.g. fedora/latest',
+ default=None)
+ parser.add_argument('--exclude-tag', type=str,
+ help='tag to exclude, i.e. to not delete',
+ default=None)
+ parser.add_argument('--authfile', type=str,
+ help='path to a file containing the gitlab auth token string',
+ default=None)
+
+ args = parser.parse_args()
+ delete_images(args.instance, args.project, args.repository, args.exclude_tag, args.authfile)
projects / platform / upstream / libevdev.git / commitdiff