Chore/automatically delete untagged public images (#185)

uc-cdis · Jun 10, 2024 · 416329a · 416329a
1 parent 6f710cf
commit 416329a
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 13 deletions.
diff --git a/.github/workflows/build_and_push_nf_base_images.yml b/.github/workflows/build_and_push_nf_base_images.yml
@@ -30,11 +30,14 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
+      - name: Set up AWS CLI
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACCT_654654631253_ECR }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACCT_654654631253_ECR }}
+          aws-region: us-east-1
+
       - name: Login to Amazon ECR
-        env:
-          AWS_REGION: us-east-1  # Replace with your AWS region
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_ACCT_654654631253_ECR }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACCT_654654631253_ECR }}
         run: |
           aws ecr-public get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin public.ecr.aws/u5x5h6w3
 
@@ -67,3 +70,16 @@ jobs:
               -H "X-GitHub-Api-Version: 2022-11-28" \
               /repos/uc-cdis/containers/actions/workflows/get_layer_info_for_nf_imgs.yml/dispatches \
               -f "ref=master"
+
+      - name: Delete untagged docker images from public ECR
+        run: |
+            REPO_NAME=nextflow-approved/public
+            IMAGE_IDS=$(aws ecr-public describe-images --repository-name $REPO_NAME --query 'imageDetails[?imageTags==null].imageDigest' --output text)
+            if [ -n "$IMAGE_IDS" ]; then
+              for IMAGE_ID in $IMAGE_IDS; do
+                echo "Deleting image with SHA hash - $IMAGE_ID"
+                aws ecr-public batch-delete-image --repository-name $REPO_NAME --image-ids imageDigest=$IMAGE_ID
+              done
+            else
+              echo "No untagged images to delete."
+            fi
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-09-28T19:27:35Z",
+  "generated_at": "2024-06-06T20:34:12Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -58,6 +58,14 @@
     }
   ],
   "results": {
+    ".github/workflows/build_and_push_nf_base_images.yml": [
+      {
+        "hashed_secret": "8ca221cf185226c33b30e6b150183acb037eff56",
+        "is_verified": false,
+        "line_number": 76,
+        "type": "Base64 High Entropy String"
+      }
+    ],
     "BRH-notebooks/combined_demos/BDCat_Biolincc_Framingham_study_exploration.ipynb": [
       {
         "hashed_secret": "4604f7226a4eca86fab1f34f8204fa9223b2c27e",
@@ -442,14 +450,6 @@
         "type": "Base64 High Entropy String"
       }
     ],
-    "azlinux-jupyter-scipy/start.sh": [
-      {
-        "hashed_secret": "f98370d81077aed0aa3500bfc8de3f3e1dac52f6",
-        "is_verified": false,
-        "line_number": 133,
-        "type": "Secret Keyword"
-      }
-    ],
     "jupyter-geo/start.sh": [
       {
         "hashed_secret": "f98370d81077aed0aa3500bfc8de3f3e1dac52f6",