diff options
| author | Chris Evich <cevich@redhat.com> | 2019-06-14 13:28:47 -0400 |
|---|---|---|
| committer | Chris Evich <cevich@redhat.com> | 2019-07-15 15:26:26 -0400 |
| commit | e8564dc44f54b15dc34c9cce17d5e302c618d58e (patch) | |
| tree | 05b247ce7c977eed3b1b5ba2dc085ad1ac40fa58 /.cirrus.yml | |
| parent | 547cb4e55e9262b7127706d07291f0e45ccf4f42 (diff) | |
| download | podman-e8564dc44f54b15dc34c9cce17d5e302c618d58e.tar.gz podman-e8564dc44f54b15dc34c9cce17d5e302c618d58e.tar.bz2 podman-e8564dc44f54b15dc34c9cce17d5e302c618d58e.zip | |
Cirrus: Print images that should be pruned
Over time unless they're removed, the project could grow quite a large
collection of VM images. While generally cheap (less than a penny each,
per month), these will become a significant cost item if not kept
in-check.
Add a specialized container for handling image-pruning, but limit
it to only finding and printing (not actually deleting) images.
Also update the image-building workflow so that base-images used to
compose cache-images are also labeled with metadata.
N/B: As an additional safeguard, the service account which
executes the new container in production *DOES NOT*
have access to delete images. This can be enabled
by adding the GCE IAM role: CustomComputeImagePrune
Signed-off-by: Chris Evich <cevich@redhat.com>
Diffstat (limited to '.cirrus.yml')
| -rw-r--r-- | .cirrus.yml | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index e9e843be6..33162e49f 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -261,7 +261,7 @@ meta_task: cpu: 1 memory: 1 - env: + env: &meta_env_vars # Space-separated list of images used by this repository state IMGNAMES: >- ${FEDORA_CACHE_IMAGE_NAME} @@ -277,6 +277,31 @@ meta_task: timeout_in: 10m + # Cirrus-CI ignores entrypoint defined in image + script: '/usr/local/bin/entrypoint.sh |& ${TIMESTAMP}' + + +# Remove old and disused images based on labels set by meta_task +image_prune_task: + + # Do not run this frequently + only_if: $CIRRUS_BRANCH == 'master' + + depends_on: + - "meta" + + container: + image: "quay.io/libpod/imgprune:latest" # see contrib/imgprune + cpu: 1 + memory: 1 + + env: + <<: *meta_env_vars + GCPJSON: ENCRYPTED[4c11d8e09c904c30fc70eecb95c73dec0ddf19976f9b981a0f80f3f6599e8f990bcef93c253ac0277f200850d98528e7] + GCPNAME: ENCRYPTED[7f54557ba6e5a437f11283a53e71baec9ca546f48a9835538cc54d297f79968eb1337d4596a1025b14f9d1c5723fbd29] + + timeout_in: 10m + script: '/usr/local/bin/entrypoint.sh |& ${TIMESTAMP}' |