From e8564dc44f54b15dc34c9cce17d5e302c618d58e Mon Sep 17 00:00:00 2001
From: Chris Evich <cevich@redhat.com>
Date: Fri, 14 Jun 2019 13:28:47 -0400
Subject: Cirrus: Print images that should be pruned

Over time unless they're removed, the project could grow quite a large
collection of VM images.  While generally cheap (less than a penny each,
per month), these will become a significant cost item if not kept
in-check.

Add a specialized container for handling image-pruning, but limit
it to only finding and printing (not actually deleting) images.

Also update the image-building workflow so that base-images used to
compose cache-images are also labeled with metadata.

N/B: As an additional safeguard, the service account which
     executes the new container in production *DOES NOT*
     have access to delete images.  This can be enabled
     by adding the GCE IAM role: CustomComputeImagePrune

Signed-off-by: Chris Evich <cevich@redhat.com>
---
 contrib/imgprune/Dockerfile | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 contrib/imgprune/Dockerfile

(limited to 'contrib/imgprune/Dockerfile')

diff --git a/contrib/imgprune/Dockerfile b/contrib/imgprune/Dockerfile
new file mode 100644
index 000000000..26329e828
--- /dev/null
+++ b/contrib/imgprune/Dockerfile
@@ -0,0 +1,7 @@
+FROM libpod/imgts:latest
+
+RUN yum -y update && \
+    yum clean all
+
+COPY /contrib/imgprune/entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod 755 /usr/local/bin/entrypoint.sh
-- 
cgit v1.2.3-54-g00ecf