From 701f557755046e934ef2082f3e39179c02deb8fc Mon Sep 17 00:00:00 2001 From: Chirag Aggarwal Date: Wed, 29 Apr 2026 15:23:05 +0530 Subject: [PATCH] ci: clean up GHCR CI image after pipeline finishes Every CI run pushes ghcr.io//appwrite-dev: and nothing removes it. On an active repo with many PRs the GHCR storage grows without bound. Add a cleanup job that runs after all consumer jobs complete (always, even if some fail) and deletes the SHA-tagged package version via the Packages API. Addresses Greptile feedback on appwrite/appwrite#12176. --- .github/workflows/ci.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8cc3b3e113..3c644dbec5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -871,3 +871,29 @@ jobs: - name: Fail benchmark if: always() && steps.benchmark_after.outcome != 'success' run: exit 1 + + cleanup: + name: Cleanup GHCR Image + if: ${{ always() && github.event_name == 'pull_request' }} + needs: [build, unit, e2e_general, e2e_service, e2e_abuse, e2e_screenshots, benchmark] + runs-on: ubuntu-latest + permissions: + packages: write + steps: + - name: Delete CI image from GHCR + continue-on-error: true + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + package_path="${GITHUB_REPOSITORY#*/}/appwrite-dev" + encoded_path="$(printf '%s' "$package_path" | jq -Rr @uri)" + version_id=$(gh api -H "Accept: application/vnd.github+json" \ + "/orgs/${GITHUB_REPOSITORY_OWNER}/packages/container/${encoded_path}/versions" \ + --jq ".[] | select(.metadata.container.tags | index(\"${GITHUB_SHA}\")) | .id") + if [ -n "$version_id" ]; then + gh api --method DELETE -H "Accept: application/vnd.github+json" \ + "/orgs/${GITHUB_REPOSITORY_OWNER}/packages/container/${encoded_path}/versions/${version_id}" + echo "Deleted ${package_path}:${GITHUB_SHA} (version ${version_id})" + else + echo "No GHCR version found for SHA ${GITHUB_SHA}" + fi