Skip to content

chore(ci): clean up custom release tags in dev registry#2461

Open
universal-itengineer wants to merge 5 commits into
mainfrom
chore/ci/improve-cleanup-dev-registry
Open

chore(ci): clean up custom release tags in dev registry#2461
universal-itengineer wants to merge 5 commits into
mainfrom
chore/ci/improve-cleanup-dev-registry

Conversation

@universal-itengineer

@universal-itengineer universal-itengineer commented Jun 9, 2026

Copy link
Copy Markdown
Member

Description

Add a dedicated cleanup script for custom module release tags in the development registry.

The dev registry cleanup workflow now:

  • checks out full Git history and tags before running werf cleanup;
  • keeps the existing werf cleanup for werf-managed images;
  • runs .github/scripts/bash/registry-module-cleanup.sh to clean custom tags in ${MODULES_MODULE_SOURCE}/${MODULES_MODULE_NAME}/release.

The script removes expired pr*, release-*, and v*-rc.* tags based on configurable TTL values (REGISTRY_CLEANUP_PR_TAG_TTL_DAYS, REGISTRY_CLEANUP_RC_TAG_TTL_DAYS) while leaving stable release tags, release channel tags, and main untouched. Protected tags are filtered by name first, so only cleanup candidates trigger a crane config call to resolve their creation time.

Why do we need it, and what problem does it solve?

werf cleanup policies are based on Git history and apply to werf-managed image versions. The module release tags published to the /release repository are created separately via crane copy, so tags such as pr1234 and old release candidates were not removed by the existing cleanup job.

This change adds cleanup for those custom registry tags and prevents the development registry from accumulating obsolete module release images.

What is the expected result?

  1. Run the Cleanup dev registries workflow (manually or on schedule).
  2. Verify that expired pr*, release-*, and old v*-rc.* tags are removed from the dev registry while stable releases and channel tags remain available.
  3. Verify the step logs a done: N deleted, M kept, K failed summary and fails the job if any deletion failed.

Note: the workflow always runs in delete mode. The script still honors a REGISTRY_CLEANUP_DRY_RUN=true env var for local/manual runs, but it is not exposed as a workflow input.

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: ci
type: chore
summary: Clean up obsolete custom release tags in the development registry.
impact_level: low

@universal-itengineer universal-itengineer added this to the v1.10.0 milestone Jun 9, 2026
@universal-itengineer universal-itengineer marked this pull request as ready for review June 9, 2026 12:36
Comment thread .github/scripts/bash/registry-module-cleanup.sh
Comment thread .github/workflows/dev_registry-cleanup.yml Outdated
Comment thread .github/scripts/bash/registry-module-cleanup.sh Outdated
@universal-itengineer universal-itengineer force-pushed the chore/ci/improve-cleanup-dev-registry branch from 1c7faec to 7b075c6 Compare July 1, 2026 15:14
werf cleanup keep policies only apply to werf-managed images, so the
pr*, release-*, and v*-rc.* tags published to the /release repository via
crane copy were never removed. Add a dedicated crane-based cleanup script
for the /release repository and wire it into the dev registry cleanup
workflow with a dry-run input and full git history checkout.

Signed-off-by: Nikita Korolev <nikita.korolev@flant.com>
Signed-off-by: Nikita Korolev <nikita.korolev@flant.com>
Signed-off-by: Nikita Korolev <nikita.korolev@flant.com>
Skip the per-tag crane config call for protected tags (main, stable
vX.Y.Z, release channels) by checking the tag name pattern first. Only
cleanup candidates (pr*, release-*, v*-rc.*) now trigger a network
round-trip to resolve their creation time.

Signed-off-by: Nikita Korolev <nikita.korolev@flant.com>
The workflow's purpose is to delete obsolete tags, so it always runs in
delete mode. Remove the dry_run workflow_dispatch input and the derived
per-step env: restore the global WERF_DRY_RUN: "false" and drop
REGISTRY_CLEANUP_DRY_RUN (the script already defaults it to false).

Signed-off-by: Nikita Korolev <nikita.korolev@flant.com>
@universal-itengineer universal-itengineer force-pushed the chore/ci/improve-cleanup-dev-registry branch from e042e00 to a816712 Compare July 1, 2026 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants