From 17283de04362a2e35ce4b319abf4321e5f202917 Mon Sep 17 00:00:00 2001
From: Felix Moessbauer <felix.moessbauer@siemens.com>
Date: Thu, 5 Sep 2024 10:41:52 +0200
Subject: [PATCH] ci: delete old container images

This action "correctly" deletes old (untagged) container images and the
corresponding attestations. It also handles the multi-arch images
correctly.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 .github/workflows/next.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/.github/workflows/next.yml b/.github/workflows/next.yml
index a26c782b..885c88e1 100644
--- a/.github/workflows/next.yml
+++ b/.github/workflows/next.yml
@@ -120,3 +120,20 @@ jobs:
           subject-name: ghcr.io/${{ github.repository }}/${{ matrix.image-name }}
           subject-digest: ${{ steps.push.outputs.digest }}
           push-to-registry: true
+
+  cleanup_ghcr_containers:
+    name: cleanup untagged ${{ matrix.image-name }} containers
+    runs-on: ubuntu-latest
+    needs: build_containers
+    permissions:
+      packages: write
+    strategy:
+      matrix:
+        image-name: ["kas", "kas-isar"]
+    steps:
+      - uses: dataaxiom/ghcr-cleanup-action@0fd10e8918e3994b92c417a43fb6e33bc6188c9e #v1.0.10
+        with:
+          dry-run: false
+          validate: true
+          package: kas/${{ matrix.image-name }}
+          token: ${{ secrets.GITHUB_TOKEN }}