From b152cfe4804b4a7cb0155c4bf3f23a14374ffcb1 Mon Sep 17 00:00:00 2001 From: Mike Cao Date: Sat, 4 Oct 2025 12:36:39 -0700 Subject: [PATCH 1/2] Added workflow to delete untagged images. --- .github/workflows/delete-untagged-images.yml | 22 ++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/delete-untagged-images.yml diff --git a/.github/workflows/delete-untagged-images.yml b/.github/workflows/delete-untagged-images.yml new file mode 100644 index 000000000..a23a1bd27 --- /dev/null +++ b/.github/workflows/delete-untagged-images.yml @@ -0,0 +1,22 @@ +name: Delete untagged GHCR images + +on: + workflow_dispatch: # Run manually from the Actions tab + +jobs: + cleanup: + name: Delete all untagged images + runs-on: ubuntu-latest + + permissions: + packages: write + contents: read + + steps: + - name: Delete untagged GHCR images + uses: actions/delete-package-versions@v5 + with: + package-name: "umami" # 👈 change if your GHCR package name differs + package-type: "container" + delete-only-untagged-versions: true + min-versions-to-keep: 0 From 35c27589b71152fe89b525f48bdaf67e7a79d217 Mon Sep 17 00:00:00 2001 From: Mike Cao Date: Sat, 4 Oct 2025 13:32:40 -0700 Subject: [PATCH 2/2] Updated workflow to only run on tag publish. --- .github/workflows/cd.yml | 39 +++++++++------------------------------ 1 file changed, 9 insertions(+), 30 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 051d24a22..a02e9900c 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -2,17 +2,8 @@ name: Create docker images on: push: - branches: - - master - - main - - dev - # Publish semver tags as releases. - tags: [ 'v*.*.*' ] - pull_request: - branches: - - master - - main - - dev + tags: + - 'v*.*.*' workflow_dispatch: jobs: @@ -22,36 +13,31 @@ jobs: permissions: contents: read packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. id-token: write strategy: matrix: - db-type: [postgresql, mysql] + db-type: [postgresql] steps: - uses: actions/checkout@v5 - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer + # Install cosign (for image signing) - name: Install cosign - if: github.event_name != 'pull_request' uses: sigstore/cosign-installer@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Log into registry docker.io - if: github.event_name != 'pull_request' && github.repository == 'umami-software/umami' + - name: Log into Docker Hub + if: github.repository == 'umami-software/umami' uses: docker/login-action@v3 with: registry: docker.io username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Log into ghcr registry - if: github.event_name != 'pull_request' + - name: Log into GHCR uses: docker/login-action@v3 with: registry: ghcr.io @@ -69,14 +55,8 @@ jobs: latest=auto prefix=${{ matrix.db-type }}- tags: | - type=ref,event=branch - type=ref,event=pr - - # output 1.1.2 type=semver,pattern={{version}} - # output 1.1 type=semver,pattern={{major}}.{{minor}} - # output 1 type=semver,pattern={{major}} - name: Build and push Docker image @@ -86,15 +66,14 @@ jobs: context: . platforms: linux/amd64,linux/arm64 build-args: DATABASE_TYPE=${{ matrix.db-type }} - push: ${{ github.event_name != 'pull_request' }} + push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - # Sign the resulting Docker image digest except on PRs. + # Sign the published image digest - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} env: TAGS: ${{ steps.meta.outputs.tags }} DIGEST: ${{ steps.build-and-push.outputs.digest }}