Add keep-last input

[vlaurin]

Optional input defaulting to 0. Define the count of qualifying, most recent versions to keep.

Example

To keep the last 5 untagged versions which are older than 7 days:

steps:
  - name: Prune
    uses: vlaurin/action-ghcr-prune@main
    with:
      token: ${{ secrets.YOUR_TOKEN }}
      organization: your-org
      container: your-container
      older-than: 7 # days
      untagged: true
      keep-last: 5

[TROEERI]

This would be a feature needed to make this action applicable for our use-case.

[vlaurin]

@TROEERI I'm still testing it, but if you want to have a go at using it you can do so using my branch:

      - uses: vlaurin/action-ghcr-prune@4-keep-last
        name: Prune untagged images after 1 day, except 2 most recent
        with:
          token: ${{ secrets.YOUR_TOKEN }}
          organization: your-org
          container: your-container
          dry-run: true
          older-than: 1 # days
          keep-last: 2
          untagged: true

Feedback welcome, if all good I can release it today.

[vlaurin]

@TROEERI published as v0.2.0

[TROEERI]

Thanks for implementing the changes. We got some errors when using the action though. Any ideas why the packages found to be pruned cannot be found when trying to delete? I checked the package version, for the example below, an it seems to be the correct version. The version of the oldest packages of the 6 from which 5 are to be kept. Run ***@***.*** with: token: *** organization: MyOrg container: my-backend dry-run: false untagged: false keep-last: 5 older-than: 0 Crawling through all versions to build pruning list... Found 6 versions to prune out of 9 on page 1 Keeping the last 5 versions, sorted by creation date Found a total of 1 versions to prune Pruning 1 versions... Pruning version #6217070 named 'sha256:0c410920574e6dfc24fed7fa21140cdee8cc614a9a28ab3b662f3e16a5cfc574'... Failed to prune because of: RequestError [HttpError]: Package not found. Error: Package not found. at ***@***.******@***.***/request/dist-node/index.js:86:21> at processTicksAndRejections (internal/process/task_queues.js:93:5) at async /home/runner/work/_actions/vlaurin/action-ghcr-prune/main/index.js:66:7 at async run (/home/runner/work/_actions/vlaurin/action-ghcr-prune/main/index.js:102:25) { name: 'HttpError', status: 404, response: { url: 'https://api.github.com/orgs/MyOrg/packages/container/my-backend/versions/6217070', status: 404, headers: { 'access-control-allow-origin': '*', 'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset', connection: 'close', 'content-encoding': 'gzip', 'content-security-policy': "default-src 'none'", 'content-type': 'application/json; charset=utf-8', date: 'Fri, 06 Aug 2021 07:01:03 GMT', 'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin', server: 'github.com', 'strict-transport-security': 'max-age=31536000; includeSubdomains; preload', 'transfer-encoding': 'chunked', vary: 'Accept-Encoding, Accept, X-Requested-With', 'x-accepted-oauth-scopes': '', 'x-content-type-options': 'nosniff', 'x-frame-options': 'deny', 'x-github-media-type': 'github.v3; format=json', 'x-github-request-id': '0485:3B2F:B54445:1FB6390:610CDE2E', 'x-oauth-scopes': 'delete:packages, read:packages', 'x-ratelimit-limit': '5000', 'x-ratelimit-remaining': '4998', 'x-ratelimit-reset': '1628236862', 'x-ratelimit-resource': 'core', 'x-ratelimit-used': '2', 'x-xss-protection': '0' }, data: { message: 'Package not found.', documentation_url: 'https://docs.github.com/rest/reference/packages#delete-a-package-version-for-an-organization' } }, request: { method: 'DELETE', url: 'https://api.github.com/orgs/MyOrg/packages/container/my-backend/versions/6217070', headers: { accept: 'application/vnd.github.v3+json', 'user-agent': 'octokit-core.js/3.5.1 Node.js/12.13.1 (linux; x64)', authorization: 'token [REDACTED]', 'content-length': 0 }, request: { agent: [Agent], hook: [Function: bound bound register] } } } Pruned 0 versions

[vlaurin]

@TROEERI Given the error is about the package not being found, the only thing that comes to mind is permissions of the token being used?

The action uses the Github Rest API deletePackageVersionForOrg() resource which states:

To use this endpoint, you must have admin permissions in the organization and authenticate using an access token with the packages:read and packages:delete scopes. In addition:
[...]
If package_type is container, you must also have admin permissions to the container you want to delete.

So the token used must be for a user having admin permissions both on the organisation and the container, could that be the issue?

[TROEERI]

You are right, although the token being used hat packages:read and packages:delete scopes, the user did not have admin permissions on the repo/package. Admin rights were not needed for package deletion from docker.pkg.github.com, but are for ghcr.io.

[vlaurin]

Great, thank you for confirming, I'm adding that to the README.