mirror of
https://github.com/immich-app/immich.git
synced 2025-05-24 01:12:58 -04:00
504930947d
* fix: set persist-credentials explicitly for checkout https://woodruffw.github.io/zizmor/audits/#artipacked * fix: minimize permissions scope for workflows https://woodruffw.github.io/zizmor/audits/#excessive-permissions * fix: remove potential template injections https://woodruffw.github.io/zizmor/audits/#template-injection * fix: only pass needed secrets in workflow_call https://woodruffw.github.io/zizmor/audits/#secrets-inherit * fix: push perm for single-arch build jobs I hadn't realised these push to the registry too :x * chore: fix formatting * fix: $ * fix: retag job quoting --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
46 lines
1.1 KiB
YAML
46 lines
1.1 KiB
YAML
name: Cache Cleanup
|
|
on:
|
|
pull_request:
|
|
types:
|
|
- closed
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
cleanup:
|
|
name: Cleanup
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
actions: write
|
|
steps:
|
|
- name: Check out code
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Cleanup
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
REF: ${{ github.ref }}
|
|
run: |
|
|
gh extension install actions/gh-actions-cache
|
|
|
|
REPO=${{ github.repository }}
|
|
|
|
echo "Fetching list of cache keys"
|
|
cacheKeysForPR=$(gh actions-cache list -R $REPO -B ${REF} -L 100 | cut -f 1 )
|
|
|
|
## Setting this to not fail the workflow while deleting cache keys.
|
|
set +e
|
|
echo "Deleting caches..."
|
|
for cacheKey in $cacheKeysForPR
|
|
do
|
|
gh actions-cache delete $cacheKey -R "$REPO" -B "${REF}" --confirm
|
|
done
|
|
echo "Done"
|