From a01afe261bc4265635f9d40ac4e543b9266ac7ca Mon Sep 17 00:00:00 2001 From: rhtenhove Date: Wed, 13 May 2026 03:04:46 +0200 Subject: [PATCH] ci: use manifest-aware cleanup action for multi-arch :cpu (#751) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit actions/delete-package-versions can't see OCI manifest lists. When the cpu build pushes a multi-arch image, the registry gets a tagged index plus one untagged per-platform manifest per arch. The cleanup step with `delete-only-untagged-versions: true` then deletes the per-platform children, leaving the index dangling — `docker pull ghcr.io/mostlygeek/llama-swap:cpu` 404s on the referenced sha. Swap to dataaxiom/ghcr-cleanup-action, which inspects tagged manifest lists first and excludes their children from deletion. Single-arch backends behave the same as before. Fix #746 --- .github/workflows/containers.yml | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 53b79b34..9d9175cd 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -9,6 +9,11 @@ on: # Allows manual triggering of the workflow workflow_dispatch: + inputs: + dryrun: + description: "Run cleanup step in dry-run mode (log what would be deleted, delete nothing)" + type: boolean + default: false # Run on workflow file changes (without pushing) push: @@ -70,8 +75,13 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: ./docker/build-container.sh ${{ matrix.platform }} ${{ github.event_name != 'push' }} - # note make sure mostlygeek/llama-swap has admin rights to the llama-swap package - # see: https://github.com/actions/delete-package-versions/issues/74 + # actions/delete-package-versions can't see manifest lists: pushing + # a multi-arch image with `docker buildx --push` creates a tagged OCI + # index plus one untagged per-platform manifest per arch, and + # `delete-only-untagged-versions: true` then nukes the per-platform + # children, leaving the index dangling — `docker pull :cpu` 404s on + # the referenced digest. dataaxiom/ghcr-cleanup-action walks tagged + # manifest lists and excludes their children from deletion. delete-untagged-containers: needs: build-and-push # Skip on forks — the delete API requires package-admin on the @@ -79,8 +89,9 @@ jobs: if: github.repository == 'mostlygeek/llama-swap' runs-on: ubuntu-latest steps: - - uses: actions/delete-package-versions@v5 + - uses: dataaxiom/ghcr-cleanup-action@cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4 # v1.0.16 with: - package-name: 'llama-swap' - package-type: 'container' - delete-only-untagged-versions: 'true' + token: ${{ secrets.GITHUB_TOKEN }} + package: llama-swap + delete-untagged: true + dry-run: ${{ inputs.dryrun || false }}