Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid listing org packages where job token doesn't have access #27

Closed
wants to merge 4 commits into from
Closed

Avoid listing org packages where job token doesn't have access #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
79e772a
Fix package name handling
mering Oct 31, 2023
233c7d6
Simplify loop
mering Aug 22, 2023
3202d05
Avoid listing org packages where job token doesn't have access
mering Aug 22, 2023
7e01744
Use job token where possible
mering Oct 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 18 additions & 15 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ on:
workflow_dispatch:

concurrency: testing
permissions:
contents: read
packages: write
jobs:
add_temp_pkgs1:
name: Add temporary packages for testing
Expand All @@ -23,18 +26,18 @@ jobs:
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: lower case repository
id: lower_case_repository
- name: lower case repository_owner
id: lower_case_repository_owner
uses: ASzc/change-string-case-action@v6
with:
string: ${{ github.repository }}
string: ${{ github.repository_owner }}
- name: Build and push
uses: docker/build-push-action@v5
with:
file: ./CICD/Dockerfile_temp
tags: ghcr.io/${{ steps.lower_case_repository.outputs.lowercase }}/${{ matrix.type }}:${{ matrix.i }}
tags: ghcr.io/${{ steps.lower_case_repository_owner.outputs.lowercase }}/${{ matrix.type }}:${{ matrix.i }}
build-args: |
I=${{ matrix.i }}
push: true
Expand All @@ -56,18 +59,18 @@ jobs:
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: lower case repository
id: lower_case_repository
- name: lower case repository_owner
id: lower_case_repository_owner
uses: ASzc/change-string-case-action@v6
with:
string: ${{ github.repository }}
string: ${{ github.repository_owner }}
- name: Build and push
uses: docker/build-push-action@v5
with:
file: ./CICD/Dockerfile_temp
tags: ghcr.io/${{ steps.lower_case_repository.outputs.lowercase }}/${{ matrix.type }}:${{ matrix.i }}
tags: ghcr.io/${{ steps.lower_case_repository_owner.outputs.lowercase }}/${{ matrix.type }}:${{ matrix.i }}
build-args: |
I=${{ matrix.i }}
push: true
Expand All @@ -82,12 +85,12 @@ jobs:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry with PAT_TOKEN
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.PAT_TOKEN }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: ./
with:
token: ${{ secrets.PAT_TOKEN }}
Expand Down Expand Up @@ -120,10 +123,10 @@ jobs:
- uses: actions/checkout@v4
- uses: ./
with:
token: ${{ secrets.PAT_TOKEN }}
token: ${{ secrets.GITHUB_TOKEN }}
repository_owner: ${{ github.repository_owner }}
repository: ${{ github.repository }}
package_name: ${{ github.repository }}/p1
package_name: p1
untagged_only: false
owner_type: user

Expand Down
10 changes: 5 additions & 5 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ delete all / untagged ghcr containers in a repository
- name: Delete all containers from package without tags
uses: Chizkiyahu/delete-untagged-ghcr-action@v2
with:
token: ${{ secrets.PAT_TOKEN }}
token: ${{ github.token }}
repository_owner: ${{ github.repository_owner }}
repository: ${{ github.repository }}
package_name: the-package-name
Expand All @@ -145,12 +145,12 @@ delete all / untagged ghcr containers in a repository
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.PAT_TOKEN }}
username: ${{ github.repository_owner }}
password: ${{ github.token }}
- name: Delete all containers from package without tags
uses: Chizkiyahu/delete-untagged-ghcr-action@v2
with:
token: ${{ secrets.PAT_TOKEN }}
token: ${{ github.token }}
repository_owner: ${{ github.repository_owner }}
repository: ${{ github.repository }}
package_name: the-package-name
Expand All @@ -164,7 +164,7 @@ delete all / untagged ghcr containers in a repository
- name: Delete all containers from package
uses: Chizkiyahu/delete-untagged-ghcr-action@v2
with:
token: ${{ secrets.PAT_TOKEN }}
token: ${{ github.token }}
repository_owner: ${{ github.repository_owner }}
repository: ${{ github.repository }}
package_name: the-package-name
Expand Down
33 changes: 17 additions & 16 deletions clean_ghcr.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,34 +38,39 @@ def get_req(path, params=None):
if "per_page" not in params:
params["per_page"] = PER_PAGE
url = get_url(path)
another_page = True
result = []
while another_page:
while True:
response = requests.get(url, headers=get_base_headers(), params=params)
if not response.ok:
raise Exception(response.text)
result.extend(response.json())
if "next" in response.links:
url = response.links["next"]["url"]
if "page" in params:
del params["page"]
else:
another_page = False

if "next" not in response.links:
break
url = response.links["next"]["url"]
if "page" in params:
del params["page"]
return result


def get_list_packages(owner, repo_name, owner_type, package_name):
if package_name:
url = get_url(
f"/{owner_type}s/{owner}/packages/container/{package_name}")
response = requests.get(url, headers=get_base_headers())
if not response.ok:
if response.status_code == 404:
return []
raise Exception(response.text)
return [response.json()]

all_org_pkg = get_req(
f"/{owner_type}s/{owner}/packages?package_type=container")
if repo_name:
all_org_pkg = [
pkg for pkg in all_org_pkg if pkg.get("repository")
and pkg["repository"]["name"].lower() == repo_name
]
if package_name:
all_org_pkg = [
pkg for pkg in all_org_pkg if pkg["name"] == package_name
]
return all_org_pkg


Expand Down Expand Up @@ -216,10 +221,6 @@ def get_args():
f"Mismatch in repository:{args.repository} and repository_owner:{args.repository_owner}"
)
args.repository = repository
if args.package_name and args.package_name.count("/") == 2:
_, repo_name, package_name = args.package_name.split("/")
package_name = f"{repo_name}/{package_name}"
args.package_name = package_name
args.repository = args.repository.lower()
args.repository_owner = args.repository_owner.lower()
args.package_name = args.package_name.lower()
Expand Down