# This workflow runs on certain conditions to check for and potentially # delete container images from the GHCR which no longer have an associated # code branch. # Requires a PAT with the correct scope set in the secrets. # # This workflow will not trigger runs on forked repos. name: Docker Cleanup on: pull_request: types: - "closed" push: paths: - ".github/workflows/docker-cleanup.yml" concurrency: group: registry-tags-cleanup cancel-in-progress: false jobs: cleanup-images: name: Cleanup Stale Images Tags for ${{ matrix.primary-name }} runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: include: - primary-name: "immich-server" - primary-name: "immich-machine-learning" env: # Requires a personal access token with the OAuth scope delete:packages TOKEN: ${{ secrets.PACKAGE_DELETE_TOKEN }} steps: - name: Clean temporary images if: "${{ env.TOKEN != '' }}" uses: stumpylog/image-cleaner-action/ephemeral@v0.9.0 with: token: "${{ env.TOKEN }}" owner: "immich-app" is_org: "true" do_delete: "true" package_name: "${{ matrix.primary-name }}" scheme: "pull_request" repo_name: "immich" match_regex: '^pr-(\d+)$|^(\d+)$' cleanup-untagged-images: name: Cleanup Untagged Images Tags for ${{ matrix.primary-name }} runs-on: ubuntu-24.04 needs: - cleanup-images strategy: fail-fast: false matrix: include: - primary-name: "immich-server" - primary-name: "immich-machine-learning" - primary-name: "immich-build-cache" env: # Requires a personal access token with the OAuth scope delete:packages TOKEN: ${{ secrets.PACKAGE_DELETE_TOKEN }} steps: - name: Clean untagged images if: "${{ env.TOKEN != '' }}" uses: stumpylog/image-cleaner-action/untagged@v0.9.0 with: token: "${{ env.TOKEN }}" owner: "immich-app" do_delete: "true" is_org: "true" package_name: "${{ matrix.primary-name }}"