From a6a9e19122f9abf07c60bd73ee2de6651eadaa3b Mon Sep 17 00:00:00 2001 From: Johan Sydseter Date: Wed, 8 May 2024 09:05:42 +0200 Subject: [PATCH 1/3] Add job for manually deleting artifacts. --- .github/workflows/cleanup-artifacts.yml | 33 +++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/cleanup-artifacts.yml diff --git a/.github/workflows/cleanup-artifacts.yml b/.github/workflows/cleanup-artifacts.yml new file mode 100644 index 00000000..0b2994f4 --- /dev/null +++ b/.github/workflows/cleanup-artifacts.yml @@ -0,0 +1,33 @@ +name: Cleanup artifacts +on: + workflow_call: + workflow_dispatch: +permissions: + contents: read +jobs: + hardening: + name: Harden runner + uses: ./.github/workflows/hardening.yaml + cleanup: + name: Run Tests + needs: hardening + runs-on: ubuntu-latest + steps: + - name: Delete Old Artifacts + uses: actions/github-script@v6 + id: artifact + with: + script: | + + const res = await github.rest.actions.listArtifactsForRepo({ + owner: context.repo.owner, + repo: context.repo.repo, + }) + res.data.artifacts + .forEach(({ id }) => { + github.rest.actions.deleteArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: id, + }) + }) \ No newline at end of file From 00d0764ec69822ee41ebe867e8a1a23f424e1e81 Mon Sep 17 00:00:00 2001 From: Johan Sydseter Date: Wed, 8 May 2024 09:23:08 +0200 Subject: [PATCH 2/3] Correct indention. --- .github/workflows/cleanup-artifacts.yml | 28 ++++++++++++------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/cleanup-artifacts.yml b/.github/workflows/cleanup-artifacts.yml index 0b2994f4..f5deee5a 100644 --- a/.github/workflows/cleanup-artifacts.yml +++ b/.github/workflows/cleanup-artifacts.yml @@ -13,21 +13,21 @@ jobs: needs: hardening runs-on: ubuntu-latest steps: - - name: Delete Old Artifacts - uses: actions/github-script@v6 - id: artifact - with: - script: | + - name: Delete Old Artifacts + uses: actions/github-script@v6 + id: artifact + with: + script: | - const res = await github.rest.actions.listArtifactsForRepo({ + const res = await github.rest.actions.listArtifactsForRepo({ + owner: context.repo.owner, + repo: context.repo.repo, + }) + res.data.artifacts + .forEach(({ id }) => { + github.rest.actions.deleteArtifact({ owner: context.repo.owner, repo: context.repo.repo, + artifact_id: id, }) - res.data.artifacts - .forEach(({ id }) => { - github.rest.actions.deleteArtifact({ - owner: context.repo.owner, - repo: context.repo.repo, - artifact_id: id, - }) - }) \ No newline at end of file + }) \ No newline at end of file From 7be0143507791a166ec82dba7fd8ab9bc3f0eec5 Mon Sep 17 00:00:00 2001 From: Johan Sydseter Date: Wed, 8 May 2024 09:29:33 +0200 Subject: [PATCH 3/3] Permission to delete artifacts. --- .github/workflows/cleanup-artifacts.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/cleanup-artifacts.yml b/.github/workflows/cleanup-artifacts.yml index f5deee5a..cb455da6 100644 --- a/.github/workflows/cleanup-artifacts.yml +++ b/.github/workflows/cleanup-artifacts.yml @@ -9,6 +9,10 @@ jobs: name: Harden runner uses: ./.github/workflows/hardening.yaml cleanup: + permissions: + # Required to delete artifact, otherwise you'll get + # "Error: Resource not accessible by integration" + contents: write name: Run Tests needs: hardening runs-on: ubuntu-latest