diff options
author | Earl Warren <contact@earl-warren.org> | 2024-07-26 19:39:19 +0200 |
---|---|---|
committer | Earl Warren <contact@earl-warren.org> | 2024-08-22 09:10:15 +0200 |
commit | f19f31ac738637b03aa61d8868befb6138608528 (patch) | |
tree | 4fed36e30e27e2f2d9c5b39ae64a3ac00cd4cf1e /services | |
parent | i18n: update of translations from Codeberg Translate (#4984) (diff) | |
download | forgejo-f19f31ac738637b03aa61d8868befb6138608528.tar.xz forgejo-f19f31ac738637b03aa61d8868befb6138608528.zip |
cron task to cleanup dangling container images with version sha256:*
Fixes: https://codeberg.org/forgejo/forgejo/issues/4378
Diffstat (limited to 'services')
-rw-r--r-- | services/packages/container/cleanup.go | 3 | ||||
-rw-r--r-- | services/packages/container/cleanup_sha256.go | 142 |
2 files changed, 145 insertions, 0 deletions
diff --git a/services/packages/container/cleanup.go b/services/packages/container/cleanup.go index 3f5f43bbc0..b5563c688f 100644 --- a/services/packages/container/cleanup.go +++ b/services/packages/container/cleanup.go @@ -21,6 +21,9 @@ func Cleanup(ctx context.Context, olderThan time.Duration) error { if err := cleanupExpiredBlobUploads(ctx, olderThan); err != nil { return err } + if err := CleanupSHA256(ctx, olderThan); err != nil { + return err + } return cleanupExpiredUploadedBlobs(ctx, olderThan) } diff --git a/services/packages/container/cleanup_sha256.go b/services/packages/container/cleanup_sha256.go new file mode 100644 index 0000000000..558aea3a55 --- /dev/null +++ b/services/packages/container/cleanup_sha256.go @@ -0,0 +1,142 @@ +// Copyright 2024 The Forgejo Authors. All rights reserved. +// SPDX-License-Identifier: GPL-3.0-or-later + +package container + +import ( + "context" + "strings" + "time" + + "code.gitea.io/gitea/models/db" + "code.gitea.io/gitea/models/packages" + "code.gitea.io/gitea/modules/json" + "code.gitea.io/gitea/modules/log" + container_module "code.gitea.io/gitea/modules/packages/container" +) + +var ( + SHA256BatchSize = 500 + SHA256Log = "cleanup dangling images with a sha256:* version" + SHA256LogStart = "Start to " + SHA256Log + SHA256LogFinish = "Finished to " + SHA256Log +) + +func CleanupSHA256(ctx context.Context, olderThan time.Duration) error { + log.Info(SHA256LogStart) + err := cleanupSHA256(ctx, olderThan) + log.Info(SHA256LogFinish) + return err +} + +func cleanupSHA256(outerCtx context.Context, olderThan time.Duration) error { + ctx, committer, err := db.TxContext(outerCtx) + if err != nil { + return err + } + defer committer.Close() + + foundAtLeastOneSHA256 := false + shaToVersionID := make(map[string]int64, 100) + knownSHA := make(map[string]any, 100) + + log.Debug("Look for all package_version.version that start with sha256:") + + old := time.Now().Add(-olderThan).Unix() + + // Iterate over all container versions in ascending order and store + // in shaToVersionID all versions with a sha256: prefix. If an index + // manifest is found, the sha256: digest it references are removed + // from shaToVersionID. If the sha256: digest found in an index + // manifest is not already in shaToVersionID, it is stored in + // knownSHA to be dealt with later. + // + // Although it is theoretically possible that a sha256: is uploaded + // after the index manifest that references it, this is not the + // normal order of operations. First the sha256: version is uploaded + // and then the index manifest. When the iteration completes, + // knownSHA will therefore be empty most of the time and + // shaToVersionID will only contain unreferenced sha256: versions. + if err := db.GetEngine(ctx). + Select("`package_version`.`id`, `package_version`.`lower_version`, `package_version`.`metadata_json`"). + Join("INNER", "`package`", "`package`.`id` = `package_version`.`package_id`"). + Where("`package`.`type` = ? AND `package_version`.`created_unix` < ?", packages.TypeContainer, old). + OrderBy("`package_version`.`id` ASC"). + Iterate(new(packages.PackageVersion), func(_ int, bean any) error { + v := bean.(*packages.PackageVersion) + if strings.HasPrefix(v.LowerVersion, "sha256:") { + shaToVersionID[v.LowerVersion] = v.ID + foundAtLeastOneSHA256 = true + } else if strings.Contains(v.MetadataJSON, `"manifests":[{`) { + var metadata container_module.Metadata + if err := json.Unmarshal([]byte(v.MetadataJSON), &metadata); err != nil { + log.Error("package_version.id = %d package_version.metadata_json %s is not a JSON string containing valid metadata. It was ignored but it is an inconsistency in the database that should be looked at. %v", v.ID, v.MetadataJSON, err) + return nil + } + for _, manifest := range metadata.Manifests { + if _, ok := shaToVersionID[manifest.Digest]; ok { + delete(shaToVersionID, manifest.Digest) + } else { + knownSHA[manifest.Digest] = true + } + } + } + return nil + }); err != nil { + return err + } + + for sha := range knownSHA { + delete(shaToVersionID, sha) + } + + if len(shaToVersionID) == 0 { + if foundAtLeastOneSHA256 { + log.Debug("All container images with a version matching sha256:* are referenced by an index manifest") + } else { + log.Debug("There are no container images with a version matching sha256:*") + } + log.Info("Nothing to cleanup") + return nil + } + + found := len(shaToVersionID) + + log.Warn("%d container image(s) with a version matching sha256:* are not referenced by an index manifest", found) + + log.Debug("Deleting unreferenced image versions from `package_version`, `package_file` and `package_property` (%d at a time)", SHA256BatchSize) + + packageVersionIDs := make([]int64, 0, SHA256BatchSize) + for _, id := range shaToVersionID { + packageVersionIDs = append(packageVersionIDs, id) + } + + for len(packageVersionIDs) > 0 { + upper := min(len(packageVersionIDs), SHA256BatchSize) + versionIDs := packageVersionIDs[0:upper] + + var packageFileIDs []int64 + if err := db.GetEngine(ctx).Select("id").Table("package_file").In("version_id", versionIDs).Find(&packageFileIDs); err != nil { + return err + } + log.Info("Removing %d entries from `package_file` and `package_property`", len(packageFileIDs)) + if _, err := db.GetEngine(ctx).In("id", packageFileIDs).Delete(&packages.PackageFile{}); err != nil { + return err + } + if _, err := db.GetEngine(ctx).In("ref_id", packageFileIDs).And("ref_type = ?", packages.PropertyTypeFile).Delete(&packages.PackageProperty{}); err != nil { + return err + } + + log.Info("Removing %d entries from `package_version` and `package_property`", upper) + if _, err := db.GetEngine(ctx).In("id", versionIDs).Delete(&packages.PackageVersion{}); err != nil { + return err + } + if _, err := db.GetEngine(ctx).In("ref_id", versionIDs).And("ref_type = ?", packages.PropertyTypeVersion).Delete(&packages.PackageProperty{}); err != nil { + return err + } + + packageVersionIDs = packageVersionIDs[upper:] + } + + return committer.Commit() +} |