Skip to content

.github/workflows/withdraw-images.yaml #22

.github/workflows/withdraw-images.yaml

.github/workflows/withdraw-images.yaml #22

on:
workflow_dispatch:
inputs:
dry_run:
type: boolean
default: 'true'
description: If true, just log
permissions:
contents: read
jobs:
withdraw:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
- uses: chainguard-dev/actions/setup-chainctl@538d1927b846546b620784754c33e2a1db86e217 # main
with:
identity: 720909c9f5279097d847ad02a2f24ba8f59de36a/b6461e99e132298f
- uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # v0.3
- run: |
for img in $(grep -v '\#' withdrawn-images.txt); do
if [[ "${{ github.event.inputs.dry_run }}" == "false" ]]; then
crane delete $img || true
else
echo "DRY RUN: crane delete $img || true"
fi
done