Skip to content

ci: only push os images to ecr on pr merge and remove older images#898

Merged
coderbirju merged 2 commits intomainfrom
ecr-latest-only-os-image
Apr 8, 2026
Merged

ci: only push os images to ecr on pr merge and remove older images#898
coderbirju merged 2 commits intomainfrom
ecr-latest-only-os-image

Conversation

@Swapnanil-Gupta
Copy link
Copy Markdown
Contributor

@Swapnanil-Gupta Swapnanil-Gupta commented Apr 3, 2026
edited
Loading

Issue #, if available:

Description of changes:

  • Don't upload nightly os build images to ECR (still uploaded to S3).
  • Upload the os image tarball to S3 so that we can download it and push to ECR later on.
  • Create a new workflow that runs when we consume a new os image.
    • The new workflow downloads the os image tarball from S3 by matching the arch and GitHub runID.
    • Pushes the new os image with skopeo.
    • Queries the ECR repo to get all images that have arch in their tags.
    • Excludes the image that has latest-$arch tag.
    • Excludes the image that has keep-tag tag (passed as param to the cleaning script).
    • Removes all other images.
    • Tags the latest image with latest-$arch.
    • This keeps only the n'th and (n-1)'th image in the ECR repo.

Testing done:

Tested the cleaning script with the following args:

./bin/clean-ecr-images.sh --repo ***.dkr.ecr.us-west-2.amazonaws.com/*** --arch x86-64 --keep-tag 2026.4.8-build-24146318964-arm64-with-kernel > output.log

Verified that the keep digests match the digest of the image with the latest tag and of
2026.4.8-build-24146318964-arm64-with-kernel (the one supplied in the args).

Output:

Keeping image digest: sha256:36a6db016faa4f6ed367dad446c5315c7fcb6ce59b59fe9cf699a525e4714576
Keeping additional image digest: sha256:a3a690e60f2eb20219f3c47bc505632491f724ce0c4e12a3a53a89b12635c463

Found 83 image(s) to delete:
sha256:3f3c914690ebab70ff07aa0d790766250d8c13821f524c140dc4580aae4c9716
sha256:c9e64bbe047c580040b0eaf71bb63fe60cdeb471930cbf80ce6bfe2b304a8147
sha256:23f278c3921fb8fc58635ecde3c7382ef5d95a5ce3fef9e7c165bac808450027
sha256:6ae8c34e973d7ddbf8b03a2d5bfddebf51e964fb67f9d6b63103418551d8e30d
sha256:877991b2871324642860a3101c27d074d184394f30920ec579c20e189b7900f9
sha256:37b9fc778a03d51400d567cf8297350b6a942ce2024729121cdcec45c6997884
sha256:5bee073b77f8a1e9f6fc6abccbccf6583626c9a790c74e23d7404b246a707e92
sha256:29052d2631f5720345d2f84334ebae95852313217955800312e1acd48edb5089
sha256:4613c1c1d07fd95ec5c734d7dfce456e51fbb02c873a7f47a70f74a26533a6df
sha256:e3b50cb61441caa071929d8029237a5e05f31e4961b51c68abd6e616e0dae408
sha256:7ee32d52a0a4dc33519d681e313accc4fa78c9225e07ce7694d04a554dac495f
sha256:06b18a3ebc3c81eb5bc4a44e466803c65114905239b2b07ac0aaa4fd811e7825
sha256:88b00aa8d5e046b0ca44cf4ee8c7f60ac78d56ea49c3f32b193f4cd8d6df80ab
sha256:0576698b01b3fbcc5a34fe12b84b3b4e69217324859cdb70e56930a02d73b1e6
sha256:502f2f2e23fdb924a2f44766c0085d461e5c21e33addd9eb8560e503938035ef
sha256:495ac48a75bdb8cffe3b0c6251e9055b31a3ebd5509eb30bd1d3ed72b31063b2
sha256:a7e5585be1dcfec243a71b2ad5b3b7c8fb7b8c5d6cff5bb9c33ac59be621c766
sha256:ec42031cb58b50246046fe968a6a6ff121bbca88f82e02248623d45ba4f377c2
sha256:741adb64c6f704fd89649853f2a2a5539533c6513dbbe49f97cd87fdb897df7d
sha256:90cd140005eab9e20c4d890e0fa0fde236e6301655a96fe40b51b24adc64c257
sha256:5571149f99b89203638227bbc4141048d6fb678f767656a84be61748640dd84b
sha256:f6a0553fbf60914d3771ee48f2fc3ce2a991b5b695132a49373958db9e770f61
sha256:a5829ce549cb14df9ad6b514359da386c21a6805628db9af3c9adcd4bfc5012f
sha256:2dfd8cf19b12a1f0415eb66f5aa24965d3060cd3c1538ee92084b357ade2c9ef
sha256:6c67ca96819a83bb4c4285a8c877d0345fe435041ba0ac25f212bbbb8159dc08
sha256:e32aa11b76eaa75a4f53ff4dbce0c9a5c0fbead7a6f64cee4fcf2e6863fc1978
sha256:d06d5f5ccddb20461f7f5f087ccdb778486841f03e4853a3547e0dded940e0be
sha256:ec4cbdfe3e5ab4f328e03f67074117cba1ce3d990be637fb30b1d30fa6c7008a
sha256:a8f4aea487ccdfa194269532acf15d080c67de41f9d6cb48d51ab97f8ce17164
sha256:d87e37a00119bfd56bf1b4bdd5c586bbfa6e595143f7946ec7e3bd31b22cf9e7
sha256:da4b9411e6d3b1248c47e79961536ef032200d69e8336c0daaba1fc0e265efa1
sha256:28616b5c1dd5a938ec961b681b1c390099e5c6f8587fd0ef11703fb8a1ac9bcc
sha256:e2392f1a1c374119b5b27005eccb2d9a295b586c6ea7095ada7ac01271f7e055
sha256:e930bdc2ca615abcb6193961a198e20f401034c329d455aabdc873d8cdf2e329
sha256:2802ad1b695aa176b69080cfae3ec12d912e52c9f6ac79a63e30de97ed49d5ee
sha256:d31fbfc40fc5f07d543cc3cac64f65128dcd6fd4b384423ab27e255d26d8fbcb
sha256:6b83feca7b6ae58e76daf57e0e5a16508cb799a53b8d09082a40991f879d3763
sha256:626f716f34bbf350bb4a913c3f9e3358d64cda4cd4599d77c499b5ea89b0f243
sha256:c61a05ae90e7b9853c45bddef229c6b0384b6bdd9c960068068f5e73ccb959e1
sha256:70fef5db0f72b0f01b8bd2374a62dd0cd2eae0397acaf4f098ae6183253489c2
sha256:97e3538185e437dbf112aefef63b1909afc4d62045f8699ce48ab9e8262fbbd6
sha256:3ba23e01b56beb1101c57053b21a050f847bd25653baa03ca7ce5415a988403d
sha256:f8666b5f7fd019a753288309539d7c90ff231fbdddf9f7b02c316d20fd44c40d
sha256:3b55dc256009356ff8fb2b810828cbdf709d406ba3c3dd24d5730d261258667d
sha256:7a3d493a196390928a3bb23de006324145ea535905145491a0deb59c4e75ec66
sha256:1f40c6538eb958b81f8354e53ee1a29d8a38e5a73aff995caa519b40eb0fa780
sha256:3f2e50a7fc39fc2f8ad4eb08428e545128819086a17c59e8aca22a17263826d7
sha256:2730fd0d5d93a52c97b4ad6e9d65d7459f35e54de607c9d86f3c16ca0d99b31b
sha256:4b23e93a10656e106fa358931d853d5cad9b9d9fa6795a86f1848b47455a5e6c
sha256:f6a457f540d5c3e2198701fc76b50f61e11e0fcbe026c4896eab9a0f59227f3a
sha256:ca969619da64c2c2fb77d1dcccf02b7faa419e75c4b7e760f7b2ba58bf5f01ca
sha256:467fc78b78d4ba1ab14ef8571b40415b639a53db831ef10f60430dae20f98ff9
sha256:00a063a49e49b8e2b03c2a9528e7892b66b0623e0625414ace0b65d666574296
sha256:ad4f6d1882442683d6a0c6ac79b6d73064e9b59c235f07894f264bb26293177e
sha256:37a91fe2fb48b4381669da74df865cdbd86997050bc7b4900baf04c73ae08e88
sha256:249447d315582aade27d6f2b2f039a338af7d3a04c335d8885306151deeab826
sha256:d778ef93d7c001076c2ff945109854ca1380318dc8d69794cfa3f1eb42f58b11
sha256:ba51477a8bf74def93385ec7b9fb4794753c7bd970714274bfa105c0b3d1c242
sha256:88f2f144e112184d332043b0f70f1839129ca1fa71d463b5d015e23dd14437c7
sha256:7c8fd34c3a52bd79d6f96600b54e3aebe3d753aa02366b1a9de49570b72cb63a
sha256:54347aa276e2050c0200b38187eb1ca038efa7be467c10223f963b47f9f88ac0
sha256:317bafc7df45d98903f10dc52bb764ce79cf8e5028df813147a3491b7deedd2d
sha256:901f83545db88d803950d1b42f6a4442a7535dbeffdc7d5d3eb9cf94f160b90d
sha256:cc6d16c327282d64ce456745a6b629ba4efd28bc109587bf541ff839a171f57e
sha256:992a710e7a8ae07d8673a7754e9d7c7bb036eb1c95f143abe3498e5ec02f7835
sha256:f18efcfe4485d166925856018fa972dff91f688eb3d11de02d31c275bf07c53a
sha256:85bd81c119cb104375a8a367d5e89300d0cf3afc7a4f821733d152bfcdfae8f0
sha256:319ac334a5272a23f6b402bd6a9913af0064979c4ff6632943fce75ca1c4e9a9
sha256:b3048b676e41b7fedd926eea86ba8939684329aa192b32cf34f4d01ba9c93176
sha256:11e862ba108cf9c728c96bd2626eed526680babecc5a98c67afa3863eb21001f
sha256:dc2d98f6584e780dc11cf1e03cdd1d251f928f45c56ba871bacb8403495ae8fd
sha256:ac57227366f2d8b77d795e901543aad206180f62b1645d40ee34b53313f6a87c
sha256:a18593de5812f3ae43a8163f598efb3e78fdfe217132eaddfaa2e76ffce0850d
sha256:011f6cbf13729eca8d209f1939f433d92a8fd83262070391de4aeeb7a69672d0
sha256:6fab08a3e9df716b52c22a6ba92cfd64f6a9cdc07caffd28c2253ad495989477
sha256:6379ec43a50f076678a1f54a5e9c3bb0d21a21519128ceb60224d13f33e33d3c
sha256:0adf81ff5faa328ceb44d34c00ad62bc87ba82c3236b199fde8ec5f391ad07e0
sha256:2fdd0bae8a89f26d0319f48fd81cbe645c86b85b4ccbd745538ee2b3ef8f2deb
sha256:3f8806c9ea804e679d07606878979cd98d863a04beae669894a130df899843cc
sha256:aecf207897c08c999347d40e44610221e422f4ca7f1af1399d912ee2ae4e6590
sha256:f6bc4d3b28e3379a1745fb72f6223ef090e00cc482fef967068a14cd05cfda52
sha256:0b84d505a6d668b0402c29e74d5979bd09a0190709c34dd0854d494a082c65cb
sha256:33aabafc1bf3c2453b00c7ecf43799f4e9222fa1a413d08c3f92dc62416ea810
  • I've reviewed the guidance in CONTRIBUTING.md

License Acceptance

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@Swapnanil-Gupta
ci: only push to ecr on pr merge and remove older images
40bd351 
Signed-off-by: Swapnanil Gupta <swpnlg@amazon.com>
@Swapnanil-Gupta Swapnanil-Gupta mentioned this pull request Apr 3, 2026
Merged
1 task
@Swapnanil-Gupta Swapnanil-Gupta marked this pull request as ready for review April 3, 2026 20:43
@Swapnanil-Gupta Swapnanil-Gupta requested a review from a team as a code owner April 3, 2026 20:43
sondavidb
sondavidb reviewed Apr 3, 2026
View reviewed changes
@Swapnanil-Gupta Swapnanil-Gupta force-pushed the ecr-latest-only-os-image branch from 86447ab to c441585 Compare April 8, 2026 18:36
@Swapnanil-Gupta
move cleaning step after upload of the latest image
f288863 
Signed-off-by: Swapnanil Gupta <swpnlg@amazon.com>
@Swapnanil-Gupta Swapnanil-Gupta force-pushed the ecr-latest-only-os-image branch from c441585 to f288863 Compare April 8, 2026 18:37
@coderbirju coderbirju merged commit ec8e896 into main Apr 8, 2026
11 checks passed
@coderbirju coderbirju deleted the ecr-latest-only-os-image branch April 8, 2026 22:35
@Swapnanil-Gupta Swapnanil-Gupta changed the title ci: only push to ecr on pr merge and remove older images ci: only push os images to ecr on pr merge and remove older images Apr 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderbirju coderbirju coderbirju approved these changes

@sondavidb sondavidb sondavidb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Swapnanil-Gupta @coderbirju @sondavidb