From a7ae6d62195ba3c5e5ccb2422e90f78fa095ebc0 Mon Sep 17 00:00:00 2001
From: jbtrystram <jbtrystram@redhat.com>
Date: Fri, 6 Sep 2024 15:58:37 +0200
Subject: [PATCH 1/2] jobs/garbage-collection: add containers

Add containers tags in the garbage collection job. These can run
in parrallel without issues.
---
 jobs/garbage-collection.Jenkinsfile | 68 +++++++++++++++++++----------
 1 file changed, 44 insertions(+), 24 deletions(-)

diff --git a/jobs/garbage-collection.Jenkinsfile b/jobs/garbage-collection.Jenkinsfile
index a6dc8d35..6a50f334 100644
--- a/jobs/garbage-collection.Jenkinsfile
+++ b/jobs/garbage-collection.Jenkinsfile
@@ -56,38 +56,58 @@ lock(resource: "gc-${params.STREAM}") {
             def originalTimestamp = originalBuildsJson.timestamp
             def acl = pipecfg.s3.acl ?: 'public-read'
 
-            withCredentials([file(variable: 'GCP_KOLA_TESTS_CONFIG', credentialsId: 'gcp-image-upload-config')]) {
-                stage('Garbage Collection') {
-                    pipeutils.shwrapWithAWSBuildUploadCredentials("""
-                    cosa cloud-prune --policy ${new_gc_policy_path} \
-                    --stream ${params.STREAM} ${dry_run} \
-                    --gcp-json-key=\${GCP_KOLA_TESTS_CONFIG} \
-                    --acl=${acl} \
-                    --aws-config-file \${AWS_BUILD_UPLOAD_CONFIG}
-                    """)
-                }
-            }
-
-            def currentBuildsJson = readJSON file: 'builds/builds.json'
-            def currentTimestamp = currentBuildsJson.timestamp
-
-            // If the timestamp on builds.json after the 'Garbage Collection' step
-            // is the same as before, that means, there were no resources to be pruned
-            // and hence, no need to update the builds.json.
-            if (originalTimestamp != currentTimestamp) {
-                // Nested lock for the Upload Builds JSON step
-                lock(resource: "builds-json-${params.STREAM}") {
-                    stage('Upload Builds JSON') {
+            // containers tags and cloud artifacts can be GCed in parallel
+            def parallelruns = [:]
+            parallelruns['Cloud artifacts'] = {
+                withCredentials([file(variable: 'GCP_KOLA_TESTS_CONFIG', credentialsId: 'gcp-image-upload-config')]) {
+                    stage('Cloud artifacts GC') {
                         pipeutils.shwrapWithAWSBuildUploadCredentials("""
                         cosa cloud-prune --policy ${new_gc_policy_path} \
-                        --stream ${params.STREAM} \
-                        --upload-builds-json ${dry_run} \
+                        --stream ${params.STREAM} ${dry_run} \
+                        --gcp-json-key=\${GCP_KOLA_TESTS_CONFIG} \
                         --acl=${acl} \
                         --aws-config-file \${AWS_BUILD_UPLOAD_CONFIG}
                         """)
                     }
                 }
+
+                def currentBuildsJson = readJSON file: 'builds/builds.json'
+                def currentTimestamp = currentBuildsJson.timestamp
+
+                // If the timestamp on builds.json after the 'Garbage Collection' step
+                // is the same as before, that means, there were no resources to be pruned
+                // and hence, no need to update the builds.json.
+                if (originalTimestamp != currentTimestamp) {
+                    // Nested lock for the Upload Builds JSON step
+                    lock(resource: "builds-json-${params.STREAM}") {
+                        stage('Upload Builds JSON') {
+                            pipeutils.shwrapWithAWSBuildUploadCredentials("""
+                            cosa cloud-prune --policy ${new_gc_policy_path} \
+                            --stream ${params.STREAM} \
+                            --upload-builds-json ${dry_run} \
+                            --acl=${acl} \
+                            --aws-config-file \${AWS_BUILD_UPLOAD_CONFIG}
+                            """)
+                        }
+                    }
+                }
+            }
+            parallelruns['Container tags'] = {
+                // get repo url from pipecfg
+                def registry = pipecfg.registry_repos.oscontainer.repo
+                withCredentials([file(variable: 'REGISTRY_SECRET', 
+                                            credentialsId: 'oscontainer-push-registry-secret')]) {
+                    pipeutils.shwrap("""
+                        cosa container-prune --policy ${new_gc_policy_path} \
+                            --registry-auth-file=\${REGISTRY_SECRET} \
+                            --stream ${params.STREAM} ${dry_run} \
+                            ${registry}
+                    """)
+                }
             }
+            
+            parallel parallelruns
+
             currentBuild.result = 'SUCCESS'
             currentBuild.description = "${build_description} ✓"
 

From 270fcc9d494f8345129258f6a16c98c774f8e344 Mon Sep 17 00:00:00 2001
From: jbtrystram <jbtrystram@redhat.com>
Date: Tue, 1 Oct 2024 16:39:28 +0200
Subject: [PATCH 2/2] gc-policy: prune containers

Pruning dev streams after 2 weeks and stable streams after 2 months as
decided in https://github.com/coreos/fedora-coreos-tracker/issues/1367#issuecomment-1372870700
---
 gc-policy.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/gc-policy.yaml b/gc-policy.yaml
index 2f27deee..fd041857 100644
--- a/gc-policy.yaml
+++ b/gc-policy.yaml
@@ -1,9 +1,21 @@
 branched:
+    containers: 2w
     cloud-uploads: 1y
 rawhide:
+    containers: 2w
     cloud-uploads: 1y
 bodhi-updates:
     cloud-uploads: 1y
     images: 58m
     images-keep: [qemu, live-iso]
     build: 62m
+testing-devel:
+   containers: 2w
+next-devel:
+   containers: 2w
+next:
+   containers: 2m
+testing:
+   containers: 2m
+stable:
+   containers: 2m