From b2dc43bd3364ee232a8994778ca6cf79b9e2b982 Mon Sep 17 00:00:00 2001
From: Andrey Tataranovich <andrei_tataranovich@epam.com>
Date: Thu, 14 Nov 2024 09:10:59 +0300
Subject: [PATCH] chore: cleanup untagged images (#171)

---
 .github/workflows/cleanup-untagged-images.yml | 20 +++++++++++++++++++
 trivy.yaml                                    | 13 ++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 .github/workflows/cleanup-untagged-images.yml
 create mode 100644 trivy.yaml

diff --git a/.github/workflows/cleanup-untagged-images.yml b/.github/workflows/cleanup-untagged-images.yml
new file mode 100644
index 0000000..37dd0be
--- /dev/null
+++ b/.github/workflows/cleanup-untagged-images.yml
@@ -0,0 +1,20 @@
+name: Cleanup untagged images
+
+on:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  clean:
+    name: Delete untagged images
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    steps:
+      - uses: snok/container-retention-policy@4f22ef80902ad409ed55a99dc5133cc1250a0d03 # v3.0.0
+        with:
+          account: ${{ github.repository_owner }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          image-names: ${{ github.event.repository.name }}
+          tag-selection: "untagged"
+          cut-off: "1d"
diff --git a/trivy.yaml b/trivy.yaml
new file mode 100644
index 0000000..f595cea
--- /dev/null
+++ b/trivy.yaml
@@ -0,0 +1,13 @@
+# Trivy configuration file
+# https://aquasecurity.github.io/trivy/latest/docs/references/configuration/config-file/
+# Can be deleted after public ecr mirror will be added by default
+db:
+  no-progress: true
+  repository:
+    - ghcr.io/aquasecurity/trivy-db:2
+    - public.ecr.aws/aquasecurity/trivy-db:2
+  java-repository:
+    - ghcr.io/aquasecurity/trivy-java-db:1
+    - public.ecr.aws/aquasecurity/trivy-java-db:1
+misconfiguration:
+  checks-bundle-repository: public.ecr.aws/aquasecurity/trivy-checks