From 7ff92422b9aeba66284faef6b365f972796c0bff Mon Sep 17 00:00:00 2001
From: mgoerens <mgoerens@redhat.com>
Date: Thu, 3 Aug 2023 15:54:16 +0200
Subject: [PATCH] Expire commit container images after 1 week

Prior to podman 4.6.0, there is a bug that would cause the expiration
tag to be added to the "main" container image as well in the build.yaml
workflow. See the buildah bug report:
https://github.com/containers/buildah/issues/4632

As a workaround, the --no-cache flag is used to build container images
with the "build-image" make target.

This workaround, can be removed when we use a runner image that has
podman>=4.6.0. Currently, the ubuntu-latest runner image we use has
3.4.4.

close #397

Signed-off-by: mgoerens <mgoerens@redhat.com>
---
 .github/workflows/main.yaml | 3 ++-
 Makefile                    | 5 ++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index beb47795..c8d8c436 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -25,8 +25,9 @@ jobs:
       - name: Build container images
         id: build_container_images
         run: |
+            podman version
             # Build podman images locally
-            make build-image IMAGE_TAG=${{ steps.get_commit_id.outputs.commit_id }}
+            make build-image IMAGE_TAG=${{ steps.get_commit_id.outputs.commit_id }} QUAY_EXPIRE_AFTER=1w
             make build-image IMAGE_TAG=main
 
       - name: Push to quay.io
diff --git a/Makefile b/Makefile
index 34d12f2f..ceab3794 100644
--- a/Makefile
+++ b/Makefile
@@ -5,6 +5,7 @@ IMAGE_REPO?=quay.io/redhat-certification
 COMMIT_ID=$(shell git rev-parse --short HEAD)
 COMMIT_ID_LONG=$(shell git rev-parse HEAD)
 IMAGE_TAG=$(COMMIT_ID)
+QUAY_EXPIRE_AFTER="never"
 
 default: bin
 
@@ -57,7 +58,9 @@ test:
 # If IMAGE_TAG is not provided, use the COMMIT_ID
 .PHONY: build-image
 build-image:
-	$(IMAGE_BUILDER) build -t $(IMAGE_REPO)/chart-verifier:$(IMAGE_TAG) .
+	# TODO: Adding --no-cache option as a workaround to https://github.com/containers/buildah/issues/4632
+	# This can be removed as soon as we can ensure that the ubuntu-latest runner image uses podman=>4.6.0
+	$(IMAGE_BUILDER) build --no-cache --label quay.expires-after=$(QUAY_EXPIRE_AFTER) -t $(IMAGE_REPO)/chart-verifier:$(IMAGE_TAG) .
 
 # Push the container image. Usage: make push-image IMAGE_TAG=my_tag
 # If IMAGE_TAG is not provided, use the COMMIT_ID