feat: set quay image expiry to prevent overflow of images

.github/workflows/build-images-base.yaml

@@ -23,6 +23,10 @@ on:
         description: Bundle and catalog channels, comma separated
         default: preview
         type: string
+      quayImageExpiry:
+        description: When to expire the built quay images. The time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively, from the time the image is built.
+        default: never
+        type: string
   workflow_dispatch:
     inputs:
       operatorVersion:
@@ -45,6 +49,10 @@ on:
         description: Bundle and catalog channels, comma separated
         default: preview
         type: string
+      quayImageExpiry:
+        description: When to expire the built quay images. The time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively, from the time the image is built.
+        default: never
+        type: string
 
 env:
   IMG_TAGS: ${{ inputs.operatorTag }}
@@ -53,6 +61,7 @@ env:
   IMG_REGISTRY_ORG: kuadrant
   MAIN_BRANCH_NAME: main
   OPERATOR_NAME: limitador-operator
+  QUAY_IMAGE_EXPIRY: ${{ inputs.quayImageExpiry }}
 
 jobs:
   build:
@@ -82,6 +91,7 @@ jobs:
           build-args: |
             GIT_SHA=${{ github.sha }}
             DIRTY=false
+            QUAY_IMAGE_EXPIRY=${{ inputs.quayImageExpiry }}
       - name: Push Image
         if: ${{ !env.ACT }}
         id: push-to-quay
@@ -136,6 +146,8 @@ jobs:
           platforms: linux/amd64,linux/arm64
           dockerfiles: |
             ./bundle.Dockerfile
+          build-args: |
+            QUAY_IMAGE_EXPIRY=${{ inputs.quayImageExpiry }}
       - name: Push Image
         if: ${{ !env.ACT }}
         id: push-to-quay
@@ -188,6 +200,7 @@ jobs:
           context: ./catalog
           dockerfiles: |
             ./catalog/${{ env.OPERATOR_NAME }}-catalog.Dockerfile
+          # The Quay image expiry label for the generated catalog Dockerfile is set via opm, using the value set in the QUAY_IMAGE_EXPIRY environment variable
       - name: Push Image
         if: ${{ !env.ACT }}
         id: push-to-quay

.github/workflows/build-images-branches.yaml

@@ -13,3 +13,4 @@ jobs:
     with:
       operatorVersion: ${{ github.ref_name }}
       operatorTag: ${{ github.ref_name }}
+      quayImageExpiry: 1w

.github/workflows/build-images-scheduled.yaml

@@ -13,3 +13,4 @@ jobs:
       operatorVersion: ${{ github.sha }}
       operatorTag: ${{ github.sha }}
       limitadorVersion: ${{ vars.LIMITADOR_SHA }}
+      quayImageExpiry: 2w

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.21 as builder
+FROM golang:1.21 AS builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -31,4 +31,8 @@ WORKDIR /
 COPY --from=builder /workspace/manager .
 USER 65532:65532
 
+# Quay image expiry
+ARG QUAY_IMAGE_EXPIRY=never
+LABEL quay.expires-after=$QUAY_IMAGE_EXPIRY
+
 ENTRYPOINT ["/manager"]

Makefile

@@ -277,7 +277,7 @@ run: manifests generate fmt vet ## Run a controller from your host.)
 docker-build: GIT_SHA=$(shell git rev-parse HEAD || echo "unknown")
 docker-build: DIRTY=$(shell $(PROJECT_PATH)/utils/check-git-dirty.sh || echo "unknown")
 docker-build: ## Build docker image with the manager.
-	docker build --build-arg GIT_SHA=$(GIT_SHA) --build-arg DIRTY=$(DIRTY) -t $(IMG) .
+	docker build --build-arg GIT_SHA=$(GIT_SHA) --build-arg DIRTY=$(DIRTY) --build-arg QUAY_IMAGE_EXPIRY=$(QUAY_IMAGE_EXPIRY) -t $(IMG) .
 
 docker-push: ## Push docker image with the manager.
 	docker push $(IMG)
@@ -340,6 +340,7 @@ bundle: $(KUSTOMIZE) $(OPERATOR_SDK) $(YQ) manifests ## Generate bundle manifest
 	# Validate bundle manifests
 	$(OPERATOR_SDK) bundle validate ./bundle
 	$(MAKE) bundle-ignore-createdAt
+	echo "$$QUAY_EXPIRY_TIME_LABEL" >> bundle.Dockerfile
 
 .PHONY: bundle-ignore-createdAt
 bundle-ignore-createdAt:
@@ -354,7 +355,7 @@ bundle-ignore-createdAt:
 
 .PHONY: bundle-build
 bundle-build: ## Build the bundle image.
-	docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
+	docker build --build-arg QUAY_IMAGE_EXPIRY=$(QUAY_IMAGE_EXPIRY) -f bundle.Dockerfile -t $(BUNDLE_IMG) .
 
 .PHONY: bundle-push
 bundle-push: ## Push the bundle image.

bundle.Dockerfile

@@ -18,3 +18,7 @@ LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/
 COPY bundle/manifests /manifests/
 COPY bundle/metadata /metadata/
 COPY bundle/tests/scorecard /tests/scorecard/
+
+# Quay image expiry
+ARG QUAY_IMAGE_EXPIRY=never
+LABEL quay.expires-after=${QUAY_IMAGE_EXPIRY}

make/catalog.mk

@@ -6,9 +6,21 @@ CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:$(IMAGE_TAG)
 CATALOG_FILE = $(PROJECT_PATH)/catalog/limitador-operator-catalog/operator.yaml
 CATALOG_DOCKERFILE = $(PROJECT_PATH)/catalog/limitador-operator-catalog.Dockerfile
 
+# Quay image default expiry
+QUAY_IMAGE_EXPIRY ?= never
+
+# A LABEL that can be appended to a generated Dockerfile to set the Quay image expiration through Docker arguments.
+define QUAY_EXPIRY_TIME_LABEL
+
+# Quay image expiry
+ARG QUAY_IMAGE_EXPIRY=never
+LABEL quay.expires-after=$${QUAY_IMAGE_EXPIRY}
+endef
+export QUAY_EXPIRY_TIME_LABEL
+
 $(CATALOG_DOCKERFILE): $(OPM)
 	-mkdir -p $(PROJECT_PATH)/catalog/limitador-operator-catalog
-	cd $(PROJECT_PATH)/catalog && $(OPM) generate dockerfile limitador-operator-catalog
+	cd $(PROJECT_PATH)/catalog && $(OPM) generate dockerfile limitador-operator-catalog -l quay.expires-after=$(QUAY_IMAGE_EXPIRY)
 catalog-dockerfile: $(CATALOG_DOCKERFILE) ## Generate catalog dockerfile.
 
 $(CATALOG_FILE): $(OPM) $(YQ)