Implement image builder database maintenance (HMS-4244)

[schuellerf]

This implements the retention policy requested in https://issues.redhat.com/browse/HMS-4244

image-builder-maintenance for now runs vacuum
and cleans all composes older than 2 years (by default)
to remove customer related data according to the
retention policy

As this is not really urgent, it's scheduled once
a week on Tuesdays to avoid problems on weekends

…should be merged after #1398
Note: this implementation is almost a copy of https://github.com/osbuild/osbuild-composer/tree/main/cmd/osbuild-service-maintenance to stick to the same mechanism

[codecov]

Codecov Report

Attention: Patch coverage is 91.89189% with 3 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
cmd/image-builder/main.go	0.00%	3 Missing ⚠️

Files with missing lines	Coverage Δ
internal/db/db.go	57.81% <100.00%> (ø)
internal/tutils/psql.go	75.43% <100.00%> (+5.54%)	⬆️
cmd/image-builder/main.go	0.00% <0.00%> (ø)

[schuellerf]

Note: failed code/snyk check just indicates that in our testcases we have a password hardcoded …

[lzap]

Looks great. The only concern I have is why this is a separate image, but this could be app-sre requirement, no issues.

[schuellerf]

@lzap
I forgot to add this to the commit message that this, for now, is almost a copy of
https://github.com/osbuild/osbuild-composer/tree/main/cmd/osbuild-service-maintenance
to stick to the same approach.

[schuellerf]

Refactoring this into a separate repo or somehow sharing code with composer was considered but discarded for less effort.
Still this discussion is valid and ongoing.

[schuellerf]

Konflux failure seems to be related to the current rhsm outage… (and it's not a required check here)
… and PR build seems to fail due to ephemeral cluster issues

[schuellerf]

/retest

[schuellerf]

/retest

[lzap]

Couple of logging/transactional improvements could be done, but nothing big. I mean, there are not too many records, are there? :-)

[mvo5]

Quick drive-by: when switching to "cleanenv", please split the commit that changes our code and the part that adds the vendoring to the repo (i.e. two commits, one with vendored stuff, one with switching the code to use it)

Also do we actually need to put the vendored deps into the git repo? We removed all vendoring from "images" because it is not packaged, maybe we could look into doing the same here?

[schuellerf]

@mvo5

Quick drive-by: when switching to "cleanenv", please split the commit that changes our code and the part that adds the vendoring to the repo (i.e. two commits, one with vendored stuff, one with switching the code to use it)

I can split it, although that actually results in a somewhat inconsistent commit (as it has dependencies no one needs, only one commit later) 🤔
but I get the idea from the standpoint of reviewing…

Also do we actually need to put the vendored deps into the git repo? We removed all vendoring from "images" because it is not packaged, maybe we could look into doing the same here?

Don't know - we can follow up on this, vendoring makes things strange for sure 👌

[lzap]

Perfect.

[croissanne]

Thank you!

In addition to the comments, could you also clean up the commit messages a bit?

The body of the commit should be full sentences ( so capital letters & periods). There are also some spelling errors (depentent -> dependent, our selfs -> ourselves). And there's a trailing s in the distribution/Dockerfile-ubi-maintenance: fix entrypoint commit.

[croissanne]

@mvo5

Also do we actually need to put the vendored deps into the git repo? We removed all vendoring from "images" because it is not packaged, maybe we could look into doing the same here?

Don't know - we can follow up on this, vendoring makes things strange for sure 👌

I don't think there's any really good reason at this point time. We can remove them in image builder, a separate PR though.

[mvo5]

[..]

In addition to the comments, could you also clean up the commit messages a bit?

Quick drive-by (as I was tagged): maybe also worth squashing a few commits

[schuellerf]

[..]

Quick drive-by (as I was tagged): maybe also worth squashing a few commits

This was on purpose to be able to follow along the comments easier, but I'll squash some.

[croissanne]

lgtm!