From 626530e63aa00d36136bf944b7a0ac13cf427adb Mon Sep 17 00:00:00 2001 From: Jay <110402935+jay-418@users.noreply.github.com> Date: Fri, 27 Feb 2026 12:01:00 -0700 Subject: [PATCH 1/3] automatically remove old nightly releases --- .github/workflows/release-cleanup.yml | 50 +++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/release-cleanup.yml diff --git a/.github/workflows/release-cleanup.yml b/.github/workflows/release-cleanup.yml new file mode 100644 index 0000000000..1545e593c3 --- /dev/null +++ b/.github/workflows/release-cleanup.yml @@ -0,0 +1,50 @@ +# Nightly builds are helpful validation, but useless when old. +# This script deletes any "nightly" titled release older than DAYS_OLD. +# Dry run is default, and must be explicitly passed as 'false' to act. +name: Release cleanup + +on: + push: + branches: + - jay/release-cleanup # TODO: remove after testing + + schedule: + - cron: "30 3 * * *" + + workflow_dispatch: + inputs: + dry_run: + description: "Dry run (no deletions)" + type: boolean + default: true + +jobs: + cleanup: + runs-on: ubuntu-latest + steps: + - name: Clean up old nightly releases + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DRY_RUN: ${{ github.event_name != 'schedule' && (github.event_name != 'workflow_dispatch' || inputs.dry_run) }} + run: | + set -euo pipefail + + DAYS_OLD=7 + CUTOFF_DATE=$(date -u -d "${DAYS_OLD} days ago" +%Y-%m-%dT%H:%M:%SZ) + + gh release list -R "$GITHUB_REPOSITORY" \ + --limit 1000 \ + --json tagName,publishedAt,name \ + --jq ".[] | select(.name | test(\"nightly\"; \"i\")) | select(.publishedAt < \"${CUTOFF_DATE}\") | .tagName" | + while read -r tag; do + if [[ "$DRY_RUN" == "true" ]]; then + echo "DRY-RUN: $tag" + else + if ! gh release delete "$tag" -R "$GITHUB_REPOSITORY" --yes; then + echo "Error: release deletion: $tag" >&2 + exit 1 + else + echo "Release deleted: $tag" + fi + fi + done From 2c439bd1d88bcd9ca3745a6f559b89fb1bac1f4e Mon Sep 17 00:00:00 2001 From: Jay <110402935+jay-418@users.noreply.github.com> Date: Fri, 27 Feb 2026 12:01:25 -0700 Subject: [PATCH 2/3] Potential fix for code scanning alert no. 15: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/release-cleanup.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release-cleanup.yml b/.github/workflows/release-cleanup.yml index 1545e593c3..67c7374941 100644 --- a/.github/workflows/release-cleanup.yml +++ b/.github/workflows/release-cleanup.yml @@ -21,6 +21,8 @@ on: jobs: cleanup: runs-on: ubuntu-latest + permissions: + contents: write steps: - name: Clean up old nightly releases env: From e8eeec6cf538295da2a5da72076b5afc8749a96c Mon Sep 17 00:00:00 2001 From: Jay <110402935+jay-418@users.noreply.github.com> Date: Fri, 27 Feb 2026 12:02:00 -0700 Subject: [PATCH 3/3] remove temp push branch for testing --- .github/workflows/release-cleanup.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/release-cleanup.yml b/.github/workflows/release-cleanup.yml index 67c7374941..579b327c79 100644 --- a/.github/workflows/release-cleanup.yml +++ b/.github/workflows/release-cleanup.yml @@ -4,10 +4,6 @@ name: Release cleanup on: - push: - branches: - - jay/release-cleanup # TODO: remove after testing - schedule: - cron: "30 3 * * *"