ci: Fix Docker image cleanup and simplify CI image tagging (#26002)

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-12 16:10:30 +02:00 · 2026-02-20 07:49:36 +00:00 · 2026-02-20 07:49:36 +00:00 · aa12777c61
commit aa12777c61
parent 3b41ca8d2f
5 changed files with 50 additions and 74 deletions
--- a/.github/scripts/cleanup-ghcr-images.mjs
+++ b/.github/scripts/cleanup-ghcr-images.mjs
@ -3,14 +3,13 @@
 * Cleanup GHCR images for n8n CI
 *
 * Modes:
- *   --tag <tag>     Delete exact tag (merge queue cleanup - single image)
- *   --pr <number>   Delete all pr-{number}-* tags (PR cleanup - all runs for a PR)
- *   --stale <days>  Delete pr-* images older than N days (weekly scheduled cleanup)
+ *   --tag <tag>     Delete exact tag (post-run cleanup)
+ *   --stale <days>  Delete ci-* images older than N days (daily scheduled cleanup)
 *
 * Context:
- *   - PR runs use --pr to clean all images from failed/retried commits
- *   - Merge queue runs use --tag since PR number isn't available (image tagged pr--{run_id})
- *   - Weekly cron uses --stale to catch any orphaned images
+ *   - Each CI run tags images as ci-{run_id}
+ *   - Post-run cleanup uses --tag to delete the current run's images
+ *   - Daily cron uses --stale to catch any orphaned images
 */
 import { exec } from 'node:child_process';
 import { promisify } from 'node:util';
@ -21,8 +20,8 @@ const REPO = process.env.GHCR_REPO || 'n8n';
 const PACKAGES = [REPO, 'runners'];
 const [mode, rawValue] = process.argv.slice(2);

-if (!['--tag', '--pr', '--stale'].includes(mode) || !rawValue) {
-	console.error('Usage: cleanup-ghcr-images.mjs --tag <tag> | --pr <number> | --stale <days>');
+if (!['--tag', '--stale'].includes(mode) || !rawValue) {
+	console.error('Usage: cleanup-ghcr-images.mjs --tag <tag> | --stale <days>');
 	process.exit(1);
 }

@ -52,14 +51,14 @@ async function fetchPage(pkg, page) {
 	}
 }

-const isPrImage = (v, prNum) => {
+const isCiImage = (v) => {
 	const tags = v.metadata?.container?.tags || [];
-	return prNum ? tags.some((t) => t.startsWith(`pr-${prNum}-`)) : tags.some((t) => t.startsWith('pr-'));
+	return tags.some((t) => t.startsWith('ci-') || t.startsWith('pr-'));
 };

 const isStale = (v, days) => {
 	const cutoff = Date.now() - days * 86400000;
-	return isPrImage(v) && new Date(v.created_at) < cutoff;
+	return isCiImage(v) && new Date(v.created_at) < cutoff;
 };

 async function getVersionsForTag(pkg, tag) {
@ -68,33 +67,12 @@ async function getVersionsForTag(pkg, tag) {
 	return match ? [match] : [];
 }

-async function getVersionsForPr(pkg, prNumber) {
-	const versions = [];
-	let emptyPages = 0;
-
-	for (let page = 1; ; page++) {
-		const batch = await fetchPage(pkg, page);
-		if (!batch.length) break;
-
-		const matches = batch.filter((v) => isPrImage(v, prNumber));
-		if (matches.length) {
-			versions.push(...matches);
-			emptyPages = 0;
-		} else if (++emptyPages >= 3) {
-			console.log(`  Early termination after ${page} pages`);
-			break;
-		}
-		if (batch.length < 100) break;
-	}
-	return versions;
-}
-
 async function getVersionsForStale(pkg, days) {
 	const versions = [];
 	const cutoff = Date.now() - days * 86400000;
 	// Use 2x cutoff as safety window for early termination
 	const earlyExitCutoff = Date.now() - days * 2 * 86400000;
-	let pagesWithoutPrImages = 0;
+	let pagesWithoutCiImages = 0;

 	const firstPage = await fetchPage(pkg, 1);
 	if (!firstPage.length) return [];
@ -112,22 +90,22 @@ async function getVersionsForStale(pkg, days) {
 		for (const batch of batches) {
 			if (!batch.length || batch.length < 100) done = true;

-			let hasPrImages = false;
+			let hasCiImages = false;
 			for (const v of batch) {
-				if (isPrImage(v)) {
-					hasPrImages = true;
+				if (isCiImage(v)) {
+					hasCiImages = true;
 					if (new Date(v.created_at) < cutoff) versions.push(v);
 				}
 			}

 			// Early termination: if we've gone through pages without finding
-			// any PR images and all items are older than 2x cutoff, we're past
-			// the PR image window
-			if (!hasPrImages) {
-				pagesWithoutPrImages++;
+			// any CI images and all items are older than 2x cutoff, we're past
+			// the CI image window
+			if (!hasCiImages) {
+				pagesWithoutCiImages++;
 				const oldestInBatch = batch[batch.length - 1];
 				if (
-					pagesWithoutPrImages >= 3 &&
+					pagesWithoutCiImages >= 3 &&
 					oldestInBatch &&
 					new Date(oldestInBatch.created_at) < earlyExitCutoff
 				) {
@ -135,7 +113,7 @@ async function getVersionsForStale(pkg, days) {
 					done = true;
 				}
 			} else {
-				pagesWithoutPrImages = 0;
+				pagesWithoutCiImages = 0;
 			}

 			if (!batch.length || done) break;
@ -154,8 +132,6 @@ for (const pkg of PACKAGES) {
 	const toDelete =
 		mode === '--tag'
 			? await getVersionsForTag(pkg, value)
-			: mode === '--pr'
-				? await getVersionsForPr(pkg, value)
 			: await getVersionsForStale(pkg, value);

 	if (!toDelete.length) {
--- a/.github/workflows/ci-pull-requests.yml
+++ b/.github/workflows/ci-pull-requests.yml
@ -21,6 +21,7 @@ jobs:
    outputs:
      ci: ${{ fromJSON(steps.ci-filter.outputs.results).ci == true }}
      unit: ${{ fromJSON(steps.ci-filter.outputs.results).unit == true }}
+      e2e: ${{ fromJSON(steps.ci-filter.outputs.results).e2e == true }}
      workflows: ${{ fromJSON(steps.ci-filter.outputs.results).workflows == true }}
      db: ${{ fromJSON(steps.ci-filter.outputs.results).db == true }}
      commit_sha: ${{ steps.commit-sha.outputs.sha }}
@ -49,6 +50,11 @@ jobs:
              !packages/@n8n/task-runner-python/**
              !packages/testing/playwright/**
              !.github/**
+            e2e:
+              .github/workflows/test-e2e-*.yml
+              .github/scripts/cleanup-ghcr-images.mjs
+              packages/testing/playwright/**
+              packages/testing/containers/**
            workflows: .github/**
            db:
              packages/cli/src/databases/**
@ -111,7 +117,7 @@ jobs:
  e2e-tests:
    name: E2E Tests
    needs: install-and-build
-    if: needs.install-and-build.outputs.ci == 'true' && github.repository == 'n8n-io/n8n'
+    if: (needs.install-and-build.outputs.ci == 'true' || needs.install-and-build.outputs.e2e == 'true') && github.repository == 'n8n-io/n8n'
    uses: ./.github/workflows/test-e2e-ci-reusable.yml
    with:
      branch: ${{ needs.install-and-build.outputs.commit_sha }}
--- a/.github/workflows/test-e2e-ci-reusable.yml
+++ b/.github/workflows/test-e2e-ci-reusable.yml
@ -10,7 +10,7 @@ on:
        default: ''

 env:
-  DOCKER_IMAGE: ghcr.io/${{ github.repository }}:pr-${{ github.event.pull_request.number }}-${{ github.run_id }}
+  DOCKER_IMAGE: ghcr.io/${{ github.repository }}:ci-${{ github.run_id }}

 jobs:
  prepare:
@ -44,7 +44,7 @@ jobs:
        env:
          INCLUDE_TEST_CONTROLLER: 'true'
          IMAGE_BASE_NAME: ghcr.io/${{ github.repository }}
-          IMAGE_TAG: pr-${{ github.event.pull_request.number }}-${{ github.run_id }}
+          IMAGE_TAG: ci-${{ github.run_id }}
          RUNNERS_IMAGE_BASE_NAME: ghcr.io/${{ github.repository_owner }}/runners

      - name: Generate shard matrix
@ -59,7 +59,7 @@ jobs:
    with:
      branch: ${{ inputs.branch }}
      test-mode: docker-pull
-      docker-image: ghcr.io/${{ github.repository }}:pr-${{ github.event.pull_request.number }}-${{ github.run_id }}
+      docker-image: ghcr.io/${{ github.repository }}:ci-${{ github.run_id }}
      test-command: pnpm --filter=n8n-playwright test:container:sqlite:e2e tests/e2e/building-blocks/workflow-entry-points.spec.ts
      shards: 1
      runner: blacksmith-2vcpu-ubuntu-2204
@ -77,7 +77,7 @@ jobs:
    with:
      branch: ${{ inputs.branch }}
      test-mode: docker-pull
-      docker-image: ghcr.io/${{ github.repository }}:pr-${{ github.event.pull_request.number }}-${{ github.run_id }}
+      docker-image: ghcr.io/${{ github.repository }}:ci-${{ github.run_id }}
      test-command: pnpm --filter=n8n-playwright test:container:multi-main:e2e
      shards: 16
      runner: blacksmith-2vcpu-ubuntu-2204
@ -101,9 +101,10 @@ jobs:
      workers: '1'
      upload-failure-artifacts: true

-  # Cleanup ephemeral Docker image from GHCR and local cache after tests complete
-  cleanup-docker:
-    name: 'Cleanup Docker Image'
+  # Cleanup ephemeral Docker image from GHCR after tests complete
+  # Local runner cleanup is handled by each test shard in test-e2e-reusable.yml
+  cleanup-ghcr:
+    name: 'Cleanup GHCR Image'
    needs: [prepare, multi-main-e2e, sqlite-sanity]
    if: ${{ !failure() && !cancelled() && !github.event.pull_request.head.repo.fork }}
    runs-on: blacksmith-2vcpu-ubuntu-2204
@ -117,24 +118,10 @@ jobs:
          sparse-checkout: .github/scripts
          sparse-checkout-cone-mode: false

-      - name: Cleanup local Docker cache
-        run: |
-          echo "Removing PR images from local cache..."
-          docker rmi ghcr.io/n8n-io/n8n:pr-${{ github.event.pull_request.number }}-${{ github.run_id }} || true
-          docker rmi ghcr.io/n8n-io/runners:pr-${{ github.event.pull_request.number }}-${{ github.run_id }} || true
-          docker system prune -f || true
-
      - name: Delete images from GHCR
        continue-on-error: true
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GHCR_ORG: ${{ github.repository_owner }}
          GHCR_REPO: ${{ github.event.repository.name }}
-        run: |
-          if [ -n "${{ github.event.pull_request.number }}" ]; then
-            echo "PR context: cleaning all images for PR ${{ github.event.pull_request.number }}"
-            node .github/scripts/cleanup-ghcr-images.mjs --pr ${{ github.event.pull_request.number }}
-          else
-            echo "Merge queue context: cleaning image pr--${{ github.run_id }}"
-            node .github/scripts/cleanup-ghcr-images.mjs --tag pr--${{ github.run_id }}
-          fi
+        run: node .github/scripts/cleanup-ghcr-images.mjs --tag ci-${{ github.run_id }}
--- a/.github/workflows/test-e2e-reusable.yml
+++ b/.github/workflows/test-e2e-reusable.yml
@ -175,6 +175,13 @@ jobs:
            packages/testing/playwright/playwright-report/
          retention-days: 7

+      - name: Cleanup cached CI images
+        if: ${{ inputs.test-mode == 'docker-pull' }}
+        continue-on-error: true
+        run: |
+          docker images --format '{{.Repository}}:{{.Tag}}' | grep -E 'ghcr\.io/n8n-io/(n8n|runners):(ci|pr)-' | xargs -r docker rmi || true
+          docker system prune -f || true
+
      - name: Cancel Currents run if workflow is cancelled
        if: ${{ cancelled() }}
        env:
--- a/.github/workflows/util-cleanup-pr-images.yml
+++ b/.github/workflows/util-cleanup-pr-images.yml
@ -1,13 +1,13 @@
-name: 'Util: Cleanup PR Docker Images'
+name: 'Util: Cleanup CI Docker Images'

 on:
  schedule:
-    # Weekly cleanup: Sunday at 3 AM UTC
-    - cron: '0 3 * * 0'
+    # Daily cleanup at 3 AM UTC
+    - cron: '0 3 * * *'

 jobs:
  cleanup:
-    name: 'Delete stale PR images'
+    name: 'Delete stale CI images'
    runs-on: ubuntu-slim
    permissions:
      packages: write
@ -19,9 +19,9 @@ jobs:
          sparse-checkout: .github/scripts
          sparse-checkout-cone-mode: false

-      - name: Delete stale PR images
+      - name: Delete stale CI images
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GHCR_ORG: ${{ github.repository_owner }}
          GHCR_REPO: ${{ github.event.repository.name }}
-        run: node .github/scripts/cleanup-ghcr-images.mjs --stale 7
+        run: node .github/scripts/cleanup-ghcr-images.mjs --stale 1