Skip to content

Replace manual disk cleanup with quick-cleanup #471

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
sebrandon1 wants to merge 1 commit into from
+5 −4
Closed

Replace manual disk cleanup with quick-cleanup #471

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions .github/workflows/push.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,13 +51,14 @@ jobs:
files: coverage.out
verbose: true
# Only try to publish the container image from the root repo; forks don't have permission to do so and will always get failures.
- name: Free up disk space
if: github.repository == 'vmware-tanzu/velero'
uses: palmsoftware/quick-cleanup@v0
with:
cleanup-mode: aggressive
Comment on lines +54 to +58
Copy link

@coderabbitai coderabbitai bot Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Resolve the current commit behind the v0 tag
git ls-remote https://github.com/palmsoftware/quick-cleanup.git refs/tags/v0

Repository: openshift/velero

Length of output: 113

Pin palmsoftware/quick-cleanup to a commit SHA.

Using a mutable tag (@v0) weakens supply-chain integrity. Pin to the specific commit SHA (21be80c22ed5745594aa5ca6350089499d54db4b) and keep the tag as a comment for traceability.

🔒 Proposed change 
-        uses: palmsoftware/quick-cleanup@v0
+        # v0
+        uses: palmsoftware/quick-cleanup@21be80c22ed5745594aa5ca6350089499d54db4b
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Free up disk space
if: github.repository == 'vmware-tanzu/velero'
uses: palmsoftware/quick-cleanup@v0
with:
cleanup-mode: aggressive
- name: Free up disk space
if: github.repository == 'vmware-tanzu/velero'
# v0
uses: palmsoftware/quick-cleanup@21be80c22ed5745594aa5ca6350089499d54db4b
with:
cleanup-mode: aggressive
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/push.yml around lines 54 - 58, Update the GitHub Actions
step named "Free up disk space" to pin the action reference to the immutable
commit SHA instead of the mutable tag; replace uses:
palmsoftware/quick-cleanup@v0 with uses:
palmsoftware/quick-cleanup@21be80c22ed5745594aa5ca6350089499d54db4b and keep the
original `@v0` tag as a commented note for traceability, leaving the step name and
inputs (cleanup-mode: aggressive) unchanged.

- name: Publish container image
if: github.repository == 'vmware-tanzu/velero'
run: |
sudo swapoff -a
sudo rm -f /mnt/swapfile
docker system prune -a --force

# Build and push Velero image to docker registry
docker login -u ${{ secrets.DOCKER_USER }} -p ${{ secrets.DOCKER_PASSWORD }}
./hack/docker-push.sh