Add background cleanup process

When given the "run" argument, in addition to launching `podman system
service` in the background, also start a small periodic maintenance
script.  It's only job is to clean up stale images, containers, and
volumes from old jobs.  Currently hard-coded to trigger every 2 days,
this could be tweaked via build-args or env. var.

Signed-off-by: Chris Evich <cevich@redhat.com>

Containerfile

@@ -86,13 +86,14 @@ RUN if [[ "$RUNNER_LISTEN_ADDRESS" == "disabled" ]]; then \
 
 # A small wrapper is needed to launch a background podman system service
 # process for the gitlab-runner to connect to.
-ADD /gitlab-runner-wrapper /usr/local/bin/
+ADD /gitlab-runner-wrapper /podman-in-podman-maintenance /usr/local/bin/
 # Base image UTS NS configuration causes runner to break when launching
 # nested rootless containers.
 RUN sed -i -r \
         -e 's/^utsns.+host.*/utsns="private"/' \
         /etc/containers/containers.conf && \
     chmod +x /usr/local/bin/gitlab-runner-wrapper && \
+    chmod +x /usr/local/bin/podman-in-podman-maintenance && \
     chown -R podman.podman /home/podman && \
     rm -f /home/podman/.bash* && \
     echo DOCKER_HOST="unix:///tmp/podman-run-1000/podman/podman.sock" > /etc/profile.d/podman.sh

gitlab-runner-wrapper

@@ -1,5 +1,9 @@
 #!/bin/bash
 
+# This script is intended to be called as the entrypoint for
+# a podman-in-podman gitlab runner container.  Any usage
+# outside that context is not supported and may cause harm.
+
 set -e
 
 unset _debug_args
@@ -9,7 +13,8 @@ fi
 
 if [[ "$1" == "run" ]] && [[ ! -S "/tmp/podman-run-1000/podman/podman.sock" ]]; then
     podman $_debug_args system service -t 0 &
-    # Prevent SIGHUP propigation to podman process
+    /usr/local/bin/podman-in-podman-maintenance &
+    # Prevent SIGHUP propagation to podman process
     disown -ar
 fi
 

podman-in-podman-maintenance

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# This script is intended to be called by the entrypoint for
+# a podman-in-podman gitlab runner container.  Any usage
+# outside that context is not supported and may cause harm.
+
+set -e
+
+maintain_podman() {
+  # Two days seems to be a good happy-medium beween filling up
+  # about 40gig of storage space from moderate CI activity,
+  # and maintaining a useful level of caching.
+  while sleep 2d; do
+    if [[ -n "$PODMAN_RUNNER_DEBUG" ]]; then
+      echo "$(date --iso-8601=second) ${BASH_SOURCE[0] performing podman maintenance}"
+    fi
+    podman system prune --all --force
+  done
+}