From 8066716b67769517a715a55956ccbaccd8de79f4 Mon Sep 17 00:00:00 2001
From: Chris Evich <cevich@redhat.com>
Date: Thu, 10 Nov 2022 14:19:09 -0500
Subject: [PATCH] Add background cleanup process

When given the "run" argument, in addition to launching `podman system
service` in the background, also start a small periodic maintenance
script.  It's only job is to clean up stale images, containers, and
volumes from old jobs.  Currently hard-coded to trigger every 2 days,
this could be tweaked via build-args or env. var.

Signed-off-by: Chris Evich <cevich@redhat.com>
---
 Containerfile                |  3 ++-
 gitlab-runner-wrapper        |  7 ++++++-
 podman-in-podman-maintenance | 19 +++++++++++++++++++
 3 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 podman-in-podman-maintenance

diff --git a/Containerfile b/Containerfile
index 5d6362a..438ebd6 100644
--- a/Containerfile
+++ b/Containerfile
@@ -86,13 +86,14 @@ RUN if [[ "$RUNNER_LISTEN_ADDRESS" == "disabled" ]]; then \
 
 # A small wrapper is needed to launch a background podman system service
 # process for the gitlab-runner to connect to.
-ADD /gitlab-runner-wrapper /usr/local/bin/
+ADD /gitlab-runner-wrapper /podman-in-podman-maintenance /usr/local/bin/
 # Base image UTS NS configuration causes runner to break when launching
 # nested rootless containers.
 RUN sed -i -r \
         -e 's/^utsns.+host.*/utsns="private"/' \
         /etc/containers/containers.conf && \
     chmod +x /usr/local/bin/gitlab-runner-wrapper && \
+    chmod +x /usr/local/bin/podman-in-podman-maintenance && \
     chown -R podman.podman /home/podman && \
     rm -f /home/podman/.bash* && \
     echo DOCKER_HOST="unix:///tmp/podman-run-1000/podman/podman.sock" > /etc/profile.d/podman.sh
diff --git a/gitlab-runner-wrapper b/gitlab-runner-wrapper
index d321e74..cfa2a8f 100644
--- a/gitlab-runner-wrapper
+++ b/gitlab-runner-wrapper
@@ -1,5 +1,9 @@
 #!/bin/bash
 
+# This script is intended to be called as the entrypoint for
+# a podman-in-podman gitlab runner container.  Any usage
+# outside that context is not supported and may cause harm.
+
 set -e
 
 unset _debug_args
@@ -9,7 +13,8 @@ fi
 
 if [[ "$1" == "run" ]] && [[ ! -S "/tmp/podman-run-1000/podman/podman.sock" ]]; then
     podman $_debug_args system service -t 0 &
-    # Prevent SIGHUP propigation to podman process
+    /usr/local/bin/podman-in-podman-maintenance &
+    # Prevent SIGHUP propagation to podman process
     disown -ar
 fi
 
diff --git a/podman-in-podman-maintenance b/podman-in-podman-maintenance
new file mode 100644
index 0000000..8dfbbb4
--- /dev/null
+++ b/podman-in-podman-maintenance
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# This script is intended to be called by the entrypoint for
+# a podman-in-podman gitlab runner container.  Any usage
+# outside that context is not supported and may cause harm.
+
+set -e
+
+maintain_podman() {
+  # Two days seems to be a good happy-medium beween filling up
+  # about 40gig of storage space from moderate CI activity,
+  # and maintaining a useful level of caching.
+  while sleep 2d; do
+    if [[ -n "$PODMAN_RUNNER_DEBUG" ]]; then
+      echo "$(date --iso-8601=second) ${BASH_SOURCE[0] performing podman maintenance}"
+    fi
+    podman system prune --all --force
+  done
+}