tenseleyflow/shithub / 8cc4d79

+	"github.com/tenseleyFlow/shithub/internal/actions/cleanup"

+		p.Register(cleanup.KindWorkflowCleanup, cleanup.Handler(cleanup.Deps{

+			Pool: pool, ObjectStore: objectStore, Logger: logger,

+		}))

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+// Package cleanup owns background retention for Actions data that should not

+// live forever: hot log chunks, expired artifact metadata/blob objects,

+// terminal workflow runs, and consumed runner JWT audit rows.

+package cleanup

+

+import (

+	"context"

+	"encoding/json"

+	"errors"

+	"fmt"

+	"log/slog"

+	"strings"

+	"time"

+

+	"github.com/jackc/pgx/v5/pgtype"

+	"github.com/jackc/pgx/v5/pgxpool"

+

+	actionsdb "github.com/tenseleyFlow/shithub/internal/actions/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/infra/metrics"

+	"github.com/tenseleyFlow/shithub/internal/infra/storage"

+	"github.com/tenseleyFlow/shithub/internal/worker"

+)

+

+// KindWorkflowCleanup names the worker job that applies Actions retention.

+const KindWorkflowCleanup worker.Kind = "workflow:cleanup"

+

+const (

+	defaultStepLogChunkDays = 7

+	defaultRunDays          = 365

+	defaultJWTUsedDays      = 30

+	defaultArtifactBatch    = 1000

+	maxArtifactBatch        = 10000

+	actionsRunsPrefix       = "actions/runs/"

+)

+

+// Payload is the workflow:cleanup worker payload. Zero values select the

+// production defaults documented in docs/internal/actions-schema.md.

+type Payload struct {

+	StepLogChunkDays int `json:"step_log_chunk_days,omitempty"`

+	RunDays          int `json:"run_days,omitempty"`

+	JWTUsedDays      int `json:"jwt_used_days,omitempty"`

+	ArtifactBatch    int `json:"artifact_batch,omitempty"`

+}

+

+// Deps are the runtime dependencies for Handler.

+type Deps struct {

+	Pool        *pgxpool.Pool

+	ObjectStore storage.ObjectStore

+	Logger      *slog.Logger

+	Now         func() time.Time

+}

+

+// Result summarizes one cleanup sweep.

+type Result struct {

+	ChunksDeleted          int64

+	ArtifactRowsDeleted    int64

+	ArtifactObjectsDeleted int64

+	RunsDeleted            int64

+	JWTUsedDeleted         int64

+}

+

+// Handler returns the worker handler for workflow:cleanup.

+func Handler(deps Deps) worker.Handler {

+	return func(ctx context.Context, raw json.RawMessage) error {

+		var p Payload

+		if len(raw) > 0 {

+			if err := json.Unmarshal(raw, &p); err != nil {

+				return worker.PoisonError(fmt.Errorf("workflow cleanup: bad payload: %w", err))

+			}

+		}

+		res, err := Sweep(ctx, deps, p)

+		if err != nil {

+			return err

+		}

+		if deps.Logger != nil {

+			deps.Logger.InfoContext(ctx, "workflow cleanup complete",

+				"chunks_deleted", res.ChunksDeleted,

+				"artifact_rows_deleted", res.ArtifactRowsDeleted,

+				"artifact_objects_deleted", res.ArtifactObjectsDeleted,

+				"runs_deleted", res.RunsDeleted,

+				"jwt_used_deleted", res.JWTUsedDeleted)

+		}

+		return nil

+	}

+}

+

+// Sweep applies Actions retention once.

+func Sweep(ctx context.Context, deps Deps, p Payload) (Result, error) {

+	if deps.Pool == nil {

+		return Result{}, worker.PoisonError(errors.New("workflow cleanup: database pool is not configured"))

+	}

+	if err := normalizePayload(&p); err != nil {

+		return Result{}, worker.PoisonError(err)

+	}

+	now := time.Now().UTC()

+	if deps.Now != nil {

+		now = deps.Now().UTC()

+	}

+	q := actionsdb.New()

+	res := Result{}

+

+	stepCutoff := pgtype.Timestamptz{Time: now.Add(-time.Duration(p.StepLogChunkDays) * 24 * time.Hour), Valid: true}

+	n, err := q.DeleteStaleStepLogChunksForCleanup(ctx, deps.Pool, stepCutoff)

+	if err != nil {

+		return Result{}, fmt.Errorf("workflow cleanup: delete stale log chunks: %w", err)

+	}

+	res.ChunksDeleted = n

+	recordPruned("chunks", n)

+

+	artifactCutoff := pgtype.Timestamptz{Time: now, Valid: true}

+	artifactRes, err := pruneExpiredArtifacts(ctx, q, deps, artifactCutoff, int32(p.ArtifactBatch))

+	if err != nil {

+		return Result{}, err

+	}

+	res.ArtifactRowsDeleted = artifactRes.ArtifactRowsDeleted

+	res.ArtifactObjectsDeleted = artifactRes.ArtifactObjectsDeleted

+	recordPruned("blobs", artifactRes.ArtifactObjectsDeleted)

+

+	runCutoff := pgtype.Timestamptz{Time: now.Add(-time.Duration(p.RunDays) * 24 * time.Hour), Valid: true}

+	n, err = q.DeleteOldWorkflowRunsForCleanup(ctx, deps.Pool, runCutoff)

+	if err != nil {

+		return Result{}, fmt.Errorf("workflow cleanup: delete old workflow runs: %w", err)

+	}

+	res.RunsDeleted = n

+	recordPruned("runs", n)

+

+	jwtCutoff := pgtype.Timestamptz{Time: now.Add(-time.Duration(p.JWTUsedDays) * 24 * time.Hour), Valid: true}

+	n, err = q.DeleteOldRunnerJWTUsesForCleanup(ctx, deps.Pool, jwtCutoff)

+	if err != nil {

+		return Result{}, fmt.Errorf("workflow cleanup: delete old runner JWT uses: %w", err)

+	}

+	res.JWTUsedDeleted = n

+	recordPruned("jwt_used", n)

+

+	return res, nil

+}

+

+func normalizePayload(p *Payload) error {

+	if p.StepLogChunkDays < 0 || p.RunDays < 0 || p.JWTUsedDays < 0 || p.ArtifactBatch < 0 {

+		return errors.New("workflow cleanup: retention values must be non-negative")

+	}

+	if p.StepLogChunkDays == 0 {

+		p.StepLogChunkDays = defaultStepLogChunkDays

+	}

+	if p.RunDays == 0 {

+		p.RunDays = defaultRunDays

+	}

+	if p.JWTUsedDays == 0 {

+		p.JWTUsedDays = defaultJWTUsedDays

+	}

+	if p.ArtifactBatch == 0 {

+		p.ArtifactBatch = defaultArtifactBatch

+	}

+	if p.ArtifactBatch > maxArtifactBatch {

+		return fmt.Errorf("workflow cleanup: artifact_batch must be <= %d", maxArtifactBatch)

+	}

+	return nil

+}

+

+func pruneExpiredArtifacts(

+	ctx context.Context,

+	q *actionsdb.Queries,

+	deps Deps,

+	cutoff pgtype.Timestamptz,

+	batch int32,

+) (Result, error) {

+	if deps.ObjectStore == nil {

+		if deps.Logger != nil {

+			deps.Logger.WarnContext(ctx, "workflow cleanup: object storage not configured; skipping artifact pruning")

+		}

+		return Result{}, nil

+	}

+

+	var res Result

+	for {

+		rows, err := q.ListExpiredWorkflowArtifactsForCleanup(ctx, deps.Pool, actionsdb.ListExpiredWorkflowArtifactsForCleanupParams{

+			ExpiresAt: cutoff,

+			Limit:     batch,

+		})

+		if err != nil {

+			return Result{}, fmt.Errorf("workflow cleanup: list expired artifacts: %w", err)

+		}

+		if len(rows) == 0 {

+			return res, nil

+		}

+

+		ids := make([]int64, 0, len(rows))

+		for _, row := range rows {

+			if !strings.HasPrefix(row.ObjectKey, actionsRunsPrefix) {

+				return Result{}, fmt.Errorf("workflow cleanup: refusing to delete non-actions object key %q", row.ObjectKey)

+			}

+			if err := deps.ObjectStore.Delete(ctx, row.ObjectKey); err != nil {

+				return Result{}, fmt.Errorf("workflow cleanup: delete artifact object %q: %w", row.ObjectKey, err)

+			}

+			res.ArtifactObjectsDeleted++

+			ids = append(ids, row.ID)

+		}

+

+		deleted, err := q.DeleteWorkflowArtifactsByIDs(ctx, deps.Pool, ids)

+		if err != nil {

+			return Result{}, fmt.Errorf("workflow cleanup: delete artifact rows: %w", err)

+		}

+		res.ArtifactRowsDeleted += deleted

+		if len(rows) < int(batch) {

+			return res, nil

+		}

+	}

+}

+

+func recordPruned(kind string, n int64) {

+	if n <= 0 {

+		return

+	}

+	metrics.ActionsRunsPrunedTotal.WithLabelValues(kind).Add(float64(n))

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package cleanup

+

+import (

+	"context"

+	"errors"

+	"strconv"

+	"strings"

+	"testing"

+	"time"

+

+	"github.com/jackc/pgx/v5"

+	"github.com/jackc/pgx/v5/pgtype"

+	"github.com/jackc/pgx/v5/pgxpool"

+

+	actionsdb "github.com/tenseleyFlow/shithub/internal/actions/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/infra/storage"

+	reposdb "github.com/tenseleyFlow/shithub/internal/repos/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/testing/dbtest"

+	usersdb "github.com/tenseleyFlow/shithub/internal/users/sqlc"

+)

+

+const cleanupFixtureHash = "$argon2id$v=19$m=16384,t=1,p=1$" +

+	"AAAAAAAAAAAAAAAA$" +

+	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

+

+func TestSweepPrunesActionsRetentionSurfaces(t *testing.T) {

+	ctx := context.Background()

+	pool := dbtest.NewTestDB(t)

+	store := storage.NewMemoryStore()

+	now := time.Date(2026, 5, 12, 3, 30, 0, 0, time.UTC)

+

+	repoID, userID := insertCleanupRepo(t, pool)

+	q := actionsdb.New()

+

+	chunkRun, oldChunkStep := insertCleanupRunJobStep(t, pool, repoID, userID, 1)

+	setRunTerminal(t, pool, chunkRun.ID, now.Add(-90*24*time.Hour), true)

+	setStepTerminal(t, pool, oldChunkStep.ID, now.Add(-8*24*time.Hour))

+	appendChunk(t, pool, oldChunkStep.ID, 0, "old chunk")

+

+	_, recentChunkStep := insertCleanupRunJobStep(t, pool, repoID, userID, 2)

+	setStepTerminal(t, pool, recentChunkStep.ID, now.Add(-2*24*time.Hour))

+	appendChunk(t, pool, recentChunkStep.ID, 0, "recent chunk")

+

+	artifactRun, _ := insertCleanupRunJobStep(t, pool, repoID, userID, 3)

+	artifactKey := "actions/runs/" + strconv.FormatInt(artifactRun.ID, 10) + "/artifacts/pkg.tgz"

+	if _, err := store.Put(ctx, artifactKey, strings.NewReader("artifact"), storage.PutOpts{}); err != nil {

+		t.Fatalf("store.Put artifact: %v", err)

+	}

+	artifact, err := q.InsertArtifact(ctx, pool, actionsdb.InsertArtifactParams{

+		RunID:     artifactRun.ID,

+		Name:      "pkg.tgz",

+		ObjectKey: artifactKey,

+		ByteCount: 8,

+		ExpiresAt: pgtype.Timestamptz{

+			Time:  now.Add(-24 * time.Hour),

+			Valid: true,

+		},

+	})

+	if err != nil {

+		t.Fatalf("InsertArtifact: %v", err)

+	}

+

+	oldRun, _ := insertCleanupRunJobStep(t, pool, repoID, userID, 4)

+	setRunTerminal(t, pool, oldRun.ID, now.Add(-366*24*time.Hour), false)

+	pinnedRun, _ := insertCleanupRunJobStep(t, pool, repoID, userID, 5)

+	setRunTerminal(t, pool, pinnedRun.ID, now.Add(-366*24*time.Hour), true)

+

+	jwtRun, jwtJobStep := insertCleanupRunJobStep(t, pool, repoID, userID, 6)

+	runner, err := q.InsertRunner(ctx, pool, actionsdb.InsertRunnerParams{

+		Name:               "runner-retention",

+		Labels:             []string{"ubuntu-latest"},

+		Capacity:           1,

+		RegisteredByUserID: pgtype.Int8{Int64: userID, Valid: true},

+	})

+	if err != nil {

+		t.Fatalf("InsertRunner: %v", err)

+	}

+	if _, err := q.MarkRunnerJWTUsed(ctx, pool, actionsdb.MarkRunnerJWTUsedParams{

+		Jti:       "old-jti-000000000",

+		RunnerID:  runner.ID,

+		JobID:     jwtJobStep.JobID,

+		RunID:     jwtRun.ID,

+		RepoID:    repoID,

+		ExpiresAt: pgtype.Timestamptz{Time: now.Add(-31 * 24 * time.Hour), Valid: true},

+	}); err != nil {

+		t.Fatalf("MarkRunnerJWTUsed old: %v", err)

+	}

+	if _, err := q.MarkRunnerJWTUsed(ctx, pool, actionsdb.MarkRunnerJWTUsedParams{

+		Jti:       "recent-jti-000000",

+		RunnerID:  runner.ID,

+		JobID:     jwtJobStep.JobID,

+		RunID:     jwtRun.ID,

+		RepoID:    repoID,

+		ExpiresAt: pgtype.Timestamptz{Time: now.Add(-24 * time.Hour), Valid: true},

+	}); err != nil {

+		t.Fatalf("MarkRunnerJWTUsed recent: %v", err)

+	}

+

+	res, err := Sweep(ctx, Deps{Pool: pool, ObjectStore: store, Now: func() time.Time { return now }}, Payload{})

+	if err != nil {

+		t.Fatalf("Sweep: %v", err)

+	}

+	if res.ChunksDeleted != 1 || res.ArtifactRowsDeleted != 1 || res.ArtifactObjectsDeleted != 1 ||

+		res.RunsDeleted != 1 || res.JWTUsedDeleted != 1 {

+		t.Fatalf("unexpected cleanup result: %+v", res)

+	}

+

+	oldChunks, err := q.ListAllStepLogChunksForStep(ctx, pool, oldChunkStep.ID)

+	if err != nil {

+		t.Fatalf("ListAllStepLogChunksForStep old: %v", err)

+	}

+	if len(oldChunks) != 0 {

+		t.Fatalf("old chunks survived: %+v", oldChunks)

+	}

+	recentChunks, err := q.ListAllStepLogChunksForStep(ctx, pool, recentChunkStep.ID)

+	if err != nil {

+		t.Fatalf("ListAllStepLogChunksForStep recent: %v", err)

+	}

+	if len(recentChunks) != 1 {

+		t.Fatalf("recent chunks pruned: %+v", recentChunks)

+	}

+	if _, _, err := store.Get(ctx, artifactKey); !errors.Is(err, storage.ErrNotFound) {

+		t.Fatalf("artifact object: got %v, want not found", err)

+	}

+	if _, err := q.GetArtifactByID(ctx, pool, artifact.ID); !errors.Is(err, pgx.ErrNoRows) {

+		t.Fatalf("artifact row: got %v, want no rows", err)

+	}

+	if _, err := q.GetWorkflowRunByID(ctx, pool, oldRun.ID); !errors.Is(err, pgx.ErrNoRows) {

+		t.Fatalf("old run: got %v, want no rows", err)

+	}

+	if _, err := q.GetWorkflowRunByID(ctx, pool, pinnedRun.ID); err != nil {

+		t.Fatalf("pinned run pruned: %v", err)

+	}

+	assertJWTUsedExists(t, pool, "old-jti-000000000", false)

+	assertJWTUsedExists(t, pool, "recent-jti-000000", true)

+}

+

+func insertCleanupRepo(t *testing.T, pool *pgxpool.Pool) (int64, int64) {

+	t.Helper()

+	ctx := context.Background()

+	user, err := usersdb.New().CreateUser(ctx, pool, usersdb.CreateUserParams{

+		Username:     "retention-alice",

+		DisplayName:  "Retention Alice",

+		PasswordHash: cleanupFixtureHash,

+	})

+	if err != nil {

+		t.Fatalf("CreateUser: %v", err)

+	}

+	repo, err := reposdb.New().CreateRepo(ctx, pool, reposdb.CreateRepoParams{

+		OwnerUserID:   pgtype.Int8{Int64: user.ID, Valid: true},

+		Name:          "retention-demo",

+		DefaultBranch: "trunk",

+		Visibility:    reposdb.RepoVisibilityPublic,

+	})

+	if err != nil {

+		t.Fatalf("CreateRepo: %v", err)

+	}

+	return repo.ID, user.ID

+}

+

+func insertCleanupRunJobStep(t *testing.T, pool *pgxpool.Pool, repoID, userID, runIndex int64) (actionsdb.WorkflowRun, actionsdb.WorkflowStep) {

+	t.Helper()

+	ctx := context.Background()

+	q := actionsdb.New()

+	run, err := q.InsertWorkflowRun(ctx, pool, actionsdb.InsertWorkflowRunParams{

+		RepoID:       repoID,

+		RunIndex:     runIndex,

+		WorkflowFile: ".shithub/workflows/ci.yml",

+		WorkflowName: "ci",

+		HeadSha:      strings.Repeat("a", 40),

+		HeadRef:      "refs/heads/trunk",

+		Event:        actionsdb.WorkflowRunEventPush,

+		EventPayload: []byte(`{}`),

+		ActorUserID:  pgtype.Int8{Int64: userID, Valid: true},

+	})

+	if err != nil {

+		t.Fatalf("InsertWorkflowRun: %v", err)

+	}

+	job, err := q.InsertWorkflowJob(ctx, pool, actionsdb.InsertWorkflowJobParams{

+		RunID:          run.ID,

+		JobIndex:       0,

+		JobKey:         "build",

+		JobName:        "build",

+		RunsOn:         "ubuntu-latest",

+		NeedsJobs:      []string{},

+		TimeoutMinutes: 360,

+		Permissions:    []byte(`{}`),

+		JobEnv:         []byte(`{}`),

+	})

+	if err != nil {

+		t.Fatalf("InsertWorkflowJob: %v", err)

+	}

+	step, err := q.InsertWorkflowStep(ctx, pool, actionsdb.InsertWorkflowStepParams{

+		JobID:            job.ID,

+		StepIndex:        0,

+		StepName:         "test",

+		RunCommand:       "go test ./...",

+		StepEnv:          []byte(`{}`),

+		WorkingDirectory: "",

+		StepWith:         []byte(`{}`),

+	})

+	if err != nil {

+		t.Fatalf("InsertWorkflowStep: %v", err)

+	}

+	return run, step

+}

+

+func setRunTerminal(t *testing.T, pool *pgxpool.Pool, runID int64, completedAt time.Time, pinned bool) {

+	t.Helper()

+	_, err := pool.Exec(context.Background(), `

+		UPDATE workflow_runs

+		SET status = 'completed',

+		    conclusion = 'success',

+		    pinned = $2,

+		    started_at = $3,

+		    completed_at = $3,

+		    updated_at = now()

+		WHERE id = $1

+	`, runID, pinned, completedAt)

+	if err != nil {

+		t.Fatalf("setRunTerminal: %v", err)

+	}

+}

+

+func setStepTerminal(t *testing.T, pool *pgxpool.Pool, stepID int64, completedAt time.Time) {

+	t.Helper()

+	if _, err := actionsdb.New().UpdateWorkflowStepStatus(context.Background(), pool, actionsdb.UpdateWorkflowStepStatusParams{

+		ID:          stepID,

+		Status:      actionsdb.WorkflowStepStatusCompleted,

+		Conclusion:  actionsdb.NullCheckConclusion{CheckConclusion: actionsdb.CheckConclusionSuccess, Valid: true},

+		StartedAt:   pgtype.Timestamptz{Time: completedAt.Add(-time.Minute), Valid: true},

+		CompletedAt: pgtype.Timestamptz{Time: completedAt, Valid: true},

+	}); err != nil {

+		t.Fatalf("UpdateWorkflowStepStatus: %v", err)

+	}

+}

+

+func appendChunk(t *testing.T, pool *pgxpool.Pool, stepID int64, seq int32, body string) {

+	t.Helper()

+	if _, err := actionsdb.New().AppendStepLogChunk(context.Background(), pool, actionsdb.AppendStepLogChunkParams{

+		StepID: stepID,

+		Seq:    seq,

+		Chunk:  []byte(body),

+	}); err != nil {

+		t.Fatalf("AppendStepLogChunk: %v", err)

+	}

+}

+

+func assertJWTUsedExists(t *testing.T, pool *pgxpool.Pool, jti string, want bool) {

+	t.Helper()

+	var exists bool

+	if err := pool.QueryRow(context.Background(), `SELECT EXISTS(SELECT 1 FROM runner_jwt_used WHERE jti = $1)`, jti).Scan(&exists); err != nil {

+		t.Fatalf("query runner_jwt_used %s: %v", jti, err)

+	}

+	if exists != want {

+		t.Fatalf("runner_jwt_used %s exists=%t, want %t", jti, exists, want)

+	}

+}

+-- name: DeleteOldRunnerJWTUsesForCleanup :execrows

+DELETE FROM runner_jwt_used WHERE expires_at < $1;

+-- name: ListExpiredWorkflowArtifactsForCleanup :many

+SELECT id, object_key

+FROM workflow_artifacts

+WHERE expires_at < $1

+  AND object_key LIKE 'actions/runs/%'

+ORDER BY expires_at ASC, id ASC

+LIMIT $2;

+

+-- name: DeleteWorkflowArtifactsByIDs :execrows

+DELETE FROM workflow_artifacts

+WHERE id = ANY($1::bigint[]);

+

+-- name: DeleteOldWorkflowRunsForCleanup :execrows

+DELETE FROM workflow_runs

+WHERE pinned = false

+  AND status IN ('completed', 'cancelled')

+  AND completed_at IS NOT NULL

+  AND completed_at < $1;

+

+-- name: DeleteStaleStepLogChunksForCleanup :execrows

+DELETE FROM workflow_step_log_chunks c

+USING workflow_steps s

+WHERE c.step_id = s.id

+  AND s.status IN ('completed', 'cancelled', 'skipped')

+  AND s.completed_at IS NOT NULL

+  AND s.completed_at < $1;

+	DeleteOldRunnerJWTUsesForCleanup(ctx context.Context, db DBTX, expiresAt pgtype.Timestamptz) (int64, error)

+	DeleteOldWorkflowRunsForCleanup(ctx context.Context, db DBTX, completedAt pgtype.Timestamptz) (int64, error)

+	DeleteStaleStepLogChunksForCleanup(ctx context.Context, db DBTX, completedAt pgtype.Timestamptz) (int64, error)

+	DeleteWorkflowArtifactsByIDs(ctx context.Context, db DBTX, dollar_1 []int64) (int64, error)

+	ListExpiredWorkflowArtifactsForCleanup(ctx context.Context, db DBTX, arg ListExpiredWorkflowArtifactsForCleanupParams) ([]ListExpiredWorkflowArtifactsForCleanupRow, error)

+const deleteOldRunnerJWTUsesForCleanup = `-- name: DeleteOldRunnerJWTUsesForCleanup :execrows

+DELETE FROM runner_jwt_used WHERE expires_at < $1

+func (q *Queries) DeleteOldRunnerJWTUsesForCleanup(ctx context.Context, db DBTX, expiresAt pgtype.Timestamptz) (int64, error) {

+	result, err := db.Exec(ctx, deleteOldRunnerJWTUsesForCleanup, expiresAt)

+	if err != nil {

+		return 0, err

+	}

+	return result.RowsAffected(), nil

+const deleteWorkflowArtifactsByIDs = `-- name: DeleteWorkflowArtifactsByIDs :execrows

+DELETE FROM workflow_artifacts

+WHERE id = ANY($1::bigint[])

+func (q *Queries) DeleteWorkflowArtifactsByIDs(ctx context.Context, db DBTX, dollar_1 []int64) (int64, error) {

+	result, err := db.Exec(ctx, deleteWorkflowArtifactsByIDs, dollar_1)

+		return 0, err

+	return result.RowsAffected(), nil

+

+const listExpiredWorkflowArtifactsForCleanup = `-- name: ListExpiredWorkflowArtifactsForCleanup :many

+SELECT id, object_key

+FROM workflow_artifacts

+WHERE expires_at < $1

+  AND object_key LIKE 'actions/runs/%'

+ORDER BY expires_at ASC, id ASC

+LIMIT $2

+`

+

+type ListExpiredWorkflowArtifactsForCleanupParams struct {

+	ExpiresAt pgtype.Timestamptz

+	Limit     int32

+}

+

+type ListExpiredWorkflowArtifactsForCleanupRow struct {

+	ID        int64

+	ObjectKey string

+}

+

+func (q *Queries) ListExpiredWorkflowArtifactsForCleanup(ctx context.Context, db DBTX, arg ListExpiredWorkflowArtifactsForCleanupParams) ([]ListExpiredWorkflowArtifactsForCleanupRow, error) {

+	rows, err := db.Query(ctx, listExpiredWorkflowArtifactsForCleanup, arg.ExpiresAt, arg.Limit)

+	if err != nil {

+		return nil, err

+	}

+	defer rows.Close()

+	items := []ListExpiredWorkflowArtifactsForCleanupRow{}

+	for rows.Next() {

+		var i ListExpiredWorkflowArtifactsForCleanupRow

+		if err := rows.Scan(&i.ID, &i.ObjectKey); err != nil {

+			return nil, err

+		}

+		items = append(items, i)

+	}

+	if err := rows.Err(); err != nil {

+		return nil, err

+	}

+	return items, nil

+}

+const deleteOldWorkflowRunsForCleanup = `-- name: DeleteOldWorkflowRunsForCleanup :execrows

+DELETE FROM workflow_runs

+WHERE pinned = false

+  AND status IN ('completed', 'cancelled')

+  AND completed_at IS NOT NULL

+  AND completed_at < $1

+`

+

+func (q *Queries) DeleteOldWorkflowRunsForCleanup(ctx context.Context, db DBTX, completedAt pgtype.Timestamptz) (int64, error) {

+	result, err := db.Exec(ctx, deleteOldWorkflowRunsForCleanup, completedAt)

+	if err != nil {

+		return 0, err

+	}

+	return result.RowsAffected(), nil

+}

+

+const deleteStaleStepLogChunksForCleanup = `-- name: DeleteStaleStepLogChunksForCleanup :execrows

+DELETE FROM workflow_step_log_chunks c

+USING workflow_steps s

+WHERE c.step_id = s.id

+  AND s.status IN ('completed', 'cancelled', 'skipped')

+  AND s.completed_at IS NOT NULL

+  AND s.completed_at < $1

+`

+

+func (q *Queries) DeleteStaleStepLogChunksForCleanup(ctx context.Context, db DBTX, completedAt pgtype.Timestamptz) (int64, error) {

+	result, err := db.Exec(ctx, deleteStaleStepLogChunksForCleanup, completedAt)

+	if err != nil {

+		return 0, err

+	}

+	return result.RowsAffected(), nil

+}

+

+	ActionsRunsPrunedTotal = prometheus.NewCounterVec(

+		prometheus.CounterOpts{

+			Name: "shithub_actions_runs_pruned_total",

+			Help: "Total Actions retention deletions by kind (chunks, blobs, runs, jwt_used).",

+		},

+		[]string{"kind"},

+	)

+		ActionsRunsPrunedTotal,

+-- SPDX-License-Identifier: AGPL-3.0-or-later

+--

+-- S41g retention sweep support. The cleanup worker walks terminal

+-- Actions rows by completion time, so give it narrow indexes that do

+-- not bloat the hot queued/running paths.

+

+-- +goose Up

+

+CREATE INDEX workflow_steps_retention_idx

+    ON workflow_steps (completed_at)

+    WHERE completed_at IS NOT NULL

+      AND status IN ('completed', 'cancelled', 'skipped');

+

+CREATE INDEX workflow_runs_retention_idx

+    ON workflow_runs (completed_at)

+    WHERE pinned = false

+      AND completed_at IS NOT NULL

+      AND status IN ('completed', 'cancelled');

+

+-- +goose Down

+

+DROP INDEX IF EXISTS workflow_runs_retention_idx;

+DROP INDEX IF EXISTS workflow_steps_retention_idx;