ci: call cleanup role at the end of build image

Cosmian · Jun 15, 2024 · 96ec43f · 96ec43f
1 parent 5569c07
commit 96ec43f
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 3 deletions.
diff --git a/.github/workflows/nightly_clean.yml b/.github/workflows/nightly_clean.yml
@@ -18,5 +18,5 @@ jobs:
     secrets: inherit
 
   aws:
-    uses: ./.github/workflows/aws_main.yml
+    uses: ./.github/workflows/aws_clean.yml
     secrets: inherit
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,7 +6,7 @@ All notable changes to this project will be documented in this file.
 
 ### Bug Fixes
 
-- Upgrade base image to 0.1.5: clean all authorized_keys ([#139](https://github.com/Cosmian/cosmian_vm/pull/139))
+- Upgrade base image to 0.1.5: clean all authorized_keys and users ([#140](https://github.com/Cosmian/cosmian_vm/pull/140))
 
 ## [1.2.2] - 2024-06-13
 

diff --git a/ansible/README.md b/ansible/README.md
@@ -6,7 +6,9 @@
 
 ## [0.1.5] - 2024-06-15
 
-- RHEL/Ubuntu: clean all authorized_keys ([#139](https://github.com/Cosmian/cosmian_vm/pull/139))
+- Clean RHEL/Ubuntu after builds: ([#140](https://github.com/Cosmian/cosmian_vm/pull/140))
+  - clean all authorized_keys
+  - clean users
 
 ## [0.1.4] - 2024-06-12
 

diff --git a/ansible/roles/cleanup/tasks/main.yml b/ansible/roles/cleanup/tasks/main.yml
@@ -37,3 +37,20 @@
 - name: Display authorized_keys authorized_keys
   ansible.builtin.debug:
     var: authorized_keys
+
+- name: Gather all existing users
+  ansible.builtin.getent:
+    database: passwd
+  register: users_list
+
+- name: Define essential users
+  ansible.builtin.set_fact:
+    essential_users:
+      - root
+
+- name: Remove non-essential users
+  ansible.builtin.user:
+    name: "{{ item }}"
+    state: absent
+    remove: true
+  with_items: "{{ users_list.entries | map(attribute='name') | difference(essential_users) }}"