97
Do we have a community for computer architectures or computer science on this instance or anywhere else?
96
Untagging images from AWS ECR (without deleting be like
(programming.dev)
I had to go full Rube Goldberg to clean up old image tags from closed PRs, while still leaving deletion of untagged image to the ECR repo's own lifecycle policy. Never go full Rube Goldberg:
- https://stackoverflow.com/questions/70065254/remove-ecr-image-tag-despite-imagereferencedbymanifestlist-error
- https://github.com/aws/containers-roadmap/issues/1567
name: ECR Retention Policy
on:
pull_request:
types:
- closed
workflow_call:
workflow_dispatch:
jobs:
clean-unused-ecr:
name: Delete unused container images
runs-on: runs-on,runner=2cpu-linux-x64,run-id=${{ github.run_id }},image=ecr_login_image
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.RUNS_ON_AWS_REGION }}
- name: AWS ECR Login
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: AWS ECR Info
shell: bash
run: |
echo "ECR_REGISTRY=${{ steps.login-ecr.outputs.registry }}" >> $GITHUB_ENV
echo "ECR_REPO=$(basename ${{ github.repository }})" >> $GITHUB_ENV
- name: Docker meta
id: docker_meta
uses: docker/metadata-action@v5
with:
images: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPO }}
flavor: suffix=-
tags: type=raw,value=${{ github.head_ref || github.ref_name }}
# NOTE: This is convoluted because AWS ECR has no simple way to untag image without deletion
# given we want to leave deletion of untagged image to the ECR repo's own lifecycle policy
# https://stackoverflow.com/questions/70065254/remove-ecr-image-tag-despite-imagereferencedbymanifestlist-error
# https://github.com/aws/containers-roadmap/issues/1567
- name: AWS ECR Cleanup
shell: bash
run: |
REPO_EXISTS=$(aws ecr describe-repositories --repository-names $ECR_REPO 2>&1 || true)
if echo "${REPO_EXISTS}" | grep -q 'RepositoryNotFoundException'; then
echo "Repository not found, skipping cleanup."
exit 0
fi
IMAGE_TAGS=$(aws ecr list-images --repository-name $ECR_REPO --query 'imageIds[*].imageTag' --output text)
docker pull busybox
docker tag busybox $ECR_REGISTRY/$ECR_REPO:_
docker push $ECR_REGISTRY/$ECR_REPO:_
TEMP_IMAGE=$(
aws ecr batch-get-image \
--repository-name $ECR_REPO \
--image-ids imageTag=_ )
TEMP_MANIFEST=$(echo $TEMP_IMAGE | jq -r '.images[].imageManifest')
TEMP_DIGEST=$(echo $TEMP_IMAGE | jq -r '.images[].imageId.imageDigest')
TAG_PREFIX=$(echo ${{ fromJSON(steps.docker_meta.outputs.json).tags[0] }} | cut -d: -f2)
for TAG in $IMAGE_TAGS
do
if [[ $TAG == $TAG_PREFIX* ]]; then
docker tag busybox $ECR_REGISTRY/$ECR_REPO:$TAG
docker push $ECR_REGISTRY/$ECR_REPO:$TAG
echo "Untaged image $TAG"
fi
done
# Delete the temporary image by digest
aws ecr batch-delete-image \
--repository-name $ECR_REPO \
--image-ids imageDigest=$TEMP_DIGEST
403
Pro tip: If you check the conical URL (youtube.com) first, the Lemmy web UI will help catch reposts before they are accidentally submitted.
I switched from using the short (e.g youtube.be) or external URL mirrors for that same reason, and just let the bots comment with privacy mirrors for those who prefer. Using the conical URL, aside from cross post detection, also ensures the thumbnail image and preview text get cached consistently.
Can you imagine the eye strain one would get programming on a translucent screen every day? One where your always having to keep your eyes focused on semi transparent text and graphical interfaces in the foreground, and not the distracting and ever changing background, continuously shifting in parallax as you adjust your head and viewing angle. Not having my display buttressed up against a wall, or having to deal with glare and screen reflections, or even low contrast monitors in general are all things I find infuriating already.
But I guess the Sci-Fi future of ergonomics is holograms. *You must have your migraines, and you must enjoy them.
Could go the other way though. Ask them nicely if they'd be willing to free up their heap of inventory, and if they return you a cart overflow, you know you've stumbled upon the ultimate zero day coupon.
scrambling to lock their doors
From a consumer perspective, it seems like all the FANG conglomerates are trying to shut the stable door after the AI horse has bolted, but perhaps from an industry perspective, their just trying to pull up the ladder behind themselves to curb competition, or stall any emerging upstarts, just like most FANGs where themselves only decades ago.
Yeah, I found the discussions on HN and the debates in the Google group mailing list ("Intent to Prototype: Web environment integrity API") much more interesting, but didn't hot link the latter in the OP post to limit brigading. Although that mail list archive is made publicly accessable.
I think the comment that the_lego is replying to also highlights the false equivalency of calling the anti-WEI crowd as criminals, as was not a good look for Google.
They have apologized for using the word criminals & bullies in a broader context and I appreciate that. However, the initial part of the comment is very telling of how they view those who oppose.
Related:
- Is Web Environment Integrity a risk to the accessibility of the Internet?
- Google’s nightmare “Web Integrity API” wants a DRM gatekeeper for the web
- Mozilla opposes Web Integrity API proposal
This proposed standard raises my concerns about the ability to continue using the public internet with user-preferred hardware/software and custom extensions, and does not instill my confidence in maintaining the level of freedom and accessibility users currently enjoy:
Some examples of scenarios where users depend on client trust include:
- Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they're human, sometimes through tasks like challenges or logins.
What information is in the signed attestation?
The proposal calls for at least the following information in the signed attestation:
- The attester's identity, for example, "Google Play".
- A verdict saying whether the attester considers the device trustworthy.
How does this affect browser modifications and extensions?
Web Environment Integrity attests the legitimacy of the underlying hardware and software stack, it does not restrict the indicated application’s functionality: E.g. if the browser allows extensions, the user may use extensions; if a browser is modified, the modified browser can still request Web Environment Integrity attestation.
Image transcription: Screenshot
A wide crop of a screenshot zoomed in on r/place's pixel canvas, where a white on black pixelated font reads:
never forget what
was stolen from you!
r/save3rdpartyapps
With the slogan boarded on the right by the r/blind logo (a snoo wearing sunglasses, holding a cane, standing next to a guide dog). The small p.d logo for programming.dev is squarely tucked above and to the left of RBlind's snoo. Lastly, boarded along the bottom is a row of third party Reddit app icons, from left to right:
- Apollo
- ?
- Boost for Reddit
- ?
...
13. Reddit is Fun
14. Sync for Reddit
I'm a human volunteer content transcriber and you could be too!
view more: next ›
Similarly reported (in more detail) by TechCrunch: