1
#!/usr/bin/env bash
2
#
3
# Delete ALL CodeQL Actions caches.
4
#
5
# CodeQL's default setup creates a new cache per commit and never reaps old
6
# ones. We reclaim the entire CodeQL slice of the 10 GiB per-repo budget.
7
# CodeQL continues to work without a cache — it just re-fetches on each run.
8
#
9
# Requires GH_TOKEN with `actions: write`. Default is dry-run; pass --delete
10
# to actually remove caches.
11

12
set -euo pipefail
13

14
DELETE=0
15
if [[ "${1:-}" == "--delete" ]]; then
16
  DELETE=1
17
fi
18

19
mapfile -t rows < <(
20
  gh cache list --key "codeql" --limit 1000 \
21
    --json id,key,createdAt \
22
    --jq '.[] | [.id, .key, .createdAt] | @tsv'
23
)
24

25
echo "CodeQL caches found: ${#rows[@]}"
26

27
deleted=0
28
for row in "${rows[@]}"; do
29
  IFS=$'\t' read -r id key created <<<"$row"
30

31
  if (( DELETE )); then
32
    if out=$(gh cache delete "$id" 2>&1); then
33
      echo "deleted id=$id key=$key"
34
    elif printf '%s' "$out" | grep -qi 'not found\|HTTP 404'; then
35
      echo "already gone id=$id key=$key"
36
    else
37
      echo "::warning::failed to delete id=$id: $out"
38
      continue
39
    fi
40
  else
41
    echo "would delete id=$id key=$key ($created)"
42
  fi
43
  deleted=$((deleted + 1))
44
done
45

46
echo
47
echo "Total $( (( DELETE )) && echo removed || echo to remove ): $deleted"
48
(( DELETE )) || echo "(dry run — re-run with --delete to apply)"
49

50