Add ability to cleanup untracked CI secure files in object storage

Michael Kozonorequested to merge
mk/add-cleanup-untracked-ci-secure-files into master

What does this MR do and why?

Add ability to cleanup untracked CI secure files in object storage to rake gitlab:cleanup:untracked_object_storage_files.

References

Screenshots or screen recordings

BUCKETS=ci_secure_files bin/rake gitlab:cleanup:untracked_object_storage_files
I, [2025-05-29T11:57:07.707770 #95747]  INFO -- : Processing the following bucket types: ci_secure_files
I, [2025-05-29T11:57:07.707809 #95747]  INFO -- : DRY_RUN: true
I, [2025-05-29T11:57:07.707815 #95747]  INFO -- : DELETE (rather than move to lost_and_found): false
I, [2025-05-29T11:57:07.707845 #95747]  INFO -- : Processing bucket type: ci_secure_files
I, [2025-05-29T11:57:07.711782 #95747]  INFO -- : Looking for orphaned remote ci_secure_files files to move to lost and found. Dry run...
I, [2025-05-29T11:57:07.743498 #95747]  INFO -- : {:message=>"Skipping because the file path doesn't match the expected format", :file_path=>"Pug-7.jpg", :expected_file_path_format_regexp=>/\A[0-9a-f]{2}\/[0-9a-f]{2}\/[0-9a-f]{64}\/secure_files\/\d+\/.+$/}
I, [2025-05-29T11:57:07.743556 #95747]  INFO -- : Completed processing bucket type: ci_secure_files
I, [2025-05-29T11:57:07.743568 #95747]  INFO -- : This was a dry run. To actually clean up these files, run with DRY_RUN=false
I, [2025-05-29T11:57:07.743576 #95747]  INFO -- : By default, files will be moved to a lost_and_found directory.
I, [2025-05-29T11:57:07.743583 #95747]  INFO -- : To permanently delete files, run with DELETE=true

How to set up and validate locally

  1. Have object storage configured
  2. Optionally, add CI secure file. This file is tracked in the DB and therefore should not be deleted.
  3. Optionally, add another CI secure file and manually delete its ci_secure_files record. This file is untracked in the DB and should be deleted.
  4. Optionally, add another file at an arbitrary path in the ci_secure_files bucket. This file is untracked in the DB but does not have a path format expected of a CI secure file, and therefore it will be noted in the logging, but it should not be deleted.
  5. Run bin/rake gitlab:cleanup:untracked_object_storage_files. Optionally use BUCKETS=ci_secure_files to exclude other buckets from the run.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Michael Kozono

Merge request reports