This is easily done with GraphiQL installed as an application on your laptop but any tool that allows HTTP headers to be easily configured will work.
GitHub provides no mechanism (at the time of writing) to remove packages as such, but removing all of the versions of a package has the equivalent effect. You may have to repeat the delete package version operation many times but in the end, the package will be gone and consume no more of your package space allocation.
While logged in to Github, go to the Settings from the user dropdown menu at the top right, and from there to Developer Settings from the menu on the left side of the profile form. Finally, select Personal access tokens, again from the menu on the left side.
If you do not already have a suitable application token that you can modify, generate a new token. Either way,
check / enable the write:packages, read:packages, and delete:packages scopes. read:org and read:user might
necessary too, but I am not sure; you can try without because you can always go back and add them later.
If you create a new token MAKE A SAFE COPY OF ITS VALUE!!
Whatever tool your are using you will need to define the Authorization and Accepts headers. Authorization should
be set as follows:
Authorization = token <the-token-value-from-above>
The Accepts header will only be required for as long as the deletePackageVersion mutation remains in preview state. Once
it graduates to being an officially supported facet of the standard GitHub API then you can drop bothering to specify this:
Accepts = application/vnd.github.package-deletes-preview+json
Paste the following into the GraphQL panel of your tool:
# Get packags version ids
query listPackages($name: String!, $owner: String!) {
repository(name: $name, owner: $owner) {
id
name
registryPackages(first: 10) {
nodes {
versions(first: 10) {
nodes{
id
version
}
}
name
id
}
}
}
}
# Delete a package version
mutation deletePackageVersion($packageVersionId: ID!) {
deletePackageVersion(input: {packageVersionId: $packageVersionId }) {
clientMutationId
success
}
}Open the Query Variables pane and add the following:
{
"owner": "repository-owner",
"name": "repository-name",
"packageVersionId": "BLAHBLAHBLAH"
}The repository owner, repository name, and package version ID values are just placeholders.
Replace the repository-owner and repository-name values in the query variables with the appropriate values
for the repository that contains the package that you wish to clean up and run the listPackages query.
The result will look something like this:
{
"data": {
"repository": {
"id": "MDEc8lJlcZ9DaXRvcnkx3KY1MDAwIn0=",
"name": "repository-name",
"registryPackages": {
"nodes": [
{
"versions": {
"nodes": [
{
"id": "MDE0OlBhY2thZ2VWZXJzaW9uMzg2Njg5",
"version": "1.0.0"
},
{
"id": "MDE0OlBhY2thZ2VWZXJzaW9uMzg2Njg0",
"version": "docker-base-layer"
}
]
},
"name": "repository-name",
"id": "MDc5J9Aja2FnZTY2OTc24
}
]
}
}
}
}Now cut-and-paste the version IDs, e.g. MDE0OlBhY2thZ2VWZXJzaW9uMzg2Njg5, one at a time into the packageVersionId
query variable value and run the deletePackageVersion mutation. For the above example, you would have to run
deletePackageVersion twice to completely remove the package.
Obviously, you can run the listPackages between each execution of the deletePackageVersion mutation to see
the effect and to retrieve the package versions that remain to be dealt with. You will have to do this if you
more than 10 packages, or 10 versions of a package, to process since the listPackages query, as written above,
only retrieves a maximum of 10 packages and versions at a time.
Many thanks to Andrew Goldis who published an earlier gist with the raw GraphQL necessary. All I have done here is add a hundred words or so of description for those less familiar with running GraphQL queries.