This is easily done with GraphiQL installed as an application on your laptop but any tool that allows HTTP headers to be easily configured will work.
GitHub provides no mechanism (at the time of writing) to remove packages as such, but removing all of the versions of a package has the equivalent effect. You may have to repeat the delete package version operation many times but in the end, the package will be gone and consume no more of your package space allocation.
While logged in to Github, go to the Settings from the user dropdown menu at the top right, and from there to Developer Settings from the menu on the left side of the profile form. Finally, select Personal access tokens, again from the menu on the left side.
If you do not already have a suitable application token that you can modify, generate a new token. Either way,
check / enable the write:packages
, read:packages
, and delete:packages
scopes. read:org
and read:user
might
necessary too, but I am not sure; you can try without because you can always go back and add them later.
If you create a new token MAKE A SAFE COPY OF ITS VALUE!!
Whatever tool your are using you will need to define the Authorization
and Accepts
headers. Authorization should
be set as follows:
Authorization
= token <the-token-value-from-above>
The Accepts
header will only be required for as long as the deletePackageVersion
mutation remains in preview state. Once
it graduates to being an officially supported facet of the standard GitHub API then you can drop bothering to specify this:
Accepts
= application/vnd.github.package-deletes-preview+json
Paste the following into the GraphQL panel of your tool:
# Get packags version ids
query listPackages($name: String!, $owner: String!) {
repository(name: $name, owner: $owner) {
id
name
registryPackages(first: 10) {
nodes {
versions(first: 10) {
nodes{
id
version
}
}
name
id
}
}
}
}
# Delete a package version
mutation deletePackageVersion($packageVersionId: ID!) {
deletePackageVersion(input: {packageVersionId: $packageVersionId }) {
clientMutationId
success
}
}
Open the Query Variables pane and add the following:
{
"owner": "repository-owner",
"name": "repository-name",
"packageVersionId": "BLAHBLAHBLAH"
}
The repository owner, repository name, and package version ID values are just placeholders.
Replace the repository-owner
and repository-name
values in the query variables with the appropriate values
for the repository that contains the package that you wish to clean up and run the listPackages
query.
The result will look something like this:
{
"data": {
"repository": {
"id": "MDEc8lJlcZ9DaXRvcnkx3KY1MDAwIn0=",
"name": "repository-name",
"registryPackages": {
"nodes": [
{
"versions": {
"nodes": [
{
"id": "MDE0OlBhY2thZ2VWZXJzaW9uMzg2Njg5",
"version": "1.0.0"
},
{
"id": "MDE0OlBhY2thZ2VWZXJzaW9uMzg2Njg0",
"version": "docker-base-layer"
}
]
},
"name": "repository-name",
"id": "MDc5J9Aja2FnZTY2OTc24
}
]
}
}
}
}
Now cut-and-paste the version IDs, e.g. MDE0OlBhY2thZ2VWZXJzaW9uMzg2Njg5
, one at a time into the packageVersionId
query variable value and run the deletePackageVersion
mutation. For the above example, you would have to run
deletePackageVersion
twice to completely remove the package.
Obviously, you can run the listPackages
between each execution of the deletePackageVersion
mutation to see
the effect and to retrieve the package versions that remain to be dealt with. You will have to do this if you
more than 10 packages, or 10 versions of a package, to process since the listPackages
query, as written above,
only retrieves a maximum of 10 packages and versions at a time.
Many thanks to Andrew Goldis who published an earlier gist with the raw GraphQL necessary. All I have done here is add a hundred words or so of description for those less familiar with running GraphQL queries.