From 90f204a0f52e28901a65a0fbf5d418c861aa835b Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Sun, 11 Jan 2026 01:41:21 +0900
Subject: [PATCH] FEAT(tekton): add automatic cleanup for old PipelineRuns

- Add CronJob to delete completed PipelineRuns older than 1 hour
- Add 30m timeout to TriggerTemplates
- Prevent resource accumulation in tekton-pipelines namespace
---
 tekton/ci-cd/manifests/cleanup-cronjob.yaml   | 36 +++++++++++++++++++
 tekton/ci-cd/manifests/kustomization.yaml     |  2 ++
 .../manifests/triggers/triggertemplate.yaml   |  4 +++
 3 files changed, 42 insertions(+)
 create mode 100644 tekton/ci-cd/manifests/cleanup-cronjob.yaml

diff --git a/tekton/ci-cd/manifests/cleanup-cronjob.yaml b/tekton/ci-cd/manifests/cleanup-cronjob.yaml
new file mode 100644
index 0000000..327e9cb
--- /dev/null
+++ b/tekton/ci-cd/manifests/cleanup-cronjob.yaml
@@ -0,0 +1,36 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: tekton-cleanup
+  namespace: tekton-pipelines
+spec:
+  schedule: "0 * * * *"  # Every hour
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      ttlSecondsAfterFinished: 300
+      template:
+        spec:
+          serviceAccountName: tekton-triggers-sa
+          containers:
+          - name: cleanup
+            image: bitnami/kubectl:latest
+            command:
+            - /bin/sh
+            - -c
+            - |
+              echo "Cleaning up completed PipelineRuns older than 1 hour..."
+              kubectl get pipelineruns -n tekton-pipelines \
+                -o jsonpath='{range .items[?(@.status.conditions[0].status=="True")]}{.metadata.name}{" "}{.metadata.creationTimestamp}{"\n"}{end}' | \
+              while read name timestamp; do
+                if [ -n "$name" ]; then
+                  age=$(( ($(date +%s) - $(date -d "$timestamp" +%s 2>/dev/null || date -j -f "%Y-%m-%dT%H:%M:%SZ" "$timestamp" +%s)) / 60 ))
+                  if [ "$age" -gt 60 ]; then
+                    echo "Deleting PipelineRun: $name (age: ${age}m)"
+                    kubectl delete pipelinerun "$name" -n tekton-pipelines
+                  fi
+                fi
+              done
+              echo "Cleanup complete"
+          restartPolicy: OnFailure
diff --git a/tekton/ci-cd/manifests/kustomization.yaml b/tekton/ci-cd/manifests/kustomization.yaml
index f59d201..b57c64d 100644
--- a/tekton/ci-cd/manifests/kustomization.yaml
+++ b/tekton/ci-cd/manifests/kustomization.yaml
@@ -14,3 +14,5 @@ resources:
   - pipelines/python-pipeline.yaml
   # Triggers
   - triggers/
+  # Cleanup
+  - cleanup-cronjob.yaml
diff --git a/tekton/ci-cd/manifests/triggers/triggertemplate.yaml b/tekton/ci-cd/manifests/triggers/triggertemplate.yaml
index 17d9a9e..fa6295c 100644
--- a/tekton/ci-cd/manifests/triggers/triggertemplate.yaml
+++ b/tekton/ci-cd/manifests/triggers/triggertemplate.yaml
@@ -26,6 +26,8 @@ spec:
           app: $(tt.params.repo-name)
           branch: $(tt.params.git-branch)
       spec:
+        timeouts:
+          pipeline: 30m
         pipelineRef:
           name: nextjs-build-deploy
         params:
@@ -79,6 +81,8 @@ spec:
           app: $(tt.params.repo-name)
           branch: $(tt.params.git-branch)
       spec:
+        timeouts:
+          pipeline: 30m
         pipelineRef:
           name: fastapi-build-deploy
         params: