[BRE-1009] Update Docker image purge logic to be more thorough (#440)

* removed logic for excluding the setup image from being purged. all BW images will be removed when purging. * added certbot image cleanup logic to run.sh * added certbot image cleanup logic to run.ps1 * added missing rebuild line to parameter block
2026-06-28 06:15:46 +00:00 · 2025-12-15 14:36:03 -05:00
parent 662e9aac99
commit 79ef352369
2 changed files with 52 additions and 11 deletions
--- a/run.ps1
+++ b/run.ps1
@@ -12,7 +12,8 @@ param (
    [switch] $uninstall,
    [switch] $renewcert,
    [switch] $updatedb,
-    [switch] $update
+    [switch] $update,
+    [switch] $rebuild
 )

 # Setup
@@ -69,6 +70,8 @@ function Install() {
                "certonly{0} --standalone --noninteractive --agree-tos --preferred-challenges http " + `
                "--email ${email} -d ${domain} --logs-dir /etc/letsencrypt/logs"
            Invoke-Expression ($certbotExp -f $qFlag)
+
+            Cleanup-Certbot
        }
    }

@@ -141,8 +144,7 @@ function Create-Dir($str) {
 }

 function Docker-Prune {
-    docker image prune --all --force --filter="label=com.bitwarden.product=bitwarden" `
-        --filter="label!=com.bitwarden.project=setup"
+    docker image prune --all --force --filter="label=com.bitwarden.product=bitwarden"
 }

 function Update-Lets-Encrypt {
@@ -152,6 +154,8 @@ function Update-Lets-Encrypt {
            "-v ${outputDir}/letsencrypt:/etc/letsencrypt/ certbot/certbot " + `
            "renew{0} --logs-dir /etc/letsencrypt/logs" -f $qFlag
        Invoke-Expression $certbotExp
+
+        Cleanup-Certbot
    }
 }

@@ -162,6 +166,8 @@ function Force-Update-Lets-Encrypt {
            "-v ${outputDir}/letsencrypt:/etc/letsencrypt/ certbot/certbot " + `
            "renew{0} --logs-dir /etc/letsencrypt/logs --force-renew" -f $qFlag
        Invoke-Expression $certbotExp
+
+        Cleanup-Certbot
    }
 }

@@ -204,7 +210,6 @@ function Uninstall() {
        $uninstallAction = $( Read-Host "Are you sure you want to uninstall Bitwarden? (y/n)" )
    }

-
    if ($uninstallAction -eq "y") {
        Write-Host "uninstalling Bitwarden..."
        Docker-Compose-Down
@@ -217,11 +222,13 @@ function Uninstall() {
    }

    Write-Host "(!) " -f red -nonewline
-        $purgeAction = $( Read-Host "Would you like to purge all local Bitwarden container images? (y/n)" )
+    $purgeAction = $( Read-Host "Would you like to purge all local Bitwarden container images? (y/n)" )

-        if ($purgeAction -eq "y") {
-            Docker-Prune
-        }
+    if ($purgeAction -eq "y") {
+        Docker-Prune
+    }
+    
+    Cleanup-Certbot
 }

 function Print-Environment {
@@ -247,7 +254,6 @@ function Cert-Restart {
    Print-Environment
 }

-
 function Pull-Setup {
    Invoke-Expression ("docker pull{0} ghcr.io/bitwarden/setup:${coreVersion}" -f "") #TODO: qFlag
 }
@@ -258,6 +264,18 @@ function Write-Line($str) {
    }
 }

+function Cleanup-Certbot {
+    # Check if the certbot image is being used by any containers
+    if ([string]::IsNullOrEmpty((docker ps -a --filter ancestor=certbot/certbot --quiet))) {
+        Write-Host "(!) " -f red -nonewline
+        $response = $( Read-Host "The [certbot/certbot] container image used by this script is no longer associated with any containers. Would you like to purge it? (y/N)" )
+        
+        if ($response.ToLower() -eq 'y') {
+            docker image rm certbot/certbot
+        }
+    }
+} 
+
 # Commands

 if ($install) {
--- a/run.sh
+++ b/run.sh
@@ -85,10 +85,13 @@ function install() {
            echo ""

            mkdir -p $OUTPUT_DIR/letsencrypt
+
            docker pull certbot/certbot
            docker run -it --rm --name certbot -p 80:80 -v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \
                certonly --standalone --noninteractive  --agree-tos --preferred-challenges http \
                --email $EMAIL -d $DOMAIN --logs-dir /etc/letsencrypt/logs
+            
+            certbotCleanup
        fi
    fi

@@ -163,8 +166,7 @@ function createDir() {
 }

 function dockerPrune() {
-    docker image prune --all --force --filter="label=com.bitwarden.product=bitwarden" \
-        --filter="label!=com.bitwarden.project=setup"
+    docker image prune --all --force --filter="label=com.bitwarden.product=bitwarden"
 }

 function updateLetsEncrypt() {
@@ -174,6 +176,8 @@ function updateLetsEncrypt() {
        docker run -i --rm --name certbot -p 443:443 -p 80:80 \
            -v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \
            renew --logs-dir /etc/letsencrypt/logs
+        
+        certbotCleanup
    fi
 }

@@ -184,6 +188,8 @@ function forceUpdateLetsEncrypt() {
        docker run -i --rm --name certbot -p 443:443 -p 80:80 \
            -v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \
            renew --logs-dir /etc/letsencrypt/logs --force-renew
+
+        certbotCleanup
    fi
 }

@@ -281,6 +287,8 @@ function uninstall() {
        dockerPrune
        echo -e -n "${CYAN}Bitwarden uninstall complete! ${NC}"
    fi
+
+    certbotCleanup
 }

 function printEnvironment() {
@@ -310,6 +318,21 @@ function pullSetup() {
    docker pull ghcr.io/bitwarden/setup:$COREVERSION
 }

+function certbotCleanup() {
+    # Check if the certbot image is being used by any containers
+    if [[ -z $(docker ps -a --filter ancestor=certbot/certbot --quiet) ]]
+    then
+        echo -e -n "${RED}(!) The [certbot/certbot] container image used by this script is no longer associated with any containers. Would you like to purge it? (y/N): ${NC}"
+        read RESPONSE
+        RESPONSE=$(echo "$RESPONSE" | tr '[:upper:]' '[:lower:]')
+        
+        if [[ $RESPONSE == 'y' ]]
+        then
+            docker image rm certbot/certbot
+        fi
+    fi
+}
+
 # Commands

 case $1 in