#!/usr/bin/env bash # # Clean unused Docker resources with explicit safety controls. # # The default mode is dry-run. Use --apply to actually remove resources. # This is designed for maintenance windows, scheduled cleanup jobs, or # post-deployment housekeeping on Docker hosts. # # Usage: # bash docker_cleanup.sh # bash docker_cleanup.sh --apply --until 168h # bash docker_cleanup.sh --apply --include-volumes # # Options: # --apply Execute cleanup. Without this flag, only planned actions are printed. # --until DURATION Remove resources older than DURATION. Default: 72h. # --include-volumes Remove unused volumes as well. # --help Show this help message. set -Eeuo pipefail apply=false until_duration="72h" include_volumes=false usage() { sed -n '2,20p' "$0" | sed 's/^# \{0,1\}//' } log() { printf '[%s] %s\n' "$(date -Is)" "$*" } require_docker() { if ! command -v docker >/dev/null 2>&1; then printf 'ERROR: docker command not found.\n' >&2 exit 1 fi if ! docker info >/dev/null 2>&1; then printf 'ERROR: Docker daemon is not reachable by this user.\n' >&2 exit 1 fi } run_or_print() { if [[ "$apply" == true ]]; then "$@" else printf 'DRY-RUN:' printf ' %q' "$@" printf '\n' fi } while [[ "$#" -gt 0 ]]; do case "$1" in --apply) apply=true shift ;; --until) until_duration="${2:-}" [[ -n "$until_duration" ]] || { printf 'ERROR: --until requires a duration.\n' >&2; exit 1; } shift 2 ;; --include-volumes) include_volumes=true shift ;; --help|-h) usage exit 0 ;; *) printf 'ERROR: unknown option: %s\n' "$1" >&2 usage >&2 exit 1 ;; esac done require_docker log "Docker cleanup started. apply=${apply}, until=${until_duration}, include_volumes=${include_volumes}" run_or_print docker container prune --force --filter "until=${until_duration}" run_or_print docker image prune --all --force --filter "until=${until_duration}" run_or_print docker network prune --force --filter "until=${until_duration}" run_or_print docker builder prune --force --filter "until=${until_duration}" if [[ "$include_volumes" == true ]]; then run_or_print docker volume prune --force fi log "Docker cleanup finished."