Purge All Repos — Maintenance Orchestrator
Automatically triggers the maintenance.yml workflow (deployments + workflow runs + caches purge) across all your public and private repositories on a schedule. Safely defaults to dry-run: true so you can preview before actual deletion.
How it works
- Discovers all your repositories (public + private)
- Filters by optional pattern
- Checks each repo has
maintenance.yml - Triggers
maintenance.ymlviaworkflow_dispatchwith configurable inputs - Runs up to 3 repos in parallel to avoid rate limits
Usage
Automatic (weekly schedule)
Runs every Sunday at 03:00 UTC by default:
on:
schedule:
- cron: '0 3 * * 0' # Every Sunday at 03:00 UTCManual trigger
Go to Actions → Purge All Repos — Maintenance Orchestrator → Run workflow and set:
keep— number of deployments/runs/caches to retain (default: 10)dry-run— preview before deleting (default: true — safe!)filter-repo— optional pattern to target specific repos (e.g.my-org/foo-*)
Inputs
| Input | Type | Default | Description |
|---|---|---|---|
keep | number | 10 | Number of most-recent items to keep per repo (deployments/runs/caches) |
dry-run | boolean | true | Preview what would be deleted without deleting (safe default) |
filter-repo | string | '' | Filter repos by name pattern (e.g. my-org/foo-*). Empty = all repos |
Permissions
Requires a Personal Access Token (PAT) with:
reposcope (access to public and private repos)workflowscope (ability to trigger workflows)
Set as repository secret PURGE_PAT and use in the caller (see below), or use github.token (default) if running in a repo you own with sufficient token permissions.
Integration with caller workflows
To trigger this from another repo or organization-level automation:
name: Weekly purge
on:
schedule:
- cron: '0 3 * * 0'
jobs:
purge-all:
uses: KevinDeBenedetti/github-workflows/.github/workflows/purge-all-repos.yml@main
secrets:
token: ${{ secrets.PURGE_PAT }} # Optional: use custom PAT instead of github.token
with:
keep: 10
dry-run: trueHow to adopt
Each repo must have .github/workflows/maintenance.yml present. Copy from examples/maintenance.yml:
# In each of your repos:
mkdir -p .github/workflows
cp examples/maintenance.yml .github/workflows/
git add .github/workflows/maintenance.yml
git commit -m "chore: add maintenance workflow"
git pushOr use GitHub's repository template feature to sync it automatically to all new repos.
Workflow behavior
- Discovery phase — lists all repos, optionally filters by pattern
- Dispatch phase — triggers
maintenance.ymlon each repo with inputs, runs 3 repos in parallel - Non-blocking — if a repo fails or doesn't have
maintenance.yml, the orchestrator continues (usescontinue-on-error) - Summary — reports that workflows were triggered; check individual repo Actions tabs for detailed results
Best practices
- Start with dry-run — first execution should have
dry-run: trueto preview what each repo would delete - Review before deletion — check the job summaries in each repo's Actions tab to confirm safe deletions
- Stagger large organizations — if you have 100+ repos, increase
max-parallelgradually or run filters - Backup critical deployments — ensure you have external deployment records before auto-purging
Troubleshooting
- "No maintenance.yml found" — that repo doesn't have the maintenance workflow yet; add it via
examples/maintenance.yml - Rate limit errors — GitHub API limits 3 concurrent workflow triggers per repo; the orchestrator respects this
- Token permissions — ensure your PAT has
repo+workflowscopes
Notes
- This orchestrator workflow lives in the central
github-workflowsrepo - Each target repo must have its own
maintenance.ymlfor this to work - Dry-run defaults to true for safety — uncheck only after reviewing what would be deleted