feat(ci): add automated cleanup of PR artifacts from JFrog

[matsaur]

Summary

Add a new GitHub Actions workflow that automatically deletes pull request artifacts from JFrog Artifactory when a PR is merged. This prevents accumulation of temporary PR build artifacts and keeps the repository clean.

The workflow targets:

• Main package: dev/pr/nextcloud-workspace-pr-<number>.zip
• App artifacts: Build archives from the build-external-apps job (identified via vcs.branch property)

Motivation

PR builds generate artifacts (both a final zip package and individual app archives) that are uploaded to JFrog for distribution or further processing. Once a PR is merged, these temporary artifacts are no longer needed and consume storage. Manual cleanup is error-prone; automated cleanup reduces housekeeping burden and keeps Artifactory tidy.

Implementation Details

Trigger: pull_request.closed with merged == true — fires only when a PR is successfully merged, not on close-without-merge.

Runner: self-hosted — matches the upload-to-artifactory job in build-artifact.yml to ensure JFrog instance is reachable.

Artifact Identification:

• Main package: Explicit path-based match (dev/pr/nextcloud-workspace-pr-<N>.zip)
• App archives: Property-based search using vcs.branch=<N>/merge
  • For pull_request events, github.ref_name is <pr_number>/merge
  • The build-external-apps job records this exact value as the vcs.branch property on upload
  • Exact match ensures no false positives from other branches

Error Handling:

• Prerequisites check validates JFrog secrets before attempting cleanup
• Search-before-delete distinguishes between "not found", "deleted", and "delete failed"
• Errors surface in action logs (no stderr suppression) for visibility
• continue-on-error: true allows cleanup failures to not block the merge workflow
• Summary reports found/deleted/failed counts separately

Test Plan

When the next PR is merged:

1. ✅ Workflow triggers on merge (check Actions tab)
2. ✅ "Check prerequisites" step validates JFrog secrets
3. ✅ "Verify JFrog connection" step confirms connectivity
4. ✅ "Delete PR artifact package" step:
   • Searches for the main package artifact
   • Reports "deleted" / "not found" / "failed"
5. ✅ "Delete PR app artifacts" step:
   • Searches for app archives with vcs.branch=<PR>/merge
   • Reports counts: found/deleted/failed
   • If artifacts exist, verifies they're actually deleted from JFrog UI
6. ✅ Summary step clearly states the outcome

Verification:

• Log into JFrog Artifactory
• Navigate to ionos-productivity-ncwserver-snapshot repository
• Check that PR artifacts from a merged PR are no longer present
• Verify main package at dev/pr/nextcloud-workspace-pr-<N>.zip is gone
• Verify app archives with matching vcs.branch are gone

Notes

• The workflow relies on vcs.branch=<N>/merge being set during upload. If this property is not found, the search returns zero results (safe no-op). Logs will clearly show this.
• Orphaned artifacts from PRs that never built (e.g., closed without running CI) are not deleted (nothing to delete).
• Cleanup only runs on merge; manually closed PRs do not trigger cleanup (retention by design — allows investigation if needed).

[Copilot]

Pull request overview

Adds a new GitHub Actions workflow to automatically remove merged-PR build artifacts from the snapshot JFrog Artifactory repository, covering both the main PR zip and per-app archives uploaded by CI.

Changes:

• Introduces .github/workflows/cleanup-pr-artifacts.yml to trigger on pull_request.closed (merged-only) and delete PR artifacts from Artifactory.
• Deletes the main PR package by explicit path and app archives via vcs.branch=<pr_number>/merge property search.
• Produces a step summary reporting deleted/not-found/failed outcomes.