diff --git a/.gitea/workflows/werf-yonote-cleanup-template.yml b/.gitea/workflows/werf-yonote-cleanup-template.yml
new file mode 100644
index 0000000..18b979e
--- /dev/null
+++ b/.gitea/workflows/werf-yonote-cleanup-template.yml
@@ -0,0 +1,68 @@
+name: Cleanup Docker registry
+on:
+  workflow_call:
+    inputs:
+      docker_repo_path:
+        default: private.docker.wilix.dev
+        required: false
+        type: string
+      docker_images_path:
+        description: 'Относительный путь для образов проекта'
+        required: true
+        type: string
+      werf_debug:
+        default: false
+        required: false
+        type: boolean
+    secrets:
+      VAULT_ROLE_ID:
+        required: true
+      VAULT_SECRET_ID:
+        required: true
+
+env:
+  vault_main_base_path: dev/wilix/main/data/ci
+
+jobs:
+  cleanup:
+    name: Cleanup
+    runs-on: ubuntu-latest
+    steps:
+      - uses: https://github.com/actions/checkout@v3
+      - name: Fetch all history for all tags and branches
+        run: git fetch --prune --unshallow
+
+      # FIXME Эти секреты нужно будет сделать полностью различными для проектов, идеально - краткосрочные генерируемые vault
+      - id: import-secrets
+        uses: https://github.com/hashicorp/vault-action@v2
+        with:
+          url: https://vault.wilix.dev
+          method: approle
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          secrets: |
+            ${{ env.vault_main_base_path }} local_cluster_kube_config_base64 ;
+            ${{ env.vault_main_base_path }} docker_registry_username ;
+            ${{ env.vault_main_base_path }} docker_registry_password ;
+            dev/wilix/yonote/data/ci/yonote NPM_AUTH_TOKEN ;
+
+      - name: Login to wilix nexus Container Registry
+        uses: https://github.com/docker/login-action@v2
+        with:
+          registry: ${{ inputs.docker_repo_path }}
+          username: ${{ steps.import-secrets.outputs.docker_registry_username }}
+          password: ${{ steps.import-secrets.outputs.docker_registry_password }}
+
+      - name: Install werf
+        uses: https://github.com/werf/actions/install@v1.2
+
+      - name: Setup debug if need
+        if: ${{ inputs.werf_debug }}
+        run: echo "WERF_LOG_DEBUG=true" >> "$GITHUB_ENV"
+
+      - name: Cleanup
+        run: werf cleanup
+        env:
+          WERF_REPO: ${{ inputs.docker_repo_path }}/${{ inputs.docker_images_path }}
+          WERF_KUBECONFIG_BASE64: ${{ steps.import-secrets.outputs.local_cluster_kube_config_base64 }}
+          NPM_AUTH_TOKEN: ${{ steps.import-secrets.outputs.NPM_AUTH_TOKEN }}