GitLab registry cleanup policy: how to keep most recent n tags, but delete others?

I'm a bit confused about GitLab's registry cleanup policy.

I have several registries with tags for the image foo being pushed every few weeks or so, named foo:v1.0.0, foo:v1.0.1 etc. The tag latest is always pushed alongside the versioned tags. However, latest is never used in production in order to pin the dependencies.

I would like to keep the most recent 1 tag, and clear out any tags older than, say, 30 days.

I currently have the following policy set:

I would expect only two tags to be inside my repository (latest and, e.g. foo:v1.0.1), yet, there are 15, dating back to 6 months ago and earlier.

Now, when I look at the "Keep the most recent line" — what does "1 tag per image name" mean here, exactly? Is the "image name" the name of the image, e.g. foo, then the policy should not leave 15 images in my repository, only 1.

If "image name" is actually the name plus the tag (e.g., foo:v1.0.0), what is the purpose of this setting? It means that any image will be kept!

I guess I could remove the keep rules, but I also do not want to simply delete all images except the latest one, since latest is never used in production, and in case that I don't update an image within 30 days, that will be deleted to, and I cannot deploy anymore.

Is there a good solution to this, other than writing my own cleanup script?

In the meantime I've realized that it's important to remove the .* regex from the "keep" option; otherwise, all tags will be kept.

However, I like to manually clean up sometimes, so I published the gitlab-container-registry-cleaner tool (based on an initial implementation by Pierre Beucher).

It allows you to:

• Fetch a list of all repos
• Clean tags by regular expressions and retention dates

It has sane "dry run" default so you don't accidentally delete something you want to keep.