google-cloud-platformgoogle-artifact-registry

Artifact Registry Cleanup Policies not being enforced


I have a repository in Artifact Registry that contains Docker images which are themselves created by Github Actions. I have set the repository's Cleanup Policy to keep only the five most recent versions. For some reason, that's not working at all. I had over 60 artifacts in that repository, when I checked this morning, and the cleanup policy has been in place for months.

Does anyone else use this feature of Artifact Registry? If so, has anyone else had any trouble with it not working?


Solution

  • It’s difficult to find the exact issue, Why are the Artifact Registry Cleanup Policies not working? with the provided information. There might be different reasons for this issue. Here are some of the reasons:

    1. I’m not aware of whether you are setting up Artifact registry cleanup policies using gcloud commands or through the console.

      But if you are using the gcloud commands it may set the empty policy instead of the intended policy as stated in this Stackoverflow Link.

    2. I’m not aware of your delete policies and keep policies but as stated in the Documentation

      If an artifact version matches criteria in both a delete policy and a keep policy, Artifact Registry applies the keep policy.

    3. If you are using the Keep most recent versions you need to set both a delete policy and a keep policy in order for artifacts to be deleted.

    4. Make sure you are not using the Conditional keep and Keep most recent versions criteria in the same keep policy.

    5. Make sure to enable the Dry run policy.

      To analyze the effect of your cleanup policies you can view the Artifact Registry Data access audit logs. To receive Data Access audit logs for cleanup policies, you must explicitly enable the data write type of data access audit logs for the Artifact Registry service.

    6. Also it’s important to check with the Tag state. Make sure to specify the Tag state which indicates if the policy should check for tagged artifacts or untagged artifacts. Artifacts are tagged when pushing or pulling an image to or from a repository. For more on Docker tags, see Container concepts.

      Note: If multiple tags are applied to the same image, the policy may not consider all tags when determining which images to retain. Make sure to use a single tag for each version.

    7. The cleanup policy applies to versions, not tags. If the images in the repository are not versioned correctly, the policy may not be able to identify the most recent versions.

    If none of the above suggestions helps you in resolving the issue, then it's better to Contact support as it requires project-inspection to find the cause of the issue.