I have the following cleanup policy set to "Dry run" in Google Artifact Registry:
[
{
"name": "delete-nightly-packages",
"action": {
"type": "Delete"
},
"condition": {
"tagState": "ANY",
"tagPrefixes": [
"nightly"
],
"olderThan": "43200s"
}
}
]
When I save this policy and wait for the dry runs to happen (they seem to happen every 6 hours: 8am, 2pm, 8pm, 2am), I get logs that show images that would be deleted, which is good. However, when I inspect some of those flagged images, I am noticing that the policy seems to be flagging images that satisfy the time requirement (older than 12 hours) but do not satisfy the tag prefix requirement. For example, one image has the tag "v0.12.3" and is many months old. I would expect it to not be included in the dry run logs because it does not match the "nightly" tag prefix I configured, though it does satisfy the age requirement.
I've also tried splitting this policy into two conditional delete policies: one for the time component and one for the tag component, though that doesn't change things, either.
Per @DazWilkin's comment, the fix here was to change the "Tag state" option from "Any" to "Tagged." It turns out that GAR will ignore the other options, like "Tag prefix," if the "Tag state" option is set to "Any."