CI/CD expired artifacts are never removed

GitLab CI/CD
1

Hello,

CI/CD expired artifacts are never removed from my self-managed GitLab 16.7 instance.

Artifacts delete job is configured to run every nights:

gitlab_rails['expire_build_artifacts_worker_cron'] = "0 0 * * *"

I found on this forum (Remove all artifact (no expire options) - #13 by franko1008) a small script to delete expired artifacts:

builds_with_artifacts = Ci::Build.with_downloadable_artifacts
builds_to_clear = builds_with_artifacts.where("artifacts_expire_at < ?", Time.now)
builds_to_clear.find_each do |build|
  build.erase_erasable_artifacts!
end

but erase_erasable_artifacts function has been removed (Remove unused method (51676bd6) · Commits · GitLab.org / GitLab · GitLab).

I also run some commands and artifacts look locked:

irb(main):075:0> builds_to_clear[0].erasable?
=> true
irb(main):076:0> builds_to_clear[0].artifacts_expired?
=> true
irb(main):077:0> builds_to_clear[0].locked_artifacts?
=> true
irb(main):078:0> builds_to_clear[0].has_expired_locked_archive_artifacts?
=> true
  1. What is the new way to remove build artifacts without erase_erasable_artifacts function? (I don’t know Ruby language, reading the source code is rather complicated to me)
  2. What is this locked flag on artifacts? Is this flag prevent expire_build_artifacts worker to remove expired artifacts? How can I remove it?
  3. How can I fix my GitLab configuration to automatically remove expired artifacts?

Regards.

2
  1. I found the new function to use in the associated MR:
#!/usr/bin/env -S gitlab-rails runner

# Delete all expired artifacts
builds_with_artifacts = Ci::Build.with_downloadable_artifacts
builds_to_clear = builds_with_artifacts.where("artifacts_expire_at < ?", Time.now)
builds_to_clear.find_each do |build|
    ::Ci::JobArtifacts::DeleteService.new(build).execute
end

# Wait several minutes for effective artifacts deletion

I also called

gitlab-rake gitlab:cleanup:orphan_job_artifact_files DRY_RUN=false

to remove orphans.

  1. It’s look like the locked flag is present because the Keep artifacts from most recent successful jobs option is enabled and last successful jobs artifacts are kept on all branches / tags and not only on default branch; can someone confirm?

  2. I will disable Keep artifacts from most recent successful jobs option.