Expire outdated Image repositories from the Registry

Hi folks,

Problem to solve

We’re using the Jobs/Build.latest.gitlab-ci.yml template to build Docker images as part of our branches/MR workflow.

The builds are running perfectly fine, but we’re accumulating a lot of unused Docker images over time. Cleanup policies do not cover this, as the latest tag of each image repository is permanently kept.

Steps to reproduce

  • include Jobs/Build.latest.gitlab-ci.yml in your CI configuration
  • have a branch-based approach:
    • create a bugfix branch, e.g., hotfix/foobar
    • the build will create a new Docker image
    • which will be pushed to project/hotfix_foobar:abcdef and a :latest tag
  • after the branch is deleted, the tag in the registry is kept
  • the cleanup policy of the registry purges the SHA256 tag, but keeps the latest tag.

I want to purge old branches from the registry as well, as I do care about disk space usage (each build uses 500-800MB, even with consideration of layers and deduplication).

Configuration

.gitlab-ci.yml excerpt:

---
include:
  - template: Jobs/Build.latest.gitlab-ci.yml

build:
  rules:
    - if: $CI_COMMIT_TAG
    - if: $CI_COMMIT_BRANCH == "develop"
    - if: $CI_COMMIT_BRANCH == "stage"
    - if: $CI_COMMIT_BRANCH == "main"
    - if: $CI_PIPELINE_SOURCE != "merge_request_event"

Cleanup policy:

Versions

Please select whether options apply, and add the version information.

Versions

Answering myself: there’s a Python script to solve my issue:

It would be nice to see the functionality as part of the registry cleanup policy neverthelss.