Retention Policy support for GHCR hosted images

[ruffsl]

Select Topic Area

Product Feedback

Body

Some container registries provide built-in ways to apply a Retention Policy for the images/tags/manifests they host, specifically what to clean from the registry and when to do it.

As @sondrelg writes elsewhere, this is a built-in feature in Azure for example:

• https://reddit.com/r/docker/comments/qg2b5w/github_action_for_ghcr_retention_policy/
• https://learn.microsoft.com/en-us/azure/container-registry/container-registry-retention-policy

Numerous actions have emerged to facilitate similar features for GHCR:

• https://github.com/marketplace/actions/container-retention-policy
• https://github.com/marketplace/actions/ghcr-pruning
• https://github.com/marketplace/actions/ghcr-delete-image

However, the requirement for Personal Access Tokens complicates their usage:

• Do you really need a personal access token? snok/container-retention-policy#27
• Add Container Retention Policy ros-navigation/navigation2#3474

While being able to utilize the GITHUB_TOKEN for pruning from (as well as pushing to) the container registry would considerably simplify the deployment of such Retention Policies, it seems current API endpoints do not yet support this.

---

On a side note: one specific type of Retention Policy I would like to apply would be a form of temporal down-sampling, where image tags archived in the registry would be selectively pruned by their age over multiple time horizons. This would allow for varying densities of archived images based upon different windows of relevance, irregardless of the frequency at which newer images may be generated or updated. For example:

• For images younger than 30 days
  • retain at least one image for every 7 days
• For images younger than 365 days
  • retain at least one image for every 30 days
• For images older than 365 days
  • retain at least one image for every 365 days

This kind of Retention Policy seems tricky to construct from existing actions available through the marketplace, given that most can only filter by a single sided cutoff window, and thus are not easily composable.

[leonardehrenfried]

My usecase: We push a public image for every PR merge which can happen several times per day. Some of these images are used in production but the majority probably isn't.

Therefore I'm looking for a way to specify that images older than X days that have 0 pulls are to be deleted.

[burnettk]

https://github.com/snok/container-retention-policy is a way to clean up images based on a public github action. Use at your own risk.

[chipitsine]

other than 3rd parties tools, can we count on officially supported tool from GitHub ?

[johndistasio]

No.