Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement RFC0046: Define an Image & Dependency Retention Policy for Paketo Images #189

Open
ryanmoran opened this issue Apr 29, 2022 · 0 comments

Comments

@ryanmoran
Copy link
Member

RFC

Summary

At the moment, the Paketo Project is maintaining images (buildpack, builder, stack, etc..) and hosted dependencies since the beginning of the project. This RFC proposes that we define an image and dependency retention policy that would allow the project to delete old images and dependencies.

Implementation

The preferrable implementation would be to use configuration through the registry to assign image retention policies. It does not appear that Docker Hub or GCR have configurable image retention policies. If someone knows of a way, this would be the preferred implementation.

Failing that. We will need to configure a daily CI job to run a tool that scans all images and enforces the policy. This should be implemented at the project level, so that individual teams do not need to each enforce this.

This should not require creating a custom tool, as there are some existing tools that we could use in CI.

The specific tool selected can vary and will be an implementation detail that is intentionally left outside of the scope of this RFC.

Once an image is deleted, any hosted dependencies that were referenced by the image which are no longer used by images that are still within the retention policy may be deleted. For example, if buildpack 1.1.1 uses dependency 2.2.2 and no other buildpacks still within the retention policy (i.e. less than 2 years old) referenece dependency 2.2.2 then the project may delete dependency 2.2.2. from it's hosting. This does not apply to externally hosted dependencies as hosting of those dependencies is outside the project. External hosting can follow its own separate policy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: 📋 Planned
Development

No branches or pull requests

1 participant