search

Azure / acr

Azure Container Registry samples, troubleshooting tips and references
https://aka.ms/acr
Other
162 stars 106 forks source link

ACR purge is purging manifests that it shouldn't #666

Closed mispencer closed 1 year ago

mispencer commented 1 year ago

Describe the bug acr purge is purging manifests that belong to tags it isn't purging

To Reproduce Steps to reproduce the behavior:

  1. Has tags with manifests (with a specific type of manifest?)
  2. Run acr purge (with --purged-untagged?)

Expected behavior Manifests belong to non-purged tags should not be removed

Additional context See attached redacted log and an example impacted tag's manifest. This log is from running acr purge --ago 21d --filter 'YYYYYYYYYY:.*' --untagged today (1/26/2023) acr-purge.log example-impacted-tag-manifest.txt

If non-redacted logs or other such information would be helpful, I could provide by another channel.

northtyphoon commented 1 year ago

@mispencer thanks for reporting the issue. The digest in example-impacted-tag-manifest.txt is a92b06bbd34b3505478caf3de4af1f6d30ab88287a6c2bf17434f6bd501aa630. However, I don't see it in acr-purge.log. Do you have other example to share?

mispencer commented 1 year ago

That's correct - the top level manifest isn't being removed. However, what is being removed is the second level manifests, which would be sha256:a34f1355da7317481060fafaabc3e8509f9c2496150b4852780b7fd92d355d73 and sha256:8c45edf022a7e690d08290a61800615afb5146e66db96a16138b6149c69b4ad8 in the original example manifest.

northtyphoon commented 1 year ago

@mispencer can I know the media type of the top-level manifest? Is it application/vnd.docker.distribution.manifest.list.v2+json or application/vnd.oci.image.index.v1+json?

We now understand the root cause of the issue. acr purge command doesn't recognize oci index media type to handle multi-arch image deletion. We are working with the community to publish a fix soon.

https://github.com/Azure/acr-cli/pull/130

wju-MSFT commented 1 year ago

@mispencer We have a hot fix for this issue. For now, we can change the purge command as following to solve this issue. 

PURGE_CMD="mcr.microsoft.com/acr/acr-cli:0.7 purge --filter 'hello-world:.*' \
  --ago 7d" 

az acr task create --name purgeTask \
  --cmd "$PURGE_CMD" \
  --schedule "0 0 * * *" \
  --registry myregistry \
  --context /dev/null
terencet-dev commented 1 year ago

Closing as this issue is now inactive for over 7 days. Thanks!