ACR Retention Policy Issues with Images Pushed via Podman

[Rishabh-Patel-git]

Describe the bug The retention policy in ACR behaves inconsistently between images pushed with Docker and Podman. After untagging images, the untagged manifests are removed for Docker, but not for Podman.

To Reproduce Steps to reproduce the behavior:

1. Enable the retention policy in the ACR and set the retention period to 0 days.
2. For a repository, push some tags using the podman push command.
3. For the same repository, push some tags using the docker push command.
4. Untag one tag of an image pushed by Docker, and refresh the repository. The manifest and tag count should be reduced by one.
5. Untag one tag of an image pushed by Podman, refresh the repository, and observe that while the tag count is less, the manifest count remains the same.

You can check from Log Analytics as well; in the case of Docker, the manifest should be purged instantly, whereas for Podman, it is not.

Expected behavior Both Docker and Podman pushed images should have their untagged manifests removed when the retention policy is applied.

Any relevant environment information Azure CLI: 2.63.0 Docker version: 23.0.1 Podman version: 3.4.4

Additional context The difference between the manifests can be found using the following command: az acr manifest list-metadata --registry "$acrName" --name "$repository"

For Podman, it shows: "mediaType": "application/vnd.oci.image.manifest.v1+json" For Docker, it shows: "mediaType": "application/vnd.docker.distribution.manifest.v2+json"

Furthermore, when the retention policy is set for a longer duration, the expiration time is shown for images pushed with Docker, but no expiration time is displayed for images pushed with Podman.

[DarkShadow1060]

Hi, Same issue i am facing in my project when running the pipeline which untags the older images, the retention policy is working on the manifests of docker pushed images however podman pushed images are untouched , this needs to be fixed quickly. @alloy