Treat docker images as a whole, not as individual files

gogoair / lavatory

Tooling to define repository specific retention policies in Artifactory.

Apache License 2.0

21 stars 14 forks source link

Treat docker images as a whole, not as individual files #48

Open NetAppBlueDevil opened 4 years ago

NetAppBlueDevil commented 4 years ago

I have an example where a docker image was published and one of the base layers of the image doesn't change. So as newer CI versions of the image are published, that layer file is always the same. Now when I want to purge based on age, lavatory is identifying this base layer image file to be deleted even though it is required of the newest full docker image.

Maybe I'm not understanding a needed aspect of how to do an artifactory query or something for this use case? Basically I would consider the age of the image and later files to all be the age of the manifest. I would expect artifactory itself handles the reference counting on this common layer file used in multiple versions of the image.

sijis commented 4 years ago

What is the structure you have for your images?

We basically have a structure as

path/image1/version1
path/image1/version2
path/image2/version1
...

We have a query, similar to the first complicated example using manifests.json. Then we find the parent directory and delete that one.

Its essentially something like

def purgelist(artifactory):

    docker_terms = [...]

    matches = artifactory.filter(terms=docker_terms, depth=None, item_type='file')
    purgeable = []
    for entry in matches:
        root_path, _ , directory_name = entry['path'].rpartition('/')
        entry.update({
            'path': root_path,
            'name': directory_name,
            'type': 'folder',
        })
        purgeable.append(entry)

    return purgeable

NetAppBlueDevil commented 4 years ago

Structure could vary as we allow teams to name images how they want.

I guess I see now that I would need to tailor this function to be the selector of the image level folders. I guess I wasn't seeing a specific example to implement somthing like this in the docs.

I wrote a bash script using the artifactory API that I think does basically what you are suggesting. I look for the manifest.json files that are outside of the retention rules that I want and then delete from the folder level that contains the manifest.json which will be the whole image. I guess I didn't understand the framework here enough (and I'm not much of a python guy) to implement clearly within the lavatory rule

sijis commented 4 years ago

Understood.

The trick is basically getting the parent directory that has the manifest.json that should be purged.

Any feedback / PRs on improving docs would be beneficial for other folks. :+1: