You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Expected behavior and actual behavior: Expected
Harbor garbage collection should remove untagged images even if they have a signature attached to them.
Actual
Deleting untagged images with CoSign signature attach fails.
2022-12-19T13:20:49Z [INFO] [/jobservice/job/impl/gc/garbage_collection.go:143]: Garbage Collection parameters: [delete_untagged: true, dry_run: false, time_window: 2]
2022-12-19T13:20:49Z [INFO] [/jobservice/job/impl/gc/garbage_collection.go:153]: start to run gc in job.
2022-12-19T13:20:49Z [INFO] [/jobservice/job/impl/gc/garbage_collection.go:459]: start to delete untagged artifact (no actually deletion for dry-run mode)
2022-12-19T13:20:49Z [ERROR] [/jobservice/job/impl/gc/garbage_collection.go:476]: failed to delete untagged:3621 artifact in DB, error, the artifact 3621 is referenced by other resources
2022-12-19T13:20:49Z [ERROR] [/jobservice/job/impl/gc/garbage_collection.go:476]: failed to delete untagged:3519 artifact in DB, error, the artifact 3519 is referenced by other resources
Steps to reproduce the problem:
Push a container image to Harbor
Sign container image using CoSign
Push a new container image to Harbor reusing the same tag, making the old image untagged
@AllForNothing We have a handful repositories where we only use the latest tag and do not version images. Before we started using signing, Harbor would delete the old now untagged images of such repositories once a week.
Since switching to signing images this no longer works, resulting in a ton of untagged images that are no longer used. At the moment I delete these by hand once a week.
@marvinpeter-kisters This is a designed behavior where you have to remove the signature first and then perform the GC.
Let's keep collecting more comments and maybe we can provide an option to allow the user to delete untagged images with a signature.
We have a similar need: we publish images routinely (every week) in a private registry using a constant tag ("latest"). The images are signed using cosign and we would like to automatically delete obsolete images (those that lost the "latest" tag when a new image was published under that tag).
I'm +1 on having the option to delete untagged images that are still referenced by a signature
Expected behavior and actual behavior:
Expected
Harbor garbage collection should remove untagged images even if they have a signature attached to them.
Actual
Deleting untagged images with CoSign signature attach fails.
Steps to reproduce the problem:
Versions:
Related Issus
#16418
The text was updated successfully, but these errors were encountered: