有没有办法从清理策略中排除某些标签/图像?
例如,假设我有一个存储库,其中包含触发创建这些图像的 Pull 请求的相关 SHA。当这些图像被批准部署到某个环境时,该图像将使用该环境的名称进行标记,结果如下:
+---------------------------------------------------------------------------+
| Image Tags | Image URI |
+---------------------------------------------------------------------------+
| sha923456 | 000000.dkr.ecr.eu-west-1.amazonaws.com/myrepo:sha923456 |
+-----------------+---------------------------------------------------------+
| sha823456, test | 000000.dkr.ecr.eu-west-1.amazonaws.com/myrepo:test |
+-----------------+---------------------------------------------------------+
| sha723456 | 000000.dkr.ecr.eu-west-1.amazonaws.com/myrepo:sha723456 |
+-----------------+---------------------------------------------------------+
| sha623456, prod | 000000.dkr.ecr.eu-west-1.amazonaws.com/myrepo:prod |
+-----------------+---------------------------------------------------------+
| sha523456 | 000000.dkr.ecr.eu-west-1.amazonaws.com/myrepo:sha523456 |
+-----------------+---------------------------------------------------------+
我想确保当前部署到任何环境的内容不会被删除;因此那些标记test或prod应该保留的镜像。此外,还应保留针对其镜像的 SHA 标记。
除此之外,我想保留过去 90 天内创建的所有带有 SHA 标签的图像。
我很高兴删除所有未标记的内容。
应用下面的规则几乎有效;只是看起来因为标签匹配sha,prod和test图像将会过期。
{
"rules": [
{
"rulePriority": 1,
"description": "Remove untagged images",
"selection": {
"tagStatus": "untagged",
"countType": "imageCountMoreThan",
"countNumber": 1
},
"action": {
"type": "expire"
}
},
{
"rulePriority": 100,
"description": "Purge non-deployed images over 90 days old",
"selection": {
"countType": "sinceImagePushed",
"countUnit": "days",
"countNumber": 90,
"tagStatus": "tagged",
"tagPrefixList": [
"sha"
]
},
"action": {
"type": "expire"
}
}
]
}
我找不到任何关于添加“NOT”规则的文档,并且尝试感叹号也不起作用。
{
"rulePriority": 100,
"description": "Purge non-deployed images over 90 days old",
"selection": {
"countType": "sinceImagePushed",
"countUnit": "days",
"countNumber": 90,
"tagStatus": "tagged",
"tagPrefixList": [
"!test", "!prod"
]
},
"action": {
"type": "expire"
}
}