acr-cli icon indicating copy to clipboard operation
acr-cli copied to clipboard

Published 20 hours ago verified publisher icon Azure

UX for purge is no good

Open hholst80 opened this issue 2 years ago • 1 comments

The UX for this tool is no good.

It is very unclear how to use the --filter --ago and --keep to achieve what I want in a secure way.

This tool is very early still I understand that but you must have a discussion with us the users of this tool on how we use the command line switches.

Example. and what must be one of the most common use case for purge: I want to clean up all image that are not references by a tag. How do I do that? A simple "garbage collect" operation. Very unclear!

My best guess right now would be to count the number of expected tags (two in my case) and use something as follows:

acr purge -r $REGISTRY  --filter "${{ matrix.repository }}:(latest|test)" --ago 0 --untagged --keep 2

Obviously, even if this is correct, this does not scale at all.

hholst80 avatar Mar 31 '22 08:03 hholst80

@hholst80 - We also hit this problem (as did the folks who have chimed in on #59). We are unable to find a coherent story around how someone is supposed to actually use this tool. Every other hosted repository solution I've encountered (ECR, quay.io) allows developers to define a clear set of rules that go like this:

  1. Apply X rule to image tags matching pattern1.
  2. Apply Y rule to image tags matching pattern2.
  3. Apply Z rule to all other image tags.
  4. Remove all untagged images after N days.

It does not appear possible to define such rules rationally with this tool (or with any ACR tooling). I have to wonder what the UX design was based on? Right now we are going through regex contortions in order to define a basic rule set like this:

  • Release tags are never removed (v[0-9]+\.[0-9]+\.[0-9]+)
  • Hold tags are never removed (hold-.+)
  • All other tags are removed after 30 days.

To accomplish this, you have to run a purge command where a --filter matches all tags not matching the patterns to hold. Because golang regexes are being used, that ends up looking like this insane pattern:

([^vh]|[vh][^0-9o]|[vh][0-9o][^\.l]|[vh][0-9o][\.l][^0-9d]|[vh][0-9o][\.l][0-9][^\.\-]|v[0-9]\.[0-9]\.[^0-9]|v[0-9]\.[0-9]\.[0-9]\+).*

At which point you have to ask - why use this tool? Writing your own tool from scratch is probably easier.

tkent avatar Jun 09 '22 03:06 tkent