ARTIFACTORY: How to perform Docker Cleanup using HTTP-triggered workers

ARTIFACTORY: How to perform Docker Cleanup using HTTP-triggered workers
Products
Frog_Artifactory
Content Type
Use_Case
AuthorFullName__c
Kajaal R
articleNumber
000006403
ft:sourceType
Salesforce
FirstPublishedDate
2025-04-08T13:51:38Z
lastModifiedDate
2025-04-08
VersionNumber
2
Why do we need a separate worker for docker cleanup?

Docker is stored in layers, and each layer has its unique checksum. Just like with any other artifact, Artifactory will store the layers based on this checksum, causing layers to be shared by different deployments (Not only between different tags, but also between different images). That means that deleting a layer based on their last download date might cause issues cleaning up.

How does the HTTP-Triggered Worker implement docker cleanup ?

User-added image 
Condition                                               Trigger                                  Action

Steps to implement docker clean up:

It is necessary to add the labels to the docker images, to be scanned by cleanup workers and this can be verified in the properties

The properties that needs to be added are:
  • maxDays: Specifies the maximum number of days an image can exist in the repository. Older images will be deleted.
  • When byDownloadDate=true: Images downloaded or updated within the last maxDays will be preserved.
  • maxCount: Specifies the maximum number of image versions to retain. Excess versions will be deleted, starting with the oldest.
When byDownloadDate=true: Image age is determined first by the Last Downloaded Date and then by the Modification Date if the image has never been downloaded.

Example REST API to add properties to docker artifacts 
jf rt sp "<docker-repo>/<dockerfile>" com.jfrog.artifactory.retention.maxCount="10"
User-added image 


Once the properties are added, create a HTTP triggered worker

User-added image 

Use the github link to get the required typescript to implement docker cleanup. Add the payload in the Testing tab with the dryRun enabled and run the test. Note: setting the dry run to false, the workers will be actually triggered, meaning that the data will be removed from the specified repositories.

User-added image 


The worker can be triggered by using REST API or by utilizing the JFrog CLI by defining the payload in a json file. The payload/json contains the concerned docker repositories.
Attaching the reference commands below, to trigger the workers,
JF CLI to execute the worker:
jf worker exec <worker> @payload.json
REST API:
curl -XPOST --location 'https://servername/worker/api/v1/execute/docker' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <access token>' \
--data '{
    "repos": ["docker-trail"],
    "dryRun": true
}'

User-added image