Insights Videos Blog Learning
GOOGLE CLOUD

Automating Cleanup Google Cloud Artifact Registry

Automating cleanup for Artifact Registry to avoid unexpected costs in GCP.
Prasanna Arjunan • August 30, 2024 • 6:30 PM SGT

When working with Google Cloud Artifact Registry — especially in fast-moving environments like CI/CD with Cloud Run and Cloud Functions — unused or untagged artifacts can accumulate quickly. If not cleaned up regularly, unused, untagged, or outdated artifacts can accumulate in your , resulting in rising storage costs and potential clutter.

Google Cloud provides built-in cleanup policy support that allows you to automatically delete old or untagged artifacts and retain only relevant versions. Configuring these policies ensures your repositories remain efficient, cost-effective, and compliant with your organization's governance practices.

In this post, I'll walk through:

  • How to define cleanup policies using a JSON file
  • How to apply those policies to Artifact Registry repositories
  • How to verify that the cleanup rules are in place
  • Optional rules for deleting pre-release tags and retaining production versions

If you're managing a growing number of builds in GCP, setting up cleanup is one of the simplest ways to avoid unexpected charges and stay organized.

Step 1: Create the Cleanup Policy File

Start by creating a file named cleanup-policy.json. This file defines the cleanup rules for your artifact repositories.

Here's a sample policy that does two things:

  1. Deletes untagged images older than 30 days
  2. Keeps only the latest 3 versions of tagged images 
[
  {
    "name": "delete-untagged-older-than-30-days",
    "action": {
      "type": "DELETE"
    },
    "condition": {
      "tagState": "UNTAGGED",
      "olderThan": "2592000s" // 30 days in seconds
    }
  },
  {
    "name": "keep-latest-3-versions",
    "action": {
      "type": "KEEP"
    },
    "mostRecentVersions": {
      "keepCount": 3
    }
  }
]

📝 Tip: If you re-apply a cleanup policy to a repository, it replaces any existing rules.

The DELETE and KEEP actions are evaluated in order. That means you can combine multiple rules to fine-tune your cleanup logic — for example, delete anything untagged but preserve the last few tagged builds.

Step 2: Apply the Cleanup Policy

Use the gcloud CLI to apply your cleanup policy to each repository. The --no-dry-run flag means the policy will be enforced immediately — if you're testing, remove this flag to preview the changes first. 

# Apply to Artifact Registry: cloud-run-source-deploy
gcloud artifacts repositories set-cleanup-policies cloud-run-source-deploy \
  --project=singapore-dialogflow \
  --location=us-central1 \
  --policy=cleanup-policy.json \
  --no-dry-run

# Apply to Artifact Registry: gcf-artifacts
gcloud artifacts repositories set-cleanup-policies gcf-artifacts \
  --project=singapore-dialogflow \
  --location=us-central1 \
  --policy=cleanup-policy.json \
  --no-dry-run

# Apply to Container Registry (GCR - legacy)
gcloud artifacts repositories set-cleanup-policies gcr.io \
  --project=singapore-dialogflow \
  --location=us \
  --policy=cleanup-policy.json \
  --no-dry-run

📝 Note: These commands must be run separately for each repository. If your project spans multiple regions or environments, you'll need to apply the policy to each relevant repository.

Step 3: Verify Applied Policies

To confirm the cleanup policies were applied correctly, run:

gcloud artifacts repositories list-cleanup-policies REPOSITORY_NAME \
  --project=PROJECT_ID \
  --location=LOCATION

Replace REPOSITORY_NAME and LOCATION with your actual values. This will return a list of all active cleanup policies for the given repository.

Other Useful Cleanup Patterns

For projects with multiple environments (e.g., dev, qa, prod), you can define more granular cleanup rules using tag prefixes and package name filters.

Here's an example policy set:

[
  {
    "name": "delete-prerelease",
    "action": {"type": "DELETE"},
    "condition": {
      "tagState": "any",
      "tagPrefixes": ["dev", "qa"],
      "olderThan": "30d"
    }
  },
  {
    "name": "keep-prod-release",
    "action": {"type": "KEEP"},
    "condition": {
      "tagState": "any",
      "tagPrefixes": ["prod"],
      "packageNamePrefixes": ["web", "mobile"]
    }
  },
  {
    "name": "keep-minimum-versions",
    "action": {"type": "KEEP"},
    "mostRecentVersions": {
      "packageNamePrefixes": ["webapp", "mobile", "sandbox"],
      "keepCount": 5
    }
  }
]

These rules:

  • Delete any dev or qa tagged images older than 30 days
  • Retain all prod releases for specified package prefixes
  • Keep the latest 5 versions of select artifacts regardless of tag

To Update or Delete Policies

To update a cleanup policy, edit your cleanup-policy.json and re-run the set-cleanup-policies command. To delete a specific policy: 

gcloud artifacts repositories delete-cleanup-policies REPOSITORY \
  --policynames=POLICY_NAME \
  --project=PROJECT_ID \
  --location=LOCATION

Benefits of Automating Artifact Cleanup

  • Prevents bloated storage and unexpected billing charges.
  • Keeps repositories clean and easier to manage.
  • Supports compliance with internal governance standards.
  • Improves CI/CD speed and reduces clutter in long-running projects.

References

Tip: Use Cloud Billing dashboards or set budget alerts to monitor Artifact Registry usage and prevent surprise costs.

Thanks for reading. If you're managing multiple environments or repositories, automating cleanup isn't optional — your wallet will thank you.