kkbruce · January 14, 2025 02:19 · kkbruce · Jan 8, 2025 · kkbruce · Jan 8, 2025
diff --git a/Invoke-ACRRepositoryDeleteImages.ps1 b/Invoke-ACRRepositoryDeleteImages.ps1
 # ###############################################
 # First we need to login to Azure
 # 1. az login --device-code
 # or 
 # 2. az login --service-principal -u $ServicePrincipalId -p $ServicePrincipalSecret --tenant $TenantId
 # 3. az account set --subscription $SubscriptionId
 # Then we can run the script
 # ###############################################
 # az acr command reference: # https://learn.microsoft.com/zh-tw/cli/azure/acr?view=azure-cli-latest
 # ###############################################

 function Get-repositoryInfo {
    param (
        [string]$registryName,
        [string]$repository
    )

    $reposTags = az acr manifest list-metadata --name $repository --registry $registryName --orderby time_desc -o tsv --query "[*].tags"
    $reposDigests = az acr manifest list-metadata --name $repository --registry $registryName --orderby time_desc -o tsv --query "[*].digest"

    return @{
        tags      = $reposTags
        digests   = $reposDigests
        infoCount = $reposDigests.Count
    }
 }

 function Remove-OldRepositoryImages {
    param (
        [string]$registryName,
        [string]$repository,
        [object]$reposInfo,
        [string]$deleteMethod = "byDigest"
    )

    ### Deleting a tag does not necessarily delete the digest, but deleting the digest will also delete the tag. ###
    if ($deleteMethod -eq "byDigest") {
        Write-Output "Deleting repository $repository by digests"

        ### Keep the latest 2 digests ###
        $tetainDigests = $reposInfo.digests | Select-Object -First 2
        $digestList = $reposInfo.digests | Select-String -Pattern $tetainDigests -NotMatch
       
        Write-Output "deleting digest count: $($digestList.Count)"
        foreach ($digest in $digestList) {
            ### 'name@digest' is the format of the --image parameter ###
            Write-Output "az acr repository delete --name $registryName --image $($repository + '@' + $digest) --yes"
            az acr repository delete --name $registryName --image $($repository + '@' + $digest) --yes
        }
    }

    if ($deleteMethod -eq "byTag") {
        Write-Output "Deleting repository $repository by tags"

        ### Keep the latest 2 tags ###
        $tetainTags = $reposInfo.tags | Select-Object -First 2
        $tagList = $reposInfo.tags | Select-String -Pattern $tetainTags -NotMatch
        
        Write-Output "deleting tag count: $($tagList.Count)"
        foreach ($Tag in $tagList) {
            ### 'name:tag' is the format of the --image parameter ###
            Write-Output "az acr repository delete --name $registryName --image $($repository + ':' + $tag) --yes"
            az acr repository delete --name $registryName --image $($repository + ':' + $tag) --yes
        }
    }
 }

 function Invoke-ACRDeleteProcess {
    param (
        [string]$registryName
    )
        
    ### In my situation, "dev" and "doc" are limited to the ":latest" tag, no deletion operation is required. ###
    $repositories = az acr repository list -n $registryName -o tsv `
                    | Where-Object { $_ -like "*qas*" -or $_ -like "*release*" } `
                    | Where-Object { $_ -notlike "*doc*" }

    $repositories | ForEach-Object {
        $repository = $_
        Write-Output "Processing repository $repository"
        
        $reposInfo = Get-repositoryInfo -registryName $registryName -repository $repository
        Write-Output "Repository information count: $($reposInfo.infoCount)"
        if ($reposInfo.infoCount -gt 2) {
            # Remove-OldRepositoryImages -registryName $registryName -repository $repository -reposInfo $reposInfo -deleteMethod "byTag"
            Remove-OldRepositoryImages -registryName $registryName -repository $repository -reposInfo $reposInfo -deleteMethod "byDigest"
        }
        else {
            Write-Output "No images to delete for $repository"
        }   
    }
 }

 # Main
 $registryName = "YourRegistryName"
 Invoke-ACRDeleteProcess -registryName $registryName
	# ###############################################
	# First we need to login to Azure
	# 1. az login --device-code
	# or
	# 2. az login --service-principal -u $ServicePrincipalId -p $ServicePrincipalSecret --tenant $TenantId
	# 3. az account set --subscription $SubscriptionId
	# Then we can run the script
	# ###############################################
	# az acr command reference: # https://learn.microsoft.com/zh-tw/cli/azure/acr?view=azure-cli-latest
	# ###############################################

	function Get-repositoryInfo {
	param (
	[string]$registryName,
	[string]$repository
	)

	$reposTags = az acr manifest list-metadata --name $repository --registry $registryName --orderby time_desc -o tsv --query "[*].tags"
	$reposDigests = az acr manifest list-metadata --name $repository --registry $registryName --orderby time_desc -o tsv --query "[*].digest"

	return @{
	tags = $reposTags
	digests = $reposDigests
	infoCount = $reposDigests.Count
	}
	}

	function Remove-OldRepositoryImages {
	param (
	[string]$registryName,
	[string]$repository,
	[object]$reposInfo,
	[string]$deleteMethod = "byDigest"
	)

	### Deleting a tag does not necessarily delete the digest, but deleting the digest will also delete the tag. ###
	if ($deleteMethod -eq "byDigest") {
	Write-Output "Deleting repository $repository by digests"

	### Keep the latest 2 digests ###
	$tetainDigests = $reposInfo.digests \| Select-Object -First 2
	$digestList = $reposInfo.digests \| Select-String -Pattern $tetainDigests -NotMatch

	Write-Output "deleting digest count: $($digestList.Count)"
	foreach ($digest in $digestList) {
	### 'name@digest' is the format of the --image parameter ###
	Write-Output "az acr repository delete --name $registryName --image $($repository + '@' + $digest) --yes"
	az acr repository delete --name $registryName --image $($repository + '@' + $digest) --yes
	}
	}

	if ($deleteMethod -eq "byTag") {
	Write-Output "Deleting repository $repository by tags"

	### Keep the latest 2 tags ###
	$tetainTags = $reposInfo.tags \| Select-Object -First 2
	$tagList = $reposInfo.tags \| Select-String -Pattern $tetainTags -NotMatch

	Write-Output "deleting tag count: $($tagList.Count)"
	foreach ($Tag in $tagList) {
	### 'name:tag' is the format of the --image parameter ###
	Write-Output "az acr repository delete --name $registryName --image $($repository + ':' + $tag) --yes"
	az acr repository delete --name $registryName --image $($repository + ':' + $tag) --yes
	}
	}
	}

	function Invoke-ACRDeleteProcess {
	param (
	[string]$registryName
	)

	### In my situation, "dev" and "doc" are limited to the ":latest" tag, no deletion operation is required. ###
	$repositories = az acr repository list -n $registryName -o tsv `
	\| Where-Object { $_ -like "qas" -or $_ -like "release" } `
	\| Where-Object { $_ -notlike "doc" }

	$repositories \| ForEach-Object {
	$repository = $_
	Write-Output "Processing repository $repository"

	$reposInfo = Get-repositoryInfo -registryName $registryName -repository $repository
	Write-Output "Repository information count: $($reposInfo.infoCount)"
	if ($reposInfo.infoCount -gt 2) {
	# Remove-OldRepositoryImages -registryName $registryName -repository $repository -reposInfo $reposInfo -deleteMethod "byTag"
	Remove-OldRepositoryImages -registryName $registryName -repository $repository -reposInfo $reposInfo -deleteMethod "byDigest"
	}
	else {
	Write-Output "No images to delete for $repository"
	}
	}
	}

	# Main
	$registryName = "YourRegistryName"
	Invoke-ACRDeleteProcess -registryName $registryName