In a development organization dependency management is key to sharing 3rd party and in-house common libraries as well as build artifacts to be deployed to the cloud and in-premise. Artifactory, by JFrog is such as solution that is provided as both a PaaS offering and in house solution for dependency management. The issue with such systems is that after a while, you start to accumulating old artifacts, such as libraries versions not used or outdated binaries that are no longer used. Having these extra artifacts will result in higher monthly cost for the Artifactory PaaS offering as well as slow down your server and make it more difficult for team members to navigate. Out of the box Artifactory will clean up snapshot libraries only. We were looking for a utility that would allow generating a report for artifacts that have not been used in a while. A good solution would be able to run the utility from a CI/CD server. Further, we wanted to let users with the right permissions and credentials to be able to run remotely. Inspired by a JFrog's cleanup plugin for in-premise servers, we decided to create this utility that fits the bill.
artifactory-cleanup allows an Artifactory user with admin permissions to get a list of all artifacts that have not been in user in more than a specified period of time. You could specify a time period such as 6 months or use a specific date. If you run the utility in a dry run, only a report will be generated. Otherwise, the files that fit the criteria will be removed from your artifactory.
The cleanup tool uses two approaches to determine what is the artifact name since Artifactory repository types vary and the parsing by layout is not exposed by the API. First we user a general SemVer 1 parsing regular expression:
/^(?<artifactName>[^\.]+)-(?<artifactVersion>.*?)(?<isSource>-sources)?\.(?<artifactExtension>[a-z\.-]+)?\b$/
If not properly parsed we try to parse it as a nuget package versioning:
/^(?<artifactName>.*?)\.(?<artifactVersion>(\d+\.)+?([\d\w-]+))\.(?<artifactExtension>nupkg)$/
That way we extract:
- Artifact name
- Artifact version
- Extension
- Sources flag
You will need to have NPM installed on your machine.
$ npm install -g artifactory-cleanupartifactory-cleanup [options]
Options:
--help Show help [boolean]
--version Show version number [boolean]
-a, --artifactoryApiUrl Artifactory server API URL [required]
-u, --user Artifactory user with permission to API [required]
-q, --quiet Quiet down output [boolean]
-t, --token Artifactory user generated token [required]
-f, --filter Repository filter [default: "*-local"]
-p, --path Path prefix filter
-l, --logging logging level [choices: "error", "warn", "info", "verbose", "debug", "silly"]
-d, --date Threshold date (ISO-8610 format)
-k, --keep Threshold to keep only nth newest artifact parent folders [number]
-o, --duration Duration of time for threshold. To be combined with `unit` parameter
-n, --unit Unit of time for threshold. To be combined with `duration` parameter
[choices: "years", "y", "quarters", "Q", "months", "M", "weeks", "w", "days", "d", "hours", "h", "minutes", "m", "seconds", "s", "milliseconds", "ms"]
-r, --dryrun Dry run of the utility. Not files will be deleted
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
We use SemVer for versioning. For the versions available, see the tags on this repository.
- Gabriel Kohen - Initial work - JDA Software
See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE.md file for details