本页面介绍如何创建 Artifact Registry 标准代码库。
标准代码库是您的私有工件的代码库。您可以将工件上传到这些仓库以及直接从这些仓库下载工件。
以下仓库模式也适用于某些工件格式:
- 远程代码库存储来自外部来源(如 Docker Hub、Maven Central 或 PyPI)的工件。
- 虚拟代码库可作为下载、安装和部署上游标准代码库或远程代码库中的工件的单一访问点。
每个代码库都可以包含一种受支持的格式的工件。
准备工作
- 启用 Artifact Registry,包括启用 Artifact Registry API 和安装 Google Cloud CLI。
- (可选)为 gcloud 命令配置默认值。
- 如果您要求使用客户管理的加密密钥 (CMEK) 来加密代码库内容,请在 Cloud KMS 中为代码库创建并启用密钥。
所需的角色
如需获取创建代码库所需的权限,请让管理员授予您 Google Cloud 项目的 Artifact Registry Repository Administrator (roles/artifactregistry.repoAdmin) IAM 角色。如需详细了解如何授予角色,请参阅管理访问权限。
创建标准代码库
创建代码库时,您必须配置以下设置,这些设置在代码库创建后无法更改:
- 工件格式。
- 仓库模式(如果所选格式有多个模式可用)。
- 代码库位置。
- 使用 Google 拥有的密钥和 Google 管理的密钥或客户管理的加密密钥进行加密。Artifact Registry 默认使用 Google 拥有的和由 Google 管理的加密密钥。
Artifact Registry 强制执行组织政策限制条件,要求 CMEK 对资源进行加密或限制可用于 CMEK 保护的 Cloud KMS 密钥。
使用 Google Cloud 控制台创建代码库
打开 Google Cloud 控制台中的制品库页面。
点击创建代码库。
指定代码库名称。对于项目中的每个代码库位置,代码库名称必须是唯一的。
选择代码库格式。
如果有多种仓库模式可用,请选择标准。
仅限 Maven:配置版本政策。
选择版本政策:
- 无 - 无版本政策。存储发布软件包和快照软件包。
- 发布 - 仅存储发布包。
- 快照 - 仅存储快照软件包。
如果您希望快照代码库接受覆盖代码库中现有版本的非唯一快照,请选择允许快照覆盖。
在位置类型下,选择代码库的位置:
选择位置类型:“单区域”或“多区域”。位置列表会发生变化,以反映您的选择。
在区域或多区域列表中,选择一个位置。
如需了解位置类型和支持的位置,请参阅代码库位置
为代码库添加说明。说明有助于确定代码库的用途及其包含的工件类型。
请勿包含敏感数据,因为代码库说明未加密。
如果您要使用标签来整理代码库,请点击添加标签,然后输入标签的键值对。创建代码库后,您可以添加、修改或移除标签。
在加密部分中,选择代码库的加密机制。
- Google 管理的密钥 - 使用 Google 拥有和 Google 管理的密钥加密代码库内容。
客户管理的密钥 - 使用您通过 Cloud Key Management Service 控制的密钥来加密代码库内容。如需查看密钥设置说明,请参阅为代码库设置 CMEK。
对于 Docker 代码库,不可变的映像标记设置会将您的代码库配置为使用始终指向同一映像摘要的映像标记。创建代码库后,拥有 Artifact Registry 管理员角色的用户可以更改此设置。
- 默认情况下,此设置处于停用状态。映像标记是可变的,这意味着该标记指向的映像摘要可能会发生变化。
- 启用此设置后,映像代码不可更改。标记必须始终指向同一映像摘要。如需详细了解可变和不可变的映像标记,请参阅容器映像版本。
如果要使用清理政策删除未使用的工件,请在清理政策部分中执行以下操作:
- 选择试运行以测试您的政策,然后再应用它。
- 点击添加政策,向代码库添加保留政策或删除政策。
- 在名称字段中为清理政策指定一个描述性名称。
在政策类型部分中,选择以下选项之一:
- 条件删除:根据您定义的条件删除工件。
- 条件保留:根据您定义的条件保留工件。
保留最新版本:为每个软件包保留一定数量的最新版本。
如需详细了解清理政策,请参阅配置清理政策。
点击创建。
Artifact Registry 会创建代码库并将其添加到代码库列表中。
创建代码库后,请执行以下操作:
- 授予对代码库的访问权限。
配置 Docker、软件包管理器和其他第三方客户端,以向代码库进行身份验证。
使用 Google Cloud CLI 创建代码库
运行该命令以创建新的代码库。
Apt
gcloud artifacts repositories create REPOSITORY \
--repository-format=apt \
--location=LOCATION \
--description="DESCRIPTION" \
--kms-key=KMS-KEY \
--async
请替换以下内容:
REPOSITORY:代码库的名称。对于项目中的每个代码库位置,代码库名称不得重复。LOCATION:代码库的单区域或多区域 位置。如果您设置了默认值,则可以省略此标志。如需查看受支持位置的列表,请运行以下命令:gcloud artifacts locations list
DESCRIPTION:代码库的说明。请勿包含敏感数据,因为代码库说明未加密。KMS-KEY:Cloud KMS 加密密钥的完整路径(如果您使用客户管理的加密密钥来加密代码库内容)。路径的格式为:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
请替换以下内容:
KMS-PROJECT:存储密钥的项目。KMS-LOCATION:密钥的位置。KEY-RING:密钥环的名称。KEY:密钥的名称。
--async会立即返回结果,而无需等待正在进行的操作完成。
Docker
gcloud artifacts repositories create REPOSITORY \
--repository-format=docker \
--location=LOCATION \
--description="DESCRIPTION" \
--kms-key=KMS-KEY \
--immutable-tags \
--async
请替换以下内容:
REPOSITORY:代码库的名称。对于项目中的每个代码库位置,代码库名称不得重复。LOCATION:代码库的单区域或多区域 位置。如果您设置了默认值,则可以省略此标志。如需查看受支持位置的列表,请运行以下命令:gcloud artifacts locations list
DESCRIPTION:代码库的说明。请勿包含敏感数据,因为代码库说明未加密。KMS-KEY:Cloud KMS 加密密钥的完整路径(如果您使用客户管理的加密密钥来加密代码库内容)。路径的格式为:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
请替换以下内容:
KMS-PROJECT:存储密钥的项目。KMS-LOCATION:密钥的位置。KEY-RING:密钥环的名称。KEY:密钥的名称。
--immutable-tags是一个可选标志,用于将代码库配置为使用始终指向同一映像摘要的标记。默认情况下,如果未传递
--immutable-tags标志,可将标记移至其他映像摘要。如需详细了解不可变和可变的映像标记,请参阅容器映像版本。--async会立即返回,无需等待正在进行的操作完成。
通用
gcloud artifacts repositories create REPOSITORY \
--repository-format=generic \
--location=LOCATION \
--description="DESCRIPTION" \
--kms-key=KMS-KEY \
--async
请替换以下内容:
REPOSITORY:代码库的名称。对于项目中的每个代码库位置,代码库名称不得重复。LOCATION:代码库的单区域或多区域 位置。如果您设置了默认值,则可以省略此标志。如需查看受支持位置的列表,请运行以下命令:gcloud artifacts locations list
DESCRIPTION:代码库的说明。请勿包含敏感数据,因为代码库说明未加密。KMS-KEY:Cloud KMS 加密密钥的完整路径(如果您使用客户管理的加密密钥来加密代码库内容)。路径的格式为:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
请替换以下内容:
KMS-PROJECT:存储密钥的项目。KMS-LOCATION:密钥的位置。KEY-RING:密钥环的名称。KEY:密钥的名称。
--async会立即返回结果,而无需等待正在进行的操作完成。
Go
gcloud artifacts repositories create REPOSITORY \
--repository-format=go \
--location=LOCATION \
--description="DESCRIPTION" \
--kms-key=KMS-KEY \
--async
请替换以下内容:
REPOSITORY:代码库的名称。对于项目中的每个代码库位置,代码库名称不得重复。LOCATION:代码库的单区域或多区域 位置。如果您设置了默认值,则可以省略此标志。如需查看受支持位置的列表,请运行以下命令:gcloud artifacts locations list
DESCRIPTION:代码库的说明。请勿包含敏感数据,因为代码库说明未加密。KMS-KEY:Cloud KMS 加密密钥的完整路径(如果您使用客户管理的加密密钥来加密代码库内容)。路径的格式为:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
请替换以下内容:
KMS-PROJECT:存储密钥的项目。KMS-LOCATION:密钥的位置。KEY-RING:密钥环的名称。KEY:密钥的名称。
--async会立即返回结果,而无需等待正在进行的操作完成。
KubeFlow 流水线
gcloud artifacts repositories create REPOSITORY \
--repository-format=kfp \
--location=LOCATION \
--description="DESCRIPTION" \
--kms-key=KMS-KEY \
--async
请替换以下内容:
REPOSITORY:代码库的名称。对于项目中的每个代码库位置,代码库名称不得重复。LOCATION:代码库的单区域或多区域 位置。如果您设置了默认值,则可以省略此标志。如需查看受支持位置的列表,请运行以下命令:gcloud artifacts locations list
DESCRIPTION:代码库的说明。请勿包含敏感数据,因为代码库说明未加密。KMS-KEY:Cloud KMS 加密密钥的完整路径(如果您使用客户管理的加密密钥来加密代码库内容)。路径的格式为:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
请替换以下内容:
KMS-PROJECT:存储密钥的项目。KMS-LOCATION:密钥的位置。KEY-RING:密钥环的名称。KEY:密钥的名称。
--async会立即返回结果,而无需等待正在进行的操作完成。
Maven
默认情况下,Maven 代码库会存储软件包的快照版本和发布版本。您可以指定版本政策以创建快照或发布代码库。
如需创建用于存储快照和版本的代码库,请运行以下命令:
gcloud artifacts repositories create REPOSITORY \
--repository-format=maven \
--location=LOCATION \
--description="DESCRIPTION" \
--kms-key=KMS-KEY \
--async
请替换以下内容:
REPOSITORY:代码库的名称。对于项目中的每个代码库位置,代码库名称不得重复。LOCATION:代码库的单区域或多区域 位置。如果您设置了默认值,则可以省略此标志。如需查看受支持位置的列表,请运行以下命令:gcloud artifacts locations list
DESCRIPTION:代码库的说明。请勿包含敏感数据,因为代码库说明未加密。KMS-KEY:Cloud KMS 加密密钥的完整路径(如果您使用客户管理的加密密钥来加密代码库内容)。路径的格式为:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
请替换以下内容:
KMS-PROJECT:存储密钥的项目。KMS-LOCATION:密钥的位置。KEY-RING:密钥环的名称。KEY:密钥的名称。
--async会立即返回结果,而无需等待正在进行的操作完成。如需将快照和发布版本存储在不同的代码库中,请在命令中指定版本政策:
gcloud artifacts repositories create REPOSITORY \ --repository-format=maven \ [--location=LOCATION] \ [--description="DESCRIPTION"] \ [--kms-key=KMS-KEY] \ [--version-policy=VERSION-POLICY] \ [--allow-snapshot-overwrites] \ [--async] \以下标志特定于 Maven 代码库:
--version-policy=VERSION-POLICY- 指定要存储在代码库中的软件包类型。您可以将 VERSION-POLICY 设置为 :
None- 无版本政策。存储发布软件包和快照软件包。 如果您未在命令中添加--version-policy标志,则这是默认设置。Release- 仅存储发布包。Snapshot- 仅存储快照软件包。
--allow-snapshot-overwrites- 仅适用于快照代码库。如果指定此标志,您可以发布非唯一快照,以覆盖代码库中的现有版本。
npm
gcloud artifacts repositories create REPOSITORY \
--repository-format=npm \
--location=LOCATION \
--description="DESCRIPTION" \
--kms-key=KMS-KEY \
--async
请替换以下内容:
REPOSITORY:代码库的名称。对于项目中的每个代码库位置,代码库名称不得重复。LOCATION:代码库的单区域或多区域 位置。如果您设置了默认值,则可以省略此标志。如需查看受支持位置的列表,请运行以下命令:gcloud artifacts locations list
DESCRIPTION:代码库的说明。请勿包含敏感数据,因为代码库说明未加密。KMS-KEY:Cloud KMS 加密密钥的完整路径(如果您使用客户管理的加密密钥来加密代码库内容)。路径的格式为:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
请替换以下内容:
KMS-PROJECT:存储密钥的项目。KMS-LOCATION:密钥的位置。KEY-RING:密钥环的名称。KEY:密钥的名称。
--async会立即返回结果,而无需等待正在进行的操作完成。
Python
gcloud artifacts repositories create REPOSITORY \
--repository-format=python \
--location=LOCATION \
--description="DESCRIPTION" \
--kms-key=KMS-KEY \
--async
请替换以下内容:
REPOSITORY:代码库的名称。对于项目中的每个代码库位置,代码库名称不得重复。LOCATION:代码库的单区域或多区域 位置。如果您设置了默认值,则可以省略此标志。如需查看受支持位置的列表,请运行以下命令:gcloud artifacts locations list
DESCRIPTION:代码库的说明。请勿包含敏感数据,因为代码库说明未加密。KMS-KEY:Cloud KMS 加密密钥的完整路径(如果您使用客户管理的加密密钥来加密代码库内容)。路径的格式为:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
请替换以下内容:
KMS-PROJECT:存储密钥的项目。KMS-LOCATION:密钥的位置。KEY-RING:密钥环的名称。KEY:密钥的名称。
--async会立即返回结果,而无需等待正在进行的操作完成。
Yum
gcloud artifacts repositories create REPOSITORY \
--repository-format=yum \
--location=LOCATION \
--description="DESCRIPTION" \
--kms-key=KMS-KEY \
--async
请替换以下内容:
REPOSITORY:代码库的名称。对于项目中的每个代码库位置,代码库名称不得重复。LOCATION:代码库的单区域或多区域 位置。如果您设置了默认值,则可以省略此标志。如需查看受支持位置的列表,请运行以下命令:gcloud artifacts locations list
DESCRIPTION:代码库的说明。请勿包含敏感数据,因为代码库说明未加密。KMS-KEY:Cloud KMS 加密密钥的完整路径(如果您使用客户管理的加密密钥来加密代码库内容)。路径的格式为:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
请替换以下内容:
KMS-PROJECT:存储密钥的项目。KMS-LOCATION:密钥的位置。KEY-RING:密钥环的名称。KEY:密钥的名称。
--async会立即返回结果,而无需等待正在进行的操作完成。
Artifact Registry 会创建您的代码库。运行以下命令以查看代码库的说明:
gcloud artifacts repositories describe REPOSITORY \
--location=LOCATION
创建代码库后,请执行以下操作:
- 授予对代码库的访问权限。
- 配置清理政策以删除未使用的工件。
配置 Docker、软件包管理器和其他第三方客户端,以向代码库进行身份验证。
使用 Terraform 创建代码库
使用 google_artifact_registry_repository 资源创建代码库。
需要 terraform-provider-google 版本 5.0.0 或更高版本。
如果您刚开始将 Terraform 用于 Google Cloud,请参阅 HashiCorp 网站上的使用入门 - Google Cloud 页面。
以下示例定义了 Terraform 资源名称为 my-repo 的提供方和代码库。
Apt
```hcl provider "google" { project = "PROJECT-ID" }resource "google_artifact_registry_repository" "my-repo" {
location = "LOCATION"
repository_id = "REPOSITORY"
description = "DESCRIPTION"
format = "apt"
kms_key_name = "KEY"
cleanup_policy_dry_run = DRY_RUN_STATUS
cleanup_policies {
id = "POLICY_NAME"
action = "DELETE"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
older_than = "TIME_SINCE_UPLOAD"
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
most_recent_versions {
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
keep_count = KEEP_COUNT
}
}
}
```
请替换以下内容:
* `PROJECT-ID` is the Google Cloud project ID.
* `LOCATION` is the repository location.
* `REPOSITORY` is the repository name.
* `DESCRIPTION` is the optional description for the repository.
Do not include sensitive data, since repository descriptions are
not encrypted.
* `KEY `is the name of the Cloud Key Management Service key, if you are using
[customer-managed encryption keys][cmek] (CMEK) for encryption. Omit
this argument to use the default setting, Google-managed encryption
keys.
* `DRY_RUN_STATUS` determines if cleanup policies delete
artifacts, or only log which artifacts would be deleted if setting
cleanup policies on the repository. Omit if you don't want to add
cleanup policies to the repository.
* `true`: sets the policies to run in dry run mode. No artifacts are
deleted in dry run mode.
* `false`: applies the cleanup policies. Artifacts are deleted or
kept depending on the policies.
For more information on cleanup policies, see
[Configure cleanup policies](/artifact-registry/docs/repositories/cleanup-policy).
* `POLICY_NAME` is the name of the cleanup policy.
* `TAG_STATE` is the tag state to apply the policy to. Values
are `tagged`, `untagged`, and `any`. `any` applies to both tagged and
untagged artifacts. If a repository has immutable tags enabled, tagged
artifacts can't be deleted.
* `TAG_PREFIX`, `TAG_PREFIX_N` are tag prefixes to
apply the policy to.
* `PKG_PREFIX`, `PKG_PREFIX_N` are package prefixes
to apply the policy to.
* `TIME_SINCE_UPLOAD` is the time since an artifact version
was uploaded to the repository, specified as a duration. You can specify
durations of seconds, minutes, hours, or days by appending `s`, `m`, `h`,
or `d` respectively.
* `KEEP_COUNT` is the number of versions of an artifact to
keep in your repository.
Docker
```hcl provider "google" { project = "PROJECT-ID" }resource "google_artifact_registry_repository" "my-repo" {
location = "LOCATION"
repository_id = "REPOSITORY"
description = "DESCRIPTION"
format = "docker"
kms_key_name = "KEY"
cleanup_policy_dry_run = DRY_RUN_STATUS
cleanup_policies {
id = "POLICY_NAME"
action = "DELETE"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
older_than = "TIME_SINCE_UPLOAD"
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
most_recent_versions {
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
keep_count = KEEP_COUNT
}
}
}
```
请替换以下内容:
* `PROJECT-ID` is the Google Cloud project ID.
* `LOCATION` is the repository location.
* `REPOSITORY` is the repository name.
* `DESCRIPTION` is the optional description for the repository.
Do not include sensitive data, since repository descriptions are
not encrypted.
* `KEY `is the name of the Cloud Key Management Service key, if you are using
[customer-managed encryption keys][cmek] (CMEK) for encryption. Omit
this argument to use the default setting, Google-managed encryption
keys.
* `DRY_RUN_STATUS` determines if cleanup policies delete
artifacts, or only log which artifacts would be deleted if setting
cleanup policies on the repository. Omit if you don't want to add
cleanup policies to the repository.
* `true`: sets the policies to run in dry run mode. No artifacts are
deleted in dry run mode.
* `false`: applies the cleanup policies. Artifacts are deleted or
kept depending on the policies.
For more information on cleanup policies, see
[Configure cleanup policies](/artifact-registry/docs/repositories/cleanup-policy).
* `POLICY_NAME` is the name of the cleanup policy.
* `TAG_STATE` is the tag state to apply the policy to. Values
are `tagged`, `untagged`, and `any`. `any` applies to both tagged and
untagged artifacts. If a repository has immutable tags enabled, tagged
artifacts can't be deleted.
* `TAG_PREFIX`, `TAG_PREFIX_N` are tag prefixes to
apply the policy to.
* `PKG_PREFIX`, `PKG_PREFIX_N` are package prefixes
to apply the policy to.
* `TIME_SINCE_UPLOAD` is the time since an artifact version
was uploaded to the repository, specified as a duration. You can specify
durations of seconds, minutes, hours, or days by appending `s`, `m`, `h`,
or `d` respectively.
* `KEEP_COUNT` is the number of versions of an artifact to
keep in your repository.
通用
```hcl
provider "google" {
project = "PROJECT-ID"
}
resource "google_artifact_registry_repository" "my-repo" {
location = "LOCATION"
repository_id = "REPOSITORY"
description = "DESCRIPTION"
format = "generic"
kms_key_name = "KEY"
cleanup_policy_dry_run = DRY_RUN_STATUS
cleanup_policies {
id = "POLICY_NAME"
action = "DELETE"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
older_than = "TIME_SINCE_UPLOAD"
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
most_recent_versions {
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
keep_count = KEEP_COUNT
}
}
}
```
请替换以下内容:
* `PROJECT-ID` is the Google Cloud project ID.
* `LOCATION` is the repository location.
* `REPOSITORY` is the repository name.
* `DESCRIPTION` is the optional description for the repository.
Do not include sensitive data, since repository descriptions are
not encrypted.
* `KEY `is the name of the Cloud Key Management Service key, if you are using
[customer-managed encryption keys][cmek] (CMEK) for encryption. Omit
this argument to use the default setting, Google-managed encryption
keys.
* `DRY_RUN_STATUS` determines if cleanup policies delete
artifacts, or only log which artifacts would be deleted if setting
cleanup policies on the repository. Omit if you don't want to add
cleanup policies to the repository.
* `true`: sets the policies to run in dry run mode. No artifacts are
deleted in dry run mode.
* `false`: applies the cleanup policies. Artifacts are deleted or
kept depending on the policies.
For more information on cleanup policies, see
[Configure cleanup policies](/artifact-registry/docs/repositories/cleanup-policy).
* `POLICY_NAME` is the name of the cleanup policy.
* `TAG_STATE` is the tag state to apply the policy to. Values
are `tagged`, `untagged`, and `any`. `any` applies to both tagged and
untagged artifacts. If a repository has immutable tags enabled, tagged
artifacts can't be deleted.
* `TAG_PREFIX`, `TAG_PREFIX_N` are tag prefixes to
apply the policy to.
* `PKG_PREFIX`, `PKG_PREFIX_N` are package prefixes
to apply the policy to.
* `TIME_SINCE_UPLOAD` is the time since an artifact version
was uploaded to the repository, specified as a duration. You can specify
durations of seconds, minutes, hours, or days by appending `s`, `m`, `h`,
or `d` respectively.
* `KEEP_COUNT` is the number of versions of an artifact to
keep in your repository.
Go
```hcl provider "google" { project = "PROJECT-ID" }resource "google_artifact_registry_repository" "my-repo" {
location = "LOCATION"
repository_id = "REPOSITORY"
description = "DESCRIPTION"
format = "go"
kms_key_name = "KEY"
cleanup_policy_dry_run = DRY_RUN_STATUS
cleanup_policies {
id = "POLICY_NAME"
action = "DELETE"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
older_than = "TIME_SINCE_UPLOAD"
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
most_recent_versions {
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
keep_count = KEEP_COUNT
}
}
}
```
请替换以下内容:
* `PROJECT-ID` is the Google Cloud project ID.
* `LOCATION` is the repository location.
* `REPOSITORY` is the repository name.
* `DESCRIPTION` is the optional description for the repository.
Do not include sensitive data, since repository descriptions are
not encrypted.
* `KEY `is the name of the Cloud Key Management Service key, if you are using
[customer-managed encryption keys][cmek] (CMEK) for encryption. Omit
this argument to use the default setting, Google-managed encryption
keys.
* `DRY_RUN_STATUS` determines if cleanup policies delete
artifacts, or only log which artifacts would be deleted if setting
cleanup policies on the repository. Omit if you don't want to add
cleanup policies to the repository.
* `true`: sets the policies to run in dry run mode. No artifacts are
deleted in dry run mode.
* `false`: applies the cleanup policies. Artifacts are deleted or
kept depending on the policies.
For more information on cleanup policies, see
[Configure cleanup policies](/artifact-registry/docs/repositories/cleanup-policy).
* `POLICY_NAME` is the name of the cleanup policy.
* `TAG_STATE` is the tag state to apply the policy to. Values
are `tagged`, `untagged`, and `any`. `any` applies to both tagged and
untagged artifacts. If a repository has immutable tags enabled, tagged
artifacts can't be deleted.
* `TAG_PREFIX`, `TAG_PREFIX_N` are tag prefixes to
apply the policy to.
* `PKG_PREFIX`, `PKG_PREFIX_N` are package prefixes
to apply the policy to.
* `TIME_SINCE_UPLOAD` is the time since an artifact version
was uploaded to the repository, specified as a duration. You can specify
durations of seconds, minutes, hours, or days by appending `s`, `m`, `h`,
or `d` respectively.
* `KEEP_COUNT` is the number of versions of an artifact to
keep in your repository.
KubeFlow 流水线
```hcl provider "google" { project = "PROJECT-ID" }resource "google_artifact_registry_repository" "my-repo" {
location = "LOCATION"
repository_id = "REPOSITORY"
description = "DESCRIPTION"
format = "kfp"
kms_key_name = "KEY"
cleanup_policy_dry_run = DRY_RUN_STATUS
cleanup_policies {
id = "POLICY_NAME"
action = "DELETE"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
older_than = "TIME_SINCE_UPLOAD"
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
most_recent_versions {
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
keep_count = KEEP_COUNT
}
}
}
```
请替换以下内容:
* `PROJECT-ID` is the Google Cloud project ID.
* `LOCATION` is the repository location.
* `REPOSITORY` is the repository name.
* `DESCRIPTION` is the optional description for the repository.
Do not include sensitive data, since repository descriptions are
not encrypted.
* `KEY `is the name of the Cloud Key Management Service key, if you are using
[customer-managed encryption keys][cmek] (CMEK) for encryption. Omit
this argument to use the default setting, Google-managed encryption
keys.
* `DRY_RUN_STATUS` determines if cleanup policies delete
artifacts, or only log which artifacts would be deleted if setting
cleanup policies on the repository. Omit if you don't want to add
cleanup policies to the repository.
* `true`: sets the policies to run in dry run mode. No artifacts are
deleted in dry run mode.
* `false`: applies the cleanup policies. Artifacts are deleted or
kept depending on the policies.
For more information on cleanup policies, see
[Configure cleanup policies](/artifact-registry/docs/repositories/cleanup-policy).
* `POLICY_NAME` is the name of the cleanup policy.
* `TAG_STATE` is the tag state to apply the policy to. Values
are `tagged`, `untagged`, and `any`. `any` applies to both tagged and
untagged artifacts. If a repository has immutable tags enabled, tagged
artifacts can't be deleted.
* `TAG_PREFIX`, `TAG_PREFIX_N` are tag prefixes to
apply the policy to.
* `PKG_PREFIX`, `PKG_PREFIX_N` are package prefixes
to apply the policy to.
* `TIME_SINCE_UPLOAD` is the time since an artifact version
was uploaded to the repository, specified as a duration. You can specify
durations of seconds, minutes, hours, or days by appending `s`, `m`, `h`,
or `d` respectively.
* `KEEP_COUNT` is the number of versions of an artifact to
keep in your repository.
Maven
如果您未指定版本政策,Artifact Registry 会创建一个 Maven 制品库,该仓库默认同时存储软件包的快照版本和发布版本。
```hcl
provider "google" {
project = "PROJECT-ID"
}
resource "google_artifact_registry_repository" "my-repo" {
location = "LOCATION"
repository_id = "REPOSITORY"
description = "DESCRIPTION"
format = "maven"
kms_key_name = "KEY"
cleanup_policy_dry_run = DRY_RUN_STATUS
cleanup_policies {
id = "POLICY_NAME"
action = "DELETE"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
older_than = "TIME_SINCE_UPLOAD"
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
most_recent_versions {
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
keep_count = KEEP_COUNT
}
}
}
```
请替换以下内容:
* `PROJECT-ID` is the Google Cloud project ID.
* `LOCATION` is the repository location.
* `REPOSITORY` is the repository name.
* `DESCRIPTION` is the optional description for the repository.
Do not include sensitive data, since repository descriptions are
not encrypted.
* `KEY `is the name of the Cloud Key Management Service key, if you are using
[customer-managed encryption keys][cmek] (CMEK) for encryption. Omit
this argument to use the default setting, Google-managed encryption
keys.
* `DRY_RUN_STATUS` determines if cleanup policies delete
artifacts, or only log which artifacts would be deleted if setting
cleanup policies on the repository. Omit if you don't want to add
cleanup policies to the repository.
* `true`: sets the policies to run in dry run mode. No artifacts are
deleted in dry run mode.
* `false`: applies the cleanup policies. Artifacts are deleted or
kept depending on the policies.
For more information on cleanup policies, see
[Configure cleanup policies](/artifact-registry/docs/repositories/cleanup-policy).
* `POLICY_NAME` is the name of the cleanup policy.
* `TAG_STATE` is the tag state to apply the policy to. Values
are `tagged`, `untagged`, and `any`. `any` applies to both tagged and
untagged artifacts. If a repository has immutable tags enabled, tagged
artifacts can't be deleted.
* `TAG_PREFIX`, `TAG_PREFIX_N` are tag prefixes to
apply the policy to.
* `PKG_PREFIX`, `PKG_PREFIX_N` are package prefixes
to apply the policy to.
* `TIME_SINCE_UPLOAD` is the time since an artifact version
was uploaded to the repository, specified as a duration. You can specify
durations of seconds, minutes, hours, or days by appending `s`, `m`, `h`,
or `d` respectively.
* `KEEP_COUNT` is the number of versions of an artifact to
keep in your repository.
如需将快照和发布版本存储在不同的代码库中,请使用 maven_config 块指定代码库的版本政策。此块支持以下设置:
version_policy会将版本政策设置为以下某个值:VERSION_POLICY_UNSPECIFIED:存储快照和发布软件包。这是默认设置。- 发布:仅存储发布包。
- 快照:仅存储快照软件包。
allow_snapshot_overwrites用于配置采用SNAPSHOT版本政策的代码库,以接受覆盖代码库中现有版本的非唯一快照。以下示例定义了具有发布版本政策的 Maven 制品库。
provider "google" { project = "my-project" } resource "google_artifact_registry_repository" "my-repo" { provider = google-beta location = "us-central1" repository_id = "my-repo" description = "Maven repository" format = "MAVEN" maven_config { version_policy = "RELEASE" } }
npm
```hcl provider "google" { project = "PROJECT-ID" }resource "google_artifact_registry_repository" "my-repo" {
location = "LOCATION"
repository_id = "REPOSITORY"
description = "DESCRIPTION"
format = "npm"
kms_key_name = "KEY"
cleanup_policy_dry_run = DRY_RUN_STATUS
cleanup_policies {
id = "POLICY_NAME"
action = "DELETE"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
older_than = "TIME_SINCE_UPLOAD"
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
most_recent_versions {
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
keep_count = KEEP_COUNT
}
}
}
```
请替换以下内容:
* `PROJECT-ID` is the Google Cloud project ID.
* `LOCATION` is the repository location.
* `REPOSITORY` is the repository name.
* `DESCRIPTION` is the optional description for the repository.
Do not include sensitive data, since repository descriptions are
not encrypted.
* `KEY `is the name of the Cloud Key Management Service key, if you are using
[customer-managed encryption keys][cmek] (CMEK) for encryption. Omit
this argument to use the default setting, Google-managed encryption
keys.
* `DRY_RUN_STATUS` determines if cleanup policies delete
artifacts, or only log which artifacts would be deleted if setting
cleanup policies on the repository. Omit if you don't want to add
cleanup policies to the repository.
* `true`: sets the policies to run in dry run mode. No artifacts are
deleted in dry run mode.
* `false`: applies the cleanup policies. Artifacts are deleted or
kept depending on the policies.
For more information on cleanup policies, see
[Configure cleanup policies](/artifact-registry/docs/repositories/cleanup-policy).
* `POLICY_NAME` is the name of the cleanup policy.
* `TAG_STATE` is the tag state to apply the policy to. Values
are `tagged`, `untagged`, and `any`. `any` applies to both tagged and
untagged artifacts. If a repository has immutable tags enabled, tagged
artifacts can't be deleted.
* `TAG_PREFIX`, `TAG_PREFIX_N` are tag prefixes to
apply the policy to.
* `PKG_PREFIX`, `PKG_PREFIX_N` are package prefixes
to apply the policy to.
* `TIME_SINCE_UPLOAD` is the time since an artifact version
was uploaded to the repository, specified as a duration. You can specify
durations of seconds, minutes, hours, or days by appending `s`, `m`, `h`,
or `d` respectively.
* `KEEP_COUNT` is the number of versions of an artifact to
keep in your repository.
Python
```hcl provider "google" { project = "PROJECT-ID" }resource "google_artifact_registry_repository" "my-repo" {
location = "LOCATION"
repository_id = "REPOSITORY"
description = "DESCRIPTION"
format = "python"
kms_key_name = "KEY"
cleanup_policy_dry_run = DRY_RUN_STATUS
cleanup_policies {
id = "POLICY_NAME"
action = "DELETE"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
older_than = "TIME_SINCE_UPLOAD"
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
most_recent_versions {
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
keep_count = KEEP_COUNT
}
}
}
```
请替换以下内容:
* `PROJECT-ID` is the Google Cloud project ID.
* `LOCATION` is the repository location.
* `REPOSITORY` is the repository name.
* `DESCRIPTION` is the optional description for the repository.
Do not include sensitive data, since repository descriptions are
not encrypted.
* `KEY `is the name of the Cloud Key Management Service key, if you are using
[customer-managed encryption keys][cmek] (CMEK) for encryption. Omit
this argument to use the default setting, Google-managed encryption
keys.
* `DRY_RUN_STATUS` determines if cleanup policies delete
artifacts, or only log which artifacts would be deleted if setting
cleanup policies on the repository. Omit if you don't want to add
cleanup policies to the repository.
* `true`: sets the policies to run in dry run mode. No artifacts are
deleted in dry run mode.
* `false`: applies the cleanup policies. Artifacts are deleted or
kept depending on the policies.
For more information on cleanup policies, see
[Configure cleanup policies](/artifact-registry/docs/repositories/cleanup-policy).
* `POLICY_NAME` is the name of the cleanup policy.
* `TAG_STATE` is the tag state to apply the policy to. Values
are `tagged`, `untagged`, and `any`. `any` applies to both tagged and
untagged artifacts. If a repository has immutable tags enabled, tagged
artifacts can't be deleted.
* `TAG_PREFIX`, `TAG_PREFIX_N` are tag prefixes to
apply the policy to.
* `PKG_PREFIX`, `PKG_PREFIX_N` are package prefixes
to apply the policy to.
* `TIME_SINCE_UPLOAD` is the time since an artifact version
was uploaded to the repository, specified as a duration. You can specify
durations of seconds, minutes, hours, or days by appending `s`, `m`, `h`,
or `d` respectively.
* `KEEP_COUNT` is the number of versions of an artifact to
keep in your repository.
Yum
```hcl provider "google" { project = "PROJECT-ID" }resource "google_artifact_registry_repository" "my-repo" {
location = "LOCATION"
repository_id = "REPOSITORY"
description = "DESCRIPTION"
format = "yum"
kms_key_name = "KEY"
cleanup_policy_dry_run = DRY_RUN_STATUS
cleanup_policies {
id = "POLICY_NAME"
action = "DELETE"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
older_than = "TIME_SINCE_UPLOAD"
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
condition {
tag_state = "TAG_STATE"
tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
}
}
cleanup_policies {
id = "POLICY_NAME"
action = "KEEP"
most_recent_versions {
package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
keep_count = KEEP_COUNT
}
}
}
```
请替换以下内容:
* `PROJECT-ID` is the Google Cloud project ID.
* `LOCATION` is the repository location.
* `REPOSITORY` is the repository name.
* `DESCRIPTION` is the optional description for the repository.
Do not include sensitive data, since repository descriptions are
not encrypted.
* `KEY `is the name of the Cloud Key Management Service key, if you are using
[customer-managed encryption keys][cmek] (CMEK) for encryption. Omit
this argument to use the default setting, Google-managed encryption
keys.
* `DRY_RUN_STATUS` determines if cleanup policies delete
artifacts, or only log which artifacts would be deleted if setting
cleanup policies on the repository. Omit if you don't want to add
cleanup policies to the repository.
* `true`: sets the policies to run in dry run mode. No artifacts are
deleted in dry run mode.
* `false`: applies the cleanup policies. Artifacts are deleted or
kept depending on the policies.
For more information on cleanup policies, see
[Configure cleanup policies](/artifact-registry/docs/repositories/cleanup-policy).
* `POLICY_NAME` is the name of the cleanup policy.
* `TAG_STATE` is the tag state to apply the policy to. Values
are `tagged`, `untagged`, and `any`. `any` applies to both tagged and
untagged artifacts. If a repository has immutable tags enabled, tagged
artifacts can't be deleted.
* `TAG_PREFIX`, `TAG_PREFIX_N` are tag prefixes to
apply the policy to.
* `PKG_PREFIX`, `PKG_PREFIX_N` are package prefixes
to apply the policy to.
* `TIME_SINCE_UPLOAD` is the time since an artifact version
was uploaded to the repository, specified as a duration. You can specify
durations of seconds, minutes, hours, or days by appending `s`, `m`, `h`,
or `d` respectively.
* `KEEP_COUNT` is the number of versions of an artifact to
keep in your repository.
Artifact Registry 会创建您的代码库。运行以下命令以查看代码库的说明:
gcloud artifacts repositories describe REPOSITORY \
--location=LOCATION
创建代码库后,请执行以下操作:
- 授予对代码库的访问权限。
配置 Docker、软件包管理器和其他第三方客户端,以向代码库进行身份验证。
修改代码库说明
您可以通过 Google Cloud 控制台或 gcloud CLI 更改代码库说明。
控制台
打开 Google Cloud 控制台中的制品库页面。
在代码库列表中,选择代码库,然后点击修改代码库。
修改代码库说明,然后点击保存。
gcloud
如需更新代码库说明,请运行以下命令:
gcloud artifacts repositories update REPOSITORY \
--project=PROJECT \
--location=LOCATION \
--description="DESCRIPTION"
请替换以下内容: