Skip to content

Maven snapshots accumulate indefinitely in package registry with no way to clean up, despite setting to not keep duplicates

Summary

We use the Maven package registry feature, with duplicate versions limited to 1 in our self hosted GitLab instance. We expect this to limit our versions to either 1 or 0 copies. Instead we have thousands of duplicate copies of snapshot artifacts. There appears to be no mechanism to delete them, not even manually, short of selecting them one by one to delete them.

Steps to reproduce

  1. Activate Maven package repository
  2. Configure to keep at most 1 duplicate version
  3. Deploy a snapshot version twice
  4. You now have two versions of, say, 1.0-SNAPSHOT

Example Project

Tellingly, few projects on GitLab.com use Maven snapshots, but I managed to find one:

https://gitlab.com/tinyMediaManager/tinyMediaManager/-/packages/9169810

What is the current bug behavior?

Snapshot versions are just outright never cleaned up, likely due to the internal mechanism that despite sharing the version, such as 1.0-SNAPSHOT, internally they are tagged with the date, confusing the duplicate detection code.

What is the expected correct behavior?

One of:

  1. Snapshots should be cleaned up according to the specified settings for the registry
  2. Snapshots should be cleaned up according to a new setting specifically for snapshots
  3. Some mechanism should exist to at least manually clean them up