Keep your container registry clean without manual work. A scheduled job scans images, removes old tags you do not need, runs garbage collection, and emails a summary. Teams that run private registries can cut storage costs and avoid disk full issues.

Each night the schedule starts at 1 AM. The flow lists all repositories from the registry catalog, then loads tags for every image. It splits and filters tags, sorts by creation time, and groups tags by image. It fetches manifest digests and deletes only the tags that do not match your rules, like keeping latest and the most recent builds. After deletions, it connects over SSH to run the garbage collection command on the host. Email notices confirm removals, and a separate email reports any failure. It supports Docker and OCI image formats using proper Accept headers.

Setup needs a registry URL, a user with delete rights, SMTP details for email, and SSH access to the registry server. You can change the retention logic in the Identify Tags to Remove code so it keeps the tags you want. Plan a short test window and review the email summary to confirm which tags were removed. Expect faster cleanups, lower storage use, and fewer urgent fixes when servers run low on space.

• Nightly schedule at 1 AM starts the cleanup automatically.
• Catalog scan via the registry API lists all repositories.
• Retrieves tags for each image and filters only valid tags before actions.
• Sorts by creation date and groups tags by image to decide what to keep.
• Fetches manifest digests and deletes by digest using HTTP requests.
• Runs garbage collection over SSH on the registry server after deletes.
• Sends email summaries for successful removals and separate failure alerts.
• Retention logic in code keeps latest and a recent set of tags you choose.
• Accept headers support Docker and OCI manifests for broad compatibility.
• Error path helps identify problems early through notification emails.

• Reduce manual cleanup from 3 hours to 10 minutes each week
• Cut registry storage use by 20 to 50 percent by pruning stale tags
• Prevent disk full outages by clearing old images before they pile up
• Lower human errors with rules that protect latest and recent tags
• Handle hundreds of images nightly with no extra effort
• Connect registry, email, and server tasks in one run

1. Import the template into n8n: Create a new workflow in n8n > Click the three dots menu > Select 'Import from File' > Choose the downloaded JSON file.
2. You'll need accounts with Docker Registry, SMTP and SSH. See the Tools Required section above for links to create accounts with these services.
3. Open each HTTP Request node and replace the placeholder base URL with your registry address. Use the format https://your-registry-url/v2/ and keep the path parts already provided.
4. In the n8n credentials manager, create HTTP Basic Auth credentials for your Docker Registry. Then attach this credential to all HTTP Request nodes that call the registry. If unsure, double click the node, choose Credential to connect with, click Create new credential, and follow the on screen instructions.
5. Test the List Images node by executing it alone. Confirm it returns a list of repositories. If you see 401 or 403, check the username and password and confirm the user has read access.
6. Configure the Email Send nodes. Create SMTP credentials in n8n with your mail server, port, username, password, and TLS settings. Set fromEmail and toEmail fields and send a quick test to confirm delivery.
7. Set up the SSH credential for the Execute Garbage Collection node. Provide host, port, username, and either a private key or password. Test with a simple echo command before using the full garbage collection command.
8. Review the Identify Tags to Remove code node. Adjust the rules for how many recent tags to keep and ensure latest is always protected. Save your changes.
9. Check the Filter Valid Tags and Sort by Creation Date nodes. Make sure the fields used for tag names and timestamps match the data from your registry endpoints.
10. Set the time in the Scheduled Trigger node if you want a different hour. Keep the job in a low traffic window.
11. Run the workflow once during a test window. Watch the execution, confirm delete calls succeed, see the summary email, and verify old tags are gone by calling the tags list endpoint again.
12. If delete calls fail with 405, enable deletes in your registry configuration and confirm deletion by digest is supported. If SSH fails, check firewall rules and user permissions. If emails do not send, recheck SMTP credentials and ports.
13. Enable the workflow. Monitor the first few nightly runs and review the failure alert email to catch any issues early.