microsoft/hve-core
Publicmirrored fromhttps://github.com/microsoft/hve-coreAvailable
.github/artifact-retention.yml
154lines · modecode
| 1 | # Artifact Retention Policies Configuration |
| 2 | # |
| 3 | # This file defines retention policies for different types of artifacts generated |
| 4 | # during CI/CD processes to optimize storage costs while maintaining compliance |
| 5 | # and debugging capabilities. |
| 6 | |
| 7 | # Default retention for most build artifacts |
| 8 | default_retention_days: 30 |
| 9 | |
| 10 | # Artifact type specific retention policies |
| 11 | artifact_types: |
| 12 | # Build outputs and container images |
| 13 | build_artifacts: |
| 14 | retention_days: 14 |
| 15 | description: "Consolidated build outputs, SLSA bundles, and build logs" |
| 16 | compression_level: 6 |
| 17 | |
| 18 | # Security scan results and reports |
| 19 | security_reports: |
| 20 | retention_days: 90 # Longer retention for compliance |
| 21 | description: "Security scan results, SARIF reports, and gate enforcement results" |
| 22 | compression_level: 9 # Maximum compression for storage efficiency |
| 23 | |
| 24 | # Temporary/intermediate artifacts |
| 25 | intermediate: |
| 26 | retention_days: 7 |
| 27 | description: "Temporary build outputs, caches, and intermediate files" |
| 28 | compression_level: 6 |
| 29 | |
| 30 | # Test results and coverage reports |
| 31 | test_results: |
| 32 | retention_days: 30 |
| 33 | description: "Unit test results, integration test outputs, and coverage reports" |
| 34 | compression_level: 6 |
| 35 | |
| 36 | # Documentation and static analysis |
| 37 | documentation: |
| 38 | retention_days: 60 |
| 39 | description: "Generated documentation, linting reports, and static analysis results" |
| 40 | compression_level: 6 |
| 41 | |
| 42 | # Compliance and audit artifacts |
| 43 | compliance: |
| 44 | retention_days: 365 # One year for audit requirements |
| 45 | description: "Compliance reports, audit logs, and regulatory artifacts" |
| 46 | compression_level: 9 |
| 47 | |
| 48 | # Repository-specific overrides |
| 49 | # These can be customized per repository based on specific requirements |
| 50 | overrides: |
| 51 | hve-core: |
| 52 | # Security reports need longer retention for this project |
| 53 | security_reports: |
| 54 | retention_days: 120 |
| 55 | reason: "Enhanced security monitoring requirements" |
| 56 | |
| 57 | # Build artifacts can be shorter due to frequent releases |
| 58 | build_artifacts: |
| 59 | retention_days: 10 |
| 60 | reason: "Frequent release cycle with automated deployments" |
| 61 | |
| 62 | # Azure DevOps specific settings |
| 63 | # Note: Azure DevOps retention is typically managed at organization level |
| 64 | # These are guidelines for pipeline configuration |
| 65 | azure_devops: |
| 66 | # Default artifact retention (if not specified, uses organization default) |
| 67 | default_retention_days: 30 |
| 68 | |
| 69 | # Artifact cleanup strategies |
| 70 | cleanup_strategies: |
| 71 | - name: "Delete successful build artifacts after releases" |
| 72 | enabled: true |
| 73 | conditions: |
| 74 | - release_deployed: true |
| 75 | - build_status: succeeded |
| 76 | - age_days: 7 |
| 77 | |
| 78 | - name: "Keep failed build artifacts longer for debugging" |
| 79 | enabled: true |
| 80 | conditions: |
| 81 | - build_status: failed |
| 82 | - retention_days: 60 |
| 83 | |
| 84 | # GitHub Actions specific settings |
| 85 | github_actions: |
| 86 | # Default retention for upload-artifact action |
| 87 | default_retention_days: 30 |
| 88 | |
| 89 | # Compression settings for different artifact types |
| 90 | compression: |
| 91 | security_reports: 9 # Maximum compression |
| 92 | build_outputs: 6 # Balanced compression/speed |
| 93 | test_results: 6 # Balanced compression/speed |
| 94 | logs: 3 # Minimal compression for quick access |
| 95 | |
| 96 | # Storage optimization recommendations |
| 97 | optimization: |
| 98 | compression: |
| 99 | enabled: true |
| 100 | default_level: 6 |
| 101 | max_level: 9 |
| 102 | |
| 103 | cleanup: |
| 104 | # Automatic cleanup of expired artifacts |
| 105 | auto_cleanup: true |
| 106 | |
| 107 | # Notification before cleanup |
| 108 | notify_before_cleanup_days: 7 |
| 109 | |
| 110 | monitoring: |
| 111 | # Track storage usage |
| 112 | track_storage_usage: true |
| 113 | |
| 114 | # Alert thresholds |
| 115 | storage_alert_threshold_gb: 1000 |
| 116 | artifact_count_threshold: 10000 |
| 117 | |
| 118 | # Compliance and audit requirements |
| 119 | compliance: |
| 120 | # Minimum retention for audit purposes |
| 121 | minimum_audit_retention_days: 90 |
| 122 | |
| 123 | # Required artifact types for compliance |
| 124 | required_artifacts: |
| 125 | - security_scan_results |
| 126 | - dependency_audit_reports |
| 127 | - build_provenance_data |
| 128 | - test_execution_logs |
| 129 | |
| 130 | # Data protection and privacy |
| 131 | data_protection: |
| 132 | # Encrypt sensitive artifacts |
| 133 | encrypt_sensitive_data: true |
| 134 | |
| 135 | # Anonymize logs where possible |
| 136 | anonymize_logs: true |
| 137 | |
| 138 | # Geographic data residency requirements |
| 139 | data_residency: "us-east" |
| 140 | |
| 141 | # Cost optimization metrics |
| 142 | cost_optimization: |
| 143 | # Target storage cost per month (USD) |
| 144 | target_monthly_cost: 50 |
| 145 | |
| 146 | # Storage efficiency targets |
| 147 | compression_ratio_target: 0.3 # 70% size reduction |
| 148 | |
| 149 | # Cleanup efficiency |
| 150 | cleanup_frequency_days: 7 |
| 151 | |
| 152 | # Monitoring and reporting |
| 153 | generate_cost_reports: true |
| 154 | report_frequency: "weekly" |
| 155 | |