From e2f9662433ce59987cfeca6d8754d9c1c22989c4 Mon Sep 17 00:00:00 2001
From: Jon Buckley <jbuckley@mozilla.com>
Date: Thu, 20 Nov 2025 11:36:02 -0500
Subject: [PATCH 1/2] feat(google_gar): Add cleanup_policies support

---
 google_gar/main.tf      | 34 +++++++++++++++++++++++++++++++---
 google_gar/variables.tf | 19 +++++++++++++++++++
 2 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/google_gar/main.tf b/google_gar/main.tf
index 861d9883..836635d3 100644
--- a/google_gar/main.tf
+++ b/google_gar/main.tf
@@ -11,7 +11,6 @@ resource "google_project_service" "gar" {
 }
 
 resource "google_artifact_registry_repository" "repository" {
-  provider      = google-beta
   depends_on    = [google_project_service.gar]
   repository_id = local.repository_id
   format        = var.format
@@ -19,6 +18,37 @@ resource "google_artifact_registry_repository" "repository" {
   description   = var.description
   project       = var.project
 
+  dynamic "cleanup_policies" {
+    for_each = var.cleanup_policies
+
+    content {
+      id     = cleanup_policies.value.id
+      action = cleanup_policies.value.action
+
+      dynamic "condition" {
+        for_each = cleanup_policies.value.condition
+
+        content {
+          tag_state             = condition.value.tag_state
+          tag_prefixes          = condition.value.tag_prefixes
+          version_name_prefixes = condition.value.version_name_prefixes
+          package_name_prefixes = condition.value.package_name_prefixes
+          older_than            = condition.value.older_than
+          newer_than            = condition.value.newer_than
+        }
+      }
+
+      dynamic "most_recent_versions" {
+        for_each = cleanup_policies.value.most_recent_versions
+
+        content {
+          package_name_prefixes = most_recent_versions.value.package_name_prefixes
+          keep_count            = most_recent_versions.value.keep_count
+        }
+      }
+    }
+  }
+
   labels = {
     app_code = var.application
     realm    = var.realm
@@ -26,7 +56,6 @@ resource "google_artifact_registry_repository" "repository" {
 }
 
 resource "google_artifact_registry_repository_iam_member" "reader" {
-  provider   = google-beta
   for_each   = toset(var.repository_readers)
   project    = var.project
   location   = var.location
@@ -42,7 +71,6 @@ resource "google_service_account" "writer_service_account" {
 }
 
 resource "google_artifact_registry_repository_iam_member" "writer" {
-  provider   = google-beta
   project    = var.project
   location   = var.location
   repository = google_artifact_registry_repository.repository.name
diff --git a/google_gar/variables.tf b/google_gar/variables.tf
index a73763ea..c48ff965 100644
--- a/google_gar/variables.tf
+++ b/google_gar/variables.tf
@@ -44,3 +44,22 @@ variable "writer_service_account_id" {
   type    = string
   default = "artifact-writer"
 }
+
+variable "cleanup_policies" {
+  type = map(object({
+    id     = string
+    action = string
+    condition = optional(object({
+      tag_state             = string
+      tag_prefixes          = string
+      version_name_prefixes = any
+      package_name_prefixes = any
+      older_than            = any
+      newer_than            = any
+    }))
+    most_recent_versions = optional(object({
+      package_name_prefixes = any
+      keep_count            = any
+    }))
+  }))
+}

From 741d0f63f4efba7a9940fabe84b46b31e0dd5621 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 20 Nov 2025 16:44:08 +0000
Subject: [PATCH 2/2] chore(docs): google_gar/README.md

---
 google_gar/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/google_gar/README.md b/google_gar/README.md
index 001d303d..8b37d559 100644
--- a/google_gar/README.md
+++ b/google_gar/README.md
@@ -20,6 +20,7 @@ module "gar" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_application"></a> [application](#input\_application) | Application, e.g. bouncer. | `string` | n/a | yes |
+| <a name="input_cleanup_policies"></a> [cleanup\_policies](#input\_cleanup\_policies) | n/a | <pre>map(object({<br/>    id     = string<br/>    action = string<br/>    condition = optional(object({<br/>      tag_state             = string<br/>      tag_prefixes          = string<br/>      version_name_prefixes = any<br/>      package_name_prefixes = any<br/>      older_than            = any<br/>      newer_than            = any<br/>    }))<br/>    most_recent_versions = optional(object({<br/>      package_name_prefixes = any<br/>      keep_count            = any<br/>    }))<br/>  }))</pre> | n/a | yes |
 | <a name="input_description"></a> [description](#input\_description) | n/a | `string` | `null` | no |
 | <a name="input_format"></a> [format](#input\_format) | n/a | `string` | `"DOCKER"` | no |
 | <a name="input_location"></a> [location](#input\_location) | Location of the repository. Should generally be set to a multi-region location like 'us' or 'europe'. | `string` | `"us"` | no |