How to Publish a Docker Image to the GitLab Registry in GitLab CI
GitLab injects registry credentials so a dind job can build and push with no extra secrets.
Every project has a Container Registry reachable via CI_REGISTRY_IMAGE. Log in with the CI-provided job token, build your image, and push it tagged with the commit SHA.
Build and push with the job token
Use the dind service for a Docker daemon and the predefined registry variables to authenticate.
.gitlab-ci.yml
build-image:
image: docker:24
services:
- docker:24-dind
variables:
DOCKER_TLS_CERTDIR: "/certs"
script:
- echo "${CI_REGISTRY_PASSWORD}" | docker login -u "${CI_REGISTRY_USER}" --password-stdin "${CI_REGISTRY}"
- docker build -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA}" .
- docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA}"Notes
- CI_REGISTRY_USER and CI_REGISTRY_PASSWORD are set automatically from the job token; no PAT is needed.
- Tag with CI_COMMIT_SHORT_SHA for traceability and add a :latest tag on the default branch if you want a moving pointer.
Related guides
How to Deploy to AWS with OIDC in GitLab CIAuthenticate GitLab CI to AWS without long-lived keys by exchanging the GitLab ID token for temporary credent…
How to Run SAST Scanning in GitLab CIEnable static application security testing in GitLab CI by including the built-in SAST template so analyzers…