Skip to content
Latchkey

docker pull Command Reference

Download an image from a registry.

docker pull fetches an image and its layers from a registry into the local store. Without an explicit tag it pulls :latest. For reproducible builds you can pull by digest (image@sha256:...) so the bytes never change.

Common flags

  • -a, --all-tags - download all tagged images in the repository
  • --platform - pull for a specific platform, e.g. linux/arm64
  • -q, --quiet - suppress verbose output
  • --disable-content-trust - skip image signature verification (default true)

Example

shell
docker pull node:20-alpine
docker pull --platform linux/amd64 ghcr.io/myorg/base@sha256:${BASE_DIGEST}

In CI

Pin base images by digest to make builds deterministic and immune to a moving tag. "toomanyrequests: You have reached your pull rate limit" on Docker Hub means anonymous rate limits were hit; authenticate with docker login or pull from a mirror.

Key takeaways

  • Pull by digest (image@sha256:...) for reproducible, immutable inputs.
  • Authenticate to avoid Docker Hub anonymous pull rate limits in CI.
  • --platform pulls a specific architecture variant of a multi-arch image.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →