Skip to content
Latchkey

docker push: Usage, Options & Auth Errors in CI

Upload an image to a registry, named correctly so the push is accepted.

docker push uploads a locally tagged image to a registry. The image name must encode the destination registry and repository. This page covers correct naming and the auth failures CI hits.

What it does

docker push uploads the layers of a tagged image to the registry named in the tag. You must tag the image with the full registry/repository path first, then push that name.

Common usage

Terminal
docker tag myapp:latest ghcr.io/owner/myapp:1.2.3
docker push ghcr.io/owner/myapp:1.2.3

docker tag myapp:latest 123456789.dkr.ecr.us-east-1.amazonaws.com/myapp:latest
docker push 123456789.dkr.ecr.us-east-1.amazonaws.com/myapp:latest

Common errors in CI

The common failure is "denied: requested access to the resource is denied" or "unauthorized: authentication required". Causes: not logged in (run docker login REGISTRY first), the GITHUB_TOKEN lacks packages:write for GHCR, or the image is tagged with a repository you cannot push to. Fix by authenticating with a token that has write scope and tagging with the exact registry/namespace you own.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →