docker push: Usage, Options & Auth Errors in CI
Upload an image to a registry, named correctly so the push is accepted.
docker push uploads a locally tagged image to a registry. The image name must encode the destination registry and repository. This page covers correct naming and the auth failures CI hits.
What it does
docker push uploads the layers of a tagged image to the registry named in the tag. You must tag the image with the full registry/repository path first, then push that name.
Common usage
docker tag myapp:latest ghcr.io/owner/myapp:1.2.3
docker push ghcr.io/owner/myapp:1.2.3
docker tag myapp:latest 123456789.dkr.ecr.us-east-1.amazonaws.com/myapp:latest
docker push 123456789.dkr.ecr.us-east-1.amazonaws.com/myapp:latestCommon errors in CI
The common failure is "denied: requested access to the resource is denied" or "unauthorized: authentication required". Causes: not logged in (run docker login REGISTRY first), the GITHUB_TOKEN lacks packages:write for GHCR, or the image is tagged with a repository you cannot push to. Fix by authenticating with a token that has write scope and tagging with the exact registry/namespace you own.