How to Use CI/CD Systems with Your Container Registry

The DigitalOcean Container Registry (DOCR) is a private Docker image registry with additional tooling support that enables integration with your Docker environment and DigitalOcean Kubernetes clusters. DOCR registries are private and co-located in the datacenters where DigitalOcean Kubernetes clusters are operated for secure, stable, and performant rollout of images to your clusters.


You can push images from your CI/CD system to DigitalOcean Container Registry. For example, you can push a new image to the registry whenever a build with your commit is successful on your source control system.

Note
Your CI/CD setup may fail to push images during garbage collection when the container registry is in read-only mode.

To start using your CI/CD system with the registry, you first need to authenticate it to push images to the registry. Depending on your CI system, you can use one of the following methods to authenticate it:

  • Using a Docker configuration file

  • Using a username and password

  • Using doctl

You can then run docker commands to push an image to the registry, or you can configure your CI system to specify what to build and push the image automatically.

Authenticate Using a Docker Configuration File

Many CI systems support configuring authentication using a Docker config.json file. You can fetch this JSON file for your container registry using one of the following methods:

  • In the DigitalOcean Control Panel, navigate to the registry page. Then, click Actions and select Download Docker Credentials to download the credentials JSON file.

  • Run doctl registry docker-config --read-write. If you do not provide the --read-write flag, you will receive read-only credentials, which are usually undesirable for CI.

  • Use the DigitalOcean Container Registry API.

Authenticate Using a Username and Password

For CI systems that support configuring registry authentication via username and password, use a DigitalOcean API token as both the username and the password. The API token must have read/write privileges to push to your registry.

Authenticate Using doctl

If you can run doctl in your CI environment, run the registry login command to authenticate before pushing images:

doctl registry login --expiry-seconds <time>

This method is a good choice for CI systems such as GitHub Actions, where you can run arbitrary commands and push Docker images via the Docker command-line. For an example, see Enable Push-to-Deploy.