Go to navigation

Container Images

Every GitLab CI job runs in an isolated environment — a container. Using the image directive in .gitlab-ci.yml, you can specify the container (Docker) image from which the container should be created. If you do not specify this directive at either the job or pipeline level, the default image ict/images/alpine/ci:latest will be used.

Local Images

GitLab includes an integrated Container Registry, a service for storing and distributing container (Docker) images.

Each GitLab project can have its own image storage space, and images can also be generated automatically through CI (see Building Images). If a project provides images, they can be found under Package & Registries  Container Registry within the project (or group).

The full name of a local image always contains the registry address and project path, optionally followed by additional names distinguishing different images within the same project, all separated by slashes. Finally, a tag separated by a colon identifies a specific image version (more information here).

<registry-url>/<namespace>/[<subgroup>/[<subsubgroup>/]]<project-slug>[/<name-1>[/<name-2>[/<name-3>]]]:<tag>

For example:

If you are not using the image directly in .gitlab-ci.yml (via the image directive), replace the registry variable (${CI_REGISTRY}) with the value gitlab.fit.cvut.cz:5050.

A resulting .gitlab-ci.yml may look like this:

build:
  image: ${CI_REGISTRY}/ict/images/alpine/ci:latest
  before_script:
    - apk add -U build-base  # install base build dependencies for C/C++
  script:
    - make  # build stuff

Images Provided by ICT

The ict/images group contains images maintained by the ICT department. All of these images are generated automatically and updated regularly.

ict/images/alpine

These images are built in two variants:

  • ict/images/alpine/ci — The default image intended for CI usage. It includes the curl, git, and openssh-client packages and is optimized for CI environments.
  • ict/images/alpine/base — A minimal image corresponding to the alpine image from Docker Hub. In addition, it is preconfigured with the Europe/Prague timezone and the faculty Alpine repository mirror.

Both variants are built for every supported release branch, represented by a tag (e.g., 3.20, 3.19, edge, …​). The latest tag is an alias for the latest stable release branch.

Docker Hub

GitLab can also use images from Docker Hub and other public container registries.

Important:

Due to image download rate limits, the use of Docker Hub images should be minimized, and efficient access techniques should be implemented.

If you genuinely need to use Docker Hub images and your project belongs to a group (rather than a personal namespace), use the Dependency Proxy.

This ensures that the Docker image is cached after its first use and is not repeatedly downloaded against the Docker Hub rate limit. Since version 17.10, Dependency Proxy supports Docker Hub authentication. Authenticated access is the recommended way to use Dependency Proxy because authenticated users have significantly higher rate limits.

If your project is not located within a group, download the image manually from Docker Hub and then upload it to the GitLab Container Registry as shown in the manual download example.

When using Docker Hub inside a pipeline (for example, within a Dockerfile used to build an image), you should add a Docker Hub login step at the beginning of the job so that subsequent image downloads are authenticated and benefit from the increased rate limit.

This can be done using the equivalent of buildah login <username> <password> docker.io in whichever tool you use to build images. You will need your own account on Docker Hub for this step.

Example of using Dependency Proxy
build:
  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/debian:stable-slim
  script:
    - cat /etc/os-release
Example of manually downloading and re-uploading an image
podman pull alpine
podman login pechmst1 glpat-s3ehoFmvPTSB5a8PAEXk gitlab.fit.cvut.cz:5050 1
podman push alpine gitlab.fit.cvut.cz:5050/ict/images/alpine/ci:mirrored-image 2
  1. Use your GitLab username and a personal access token with at least the read_registry and write_registry scopes so that you can push images to your repositories.
  2. Specify the path to your own repository.