Woodpecker provides the ability to add container registries in the settings of your repository. Adding a registry allows you to authenticate and pull private images from a container registry when using these images as a step inside your pipeline. Using registry credentials can also help you avoid rate limiting when pulling images from public registries.
Images from private registries
You must provide registry credentials in the UI in order to pull private container images defined in your YAML configuration file.
These credentials are never exposed to your steps, which means they cannot be used to push, and are safe to use with pull requests, for example. Pushing to a registry still requires setting credentials for the appropriate plugin.
Example configuration using a private image:
+ image: gcr.io/custom/golang
- go build
- go test
Woodpecker matches the registry hostname to each image in your YAML. If the hostnames match, the registry credentials are used to authenticate to your registry and pull the image. Note that registry credentials are used by the Woodpecker agent and are never exposed to your build containers.
Example registry hostnames:
Example registry hostname matching logic:
Global registry support
To make a private registry globally available, check the server configuration docs.
GCR registry support
For specific details on configuring access to Google Container Registry, please view the docs here.
For this, privileged rights are needed only available to admins. In addition, this only works when using a single agent.
It's possible to build a local image by mounting the docker socket as a volume.
Dockerfile at the root of the project:
- docker build --rm -t local/project-image .