This page is outdated. Please check for up-to-date documentation.

The Docker plugin can be used to build and publish images to the Docker registry. The following pipeline configuration uses the Docker plugin to build and publish Docker images:

    image: plugins/docker
    repo: foo/bar
        name: dockerhub-secret-name
        keyRef: username
        name: dockerhub-secret-name
        keyRef: password


Please note that the Docker plugin runs in privileged mode as it mounts the Docker socket as a volume.


By default the Docker plugin tags your image with latest tag which is often not enough. You can easily add further tags manually to the configuration:

    image: plugins/docker
    repo: foo/bar
      - latest
      - 1.0.1
      - 1.0

The Docker plugin can also be configured to automatically tag your images. When this feature is enabled and the event type is tag, the plugin will automatically tag the image using the standard major, minor, release convention. For example:

  • 1.0.0 produces docker tags 1, 1.0, 1.0.0
  • 1.0.0-rc.1 produces docker tags 1.0.0-rc.1

When the event type is push and the target branch is your default branch (e.g. master) the plugin will automatically tag the image as latest. All other event types and branches are ignored.

    image: plugins/docker
    repo: foo/bar
    auto_tag: true

Last, but not least: you can use templating to customize the configuration:

    image: plugins/docker
    dockerfile: Dockerfile
    repo: '{{ .CICD_REPO }}'
    tags: '{{ trunc 7 .CICD_COMMIT_SHA }}'

Secret Reference

parameter description
DOCKER_USERNAME authenticates with this username
DOCKER_PASSWORD authenticates with this password

Read more how to attach secrets to CI/CD.

Parameter Reference

parameter required description
repo yes repository name for the image
tags no repository tag/tags for the image
registry no registry to push the image to (defaults to Docker Hub)
dockerfile no dockerfile to be used (defaults to Dockerfile)
context no the context path to use (defaults to root of the git repo)
target no the build target to use, must be defined in the docker file
force_tag no replace existing matched image tags (defaults to false)
insecure no enable insecure communication to this registry (defaults to false)
mirror no use a mirror registry instead of pulling images directly from the central Hub
bip no use for pass bridge ip (defaults to false)
custom_dns no set custom dns servers for the container
storage_driver no supports aufs, overlay or vfs drivers
build_args no custom arguments passed to docker build
auto_tag no generate tag names automatically based on git branch and git tag (defaults to false)
auto_tag_suffix no generate tag names with this suffix
debug, launch_debug no launch the docker daemon in verbose debug mode