We use cookies to understand how people use Depot.
Integrations

GitLab CI

To build a Docker image with Depot in GitLab, you need to:

  1. Install the depot CLI in your GitLab CI job.
  2. Provide authentication details for your Depot project or user account.
  3. (optional) If you are going to push the image to a registry, provide authentication details for the registry.

You can install the depot CLI in a before_script:

before_script:
  - curl https://depot.dev/install-cli.sh | DEPOT_INSTALL_DIR=/usr/local/bin sh

Or you can run the entire job inside the Depot CLI container image:

image:
  name: ghcr.io/depot/cli:latest
  entrypoint: ['']

One installed, you can directly call depot in your job's script:

script:
  - depot build ...

See below for information on how to configure Depot authentication and for how to authenticate and push to a registry.

Depot Authentication

For GitLab, you can use project or user access tokens for authenticating your build with Depot.

Project token

A project access token can be injected into your GitLab job for depot CLI authentication via CI/CD variables or external secrets. This is a token that is tied to a specific project in your organization and not a user.

User access token

It is also possible to generate a user access token that can be injected into your GitLab job for depot CLI authentication via CI/CD variables or external secrets. This is a token that is tied to a specific user and not a project. Therefore, it can be used to build all projects across all organizations that the user has access to.

Registry Authentication

To build a Docker image from GitLab and push it to a registry, you have two options to choose from because of how GitLab CI/CD with Docker allows you to build Docker images.

Using DOCKER_AUTH_CONFIG

You can configure a CI/CD variable, DOCKER_AUTH_CONFIG, that contains the ~/.docker/config.json file (see these docs). You then inject that file before the build, which allows depot build . --push to authenticate to your registry.

Note: This requires configuring an additional CI/CD variable but it avoids using Docker-in-Docker.

build-image:
  image:
    name: ghcr.io/depot/cli:0.1.5
    entrypoint: ['']
  before_script:
    - mkdir -p $HOME/.docker
    - echo $DOCKER_AUTH_CONFIG > $HOME/.docker/config.json
  script:
    - depot build -t registry.gitlab.com/repo/image:tag . --push
  variables:
    DEPOT_TOKEN: $DEPOT_TOKEN

Using Docker-in-Docker

You can use the Docker-in-Docker executor. This method allows you to install the depot CLI in the before_script block and use docker login to authenticate to whichever registry you are pushing to. This is useful if you are already making use of docker login in your existing job.

image: docker:20.10.16
services:
  - docker:20.10.16-dind
variables:
  DOCKER_HOST: tcp://docker:2376
  DOCKER_TLS_CERTDIR: '/certs'

build-image:
  before_script:
    - apk add --no-cache curl
    - curl https://depot.dev/install-cli.sh | DEPOT_INSTALL_DIR=/usr/local/bin sh
  script:
    - echo "$DOCKER_REGISTRY_PASS" | docker login registry.gitlab.com --username <your-username> --password-stdin
    - depot build -t registry.gitlab.com/repo/image:tag . --push
  variables:
    DEPOT_TOKEN: $DEPOT_TOKEN