To build a Docker image with Depot in GitLab, you need to:
depotCLI in your GitLab CI job.
You can install the
depot CLI in a
before_script: - curl https://depot.dev/install-cli.sh | DEPOT_INSTALL_DIR=/usr/local/bin sh
Or you can run the entire job inside the Depot CLI container image:
image: name: ghcr.io/depot/cli:latest entrypoint: ['']
One installed, you can directly call
depot in your job's
script: - depot build ...
See below for information on how to configure Depot authentication and for how to authenticate and push to a registry.
For GitLab, you can use project or user access tokens for authenticating your build with Depot.
A project access token can be injected into your GitLab job for
depot CLI authentication via CI/CD variables or external secrets. This is a token that is tied to a specific project in your organization and not a user.
It is also possible to generate a user access token that can be injected into
your GitLab job for
depot CLI authentication via CI/CD variables or external secrets. This is a token that is tied to a specific user and not a project. Therefore, it can be used to build all projects across all organizations that the user has access to.
To build a Docker image from GitLab and push it to a registry, you have two options to choose from because of how GitLab CI/CD with Docker allows you to build Docker images.
You can configure a CI/CD variable,
DOCKER_AUTH_CONFIG, that contains the
~/.docker/config.json file (see these docs). You then inject that file before the build, which allows
depot build . --push to authenticate to your registry.
Note: This requires configuring an additional CI/CD variable but it avoids using Docker-in-Docker.
build-image: image: name: ghcr.io/depot/cli:0.1.5 entrypoint: [''] before_script: - mkdir -p $HOME/.docker - echo $DOCKER_AUTH_CONFIG > $HOME/.docker/config.json script: - depot build -t registry.gitlab.com/repo/image:tag . --push variables: DEPOT_TOKEN: $DEPOT_TOKEN
You can use the Docker-in-Docker executor. This method allows you to install the
depot CLI in the
before_script block and use
docker login to authenticate to whichever registry you are pushing to. This is useful if you are already making use of
docker login in your existing job.
image: docker:20.10.16 services: - docker:20.10.16-dind variables: DOCKER_HOST: tcp://docker:2376 DOCKER_TLS_CERTDIR: '/certs' build-image: before_script: - apk add --no-cache curl - curl https://depot.dev/install-cli.sh | DEPOT_INSTALL_DIR=/usr/local/bin sh script: - echo "$DOCKER_REGISTRY_PASS" | docker login registry.gitlab.com --username <your-username> --password-stdin - depot build -t registry.gitlab.com/repo/image:tag . --push variables: DEPOT_TOKEN: $DEPOT_TOKEN