Container Registry API

The use of CI_JOB_TOKEN scoped to the current project was

This is the API documentation of the GitLab Container Registry.

When the ci_job_token_scope feature flag is enabled (it is disabled by default), you can use the below endpoints from a CI/CD job, by passing the $CI_JOB_TOKEN variable as the JOB-TOKEN header. The job token will only have access to its own project.

GitLab administrators with access to the GitLab Rails console can opt to enable it.

To enable it: 

Feature.enable(:ci_job_token_scope)

To disable it: 

Feature.disable(:ci_job_token_scope)

Change the visibility of the Container Registry

This controls who can view the Container Registry. 

PUT /projects/:id/
Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the project accessible by the authenticated user.
container_registry_access_level string no The desired visibility of the Container Registry. One of enabled (default), private, or disabled.

Descriptions of the possible values for container_registry_access_level:

  • enabled (Default): The Container Registry is visible to everyone with access to the project. If the project is public, the Container Registry is also public. If the project is internal or private, the Container Registry is also internal or private.

  • private: The Container Registry is visible only to project members with Reporter role or higher. This is similar to the behavior of a private project with Container Registry visibility set to enabled.

  • disabled: The Container Registry is disabled.

See the Container Registry visibility permissions for more details about the permissions that this setting grants to users. 

curl --request PUT "https://gitlab.example.com/api/v4/projects/5/" \
     --header 'PRIVATE-TOKEN: <your_access_token>' \
     --header 'Accept: application/json' \
     --header 'Content-Type: application/json' \
     --data-raw '{
         "container_registry_access_level": "private"
     }'

Example response: 

{
  "id": 5,
  "name": "Project 5",
  "container_registry_access_level": "private",
  ...
}

List registry repositories

Within a project

Get a list of registry repositories in a project. 

GET /projects/:id/registry/repositories
Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the project accessible by the authenticated user.
tags boolean no If the parameter is included as true, each repository includes an array of "tags" in the response.
tags_count boolean no If the parameter is included as true, each repository includes "tags_count" in the response ( 
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/registry/repositories"

Example response: 

[
  {
    "id": 1,
    "name": "",
    "path": "group/project",
    "project_id": 9,
    "location": "gitlab.example.com:5000/group/project",
    "created_at": "2019-01-10T13:38:57.391Z",
    "cleanup_policy_started_at": "2020-01-10T15:40:57.391Z"
  },
  {
    "id": 2,
    "name": "releases",
    "path": "group/project/releases",
    "project_id": 9,
    "location": "gitlab.example.com:5000/group/project/releases",
    "created_at": "2019-01-10T13:39:08.229Z",
    "cleanup_policy_started_at": "2020-08-17T03:12:35.489Z"
  }
]

Within a group

Get a list of registry repositories in a group. 

GET /groups/:id/registry/repositories
Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the group accessible by the authenticated user.
tags boolean no If the parameter is included as true, each repository includes an array of "tags" in the response.
tags_count boolean no If the parameter is included as true, each repository includes "tags_count" in the response ( 
curl --header "PRIVATE-TOKEN: <your_access_token>" \
     "https://gitlab.example.com/api/v4/groups/2/registry/repositories?tags=1&tags_count=true"

Example response: 

[
  {
    "id": 1,
    "name": "",
    "path": "group/project",
    "project_id": 9,
    "location": "gitlab.example.com:5000/group/project",
    "created_at": "2019-01-10T13:38:57.391Z",
    "cleanup_policy_started_at": "2020-08-17T03:12:35.489Z",
    "tags_count": 1,
    "tags": [
      {
        "name": "0.0.1",
        "path": "group/project:0.0.1",
        "location": "gitlab.example.com:5000/group/project:0.0.1"
      }
    ]
  },
  {
    "id": 2,
    "name": "",
    "path": "group/other_project",
    "project_id": 11,
    "location": "gitlab.example.com:5000/group/other_project",
    "created_at": "2019-01-10T13:39:08.229Z",
    "cleanup_policy_started_at": "2020-01-10T15:40:57.391Z",
    "tags_count": 3,
    "tags": [
      {
        "name": "0.0.1",
        "path": "group/other_project:0.0.1",
        "location": "gitlab.example.com:5000/group/other_project:0.0.1"
      },
      {
        "name": "0.0.2",
        "path": "group/other_project:0.0.2",
        "location": "gitlab.example.com:5000/group/other_project:0.0.2"
      },
      {
        "name": "latest",
        "path": "group/other_project:latest",
        "location": "gitlab.example.com:5000/group/other_project:latest"
      }
    ]
  }
]

Get details of a single repository

Get details of a registry repository. 

GET /registry/repositories/:id
Attribute Type Required Description
id integer/string yes The ID of the registry repository accessible by the authenticated user.
tags boolean no If the parameter is included as true, the response includes an array of "tags".
tags_count boolean no If the parameter is included as true, the response includes "tags_count".
size boolean no If the parameter is included as true, the response includes "size". This is the deduplicated size of all images within the repository. Deduplication eliminates extra copies of identical data. For example, if you upload the same image twice, the Container Registry stores only one copy. This field is only available on GitLab.com for repositories created after 2021-11-04. 
curl --header "PRIVATE-TOKEN: <your_access_token>" \
     "https://gitlab.example.com/api/v4/registry/repositories/2?tags=true&tags_count=true&size=true"

Example response: 

{
  "id": 2,
  "name": "",
  "path": "group/project",
  "project_id": 9,
  "location": "gitlab.example.com:5000/group/project",
  "created_at": "2019-01-10T13:38:57.391Z",
  "cleanup_policy_started_at": "2020-08-17T03:12:35.489Z",
  "tags_count": 1,
  "tags": [
    {
      "name": "0.0.1",
      "path": "group/project:0.0.1",
      "location": "gitlab.example.com:5000/group/project:0.0.1"
    }
  ],
  "size": 2818413
}

Delete registry repository

Delete a repository in registry.

This operation is executed asynchronously and might take some time to get executed. 

DELETE /projects/:id/registry/repositories/:repository_id
Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the project owned by the authenticated user.
repository_id integer yes The ID of registry repository. 
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" \
     "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2"

List registry repository tags

Within a project

Get a list of tags for given registry repository. 

GET /projects/:id/registry/repositories/:repository_id/tags
Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the project accessible by the authenticated user.
repository_id integer yes The ID of registry repository. 
curl --header "PRIVATE-TOKEN: <your_access_token>" \
     "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"

Example response: 

[
  {
    "name": "A",
    "path": "group/project:A",
    "location": "gitlab.example.com:5000/group/project:A"
  },
  {
    "name": "latest",
    "path": "group/project:latest",
    "location": "gitlab.example.com:5000/group/project:latest"
  }
]

Get details of a registry repository tag

Get details of a registry repository tag. 

GET /projects/:id/registry/repositories/:repository_id/tags/:tag_name
Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the project accessible by the authenticated user.
repository_id integer yes The ID of registry repository.
tag_name string yes The name of tag. 
curl --header "PRIVATE-TOKEN: <your_access_token>" \
     "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags/v10.0.0"

Example response: 

{
  "name": "v10.0.0",
  "path": "group/project:latest",
  "location": "gitlab.example.com:5000/group/project:latest",
  "revision": "e9ed9d87c881d8c2fd3a31b41904d01ba0b836e7fd15240d774d811a1c248181",
  "short_revision": "e9ed9d87c",
  "digest": "sha256:c3490dcf10ffb6530c1303522a1405dfaf7daecd8f38d3e6a1ba19ea1f8a1751",
  "created_at": "2019-01-06T16:49:51.272+00:00",
  "total_size": 350224384
}

Delete a registry repository tag

Delete a registry repository tag. 

DELETE /projects/:id/registry/repositories/:repository_id/tags/:tag_name
Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the project owned by the authenticated user.
repository_id integer yes The ID of registry repository.
tag_name string yes The name of tag. 
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" \
     "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags/v10.0.0"

This action doesn’t delete blobs. To delete them and recycle disk space, run the garbage collection.

Delete registry repository tags in bulk

Delete registry repository tags in bulk based on given criteria.

For an overview, see . 

DELETE /projects/:id/registry/repositories/:repository_id/tags
Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the project owned by the authenticated user.
repository_id integer yes The ID of registry repository.
name_regex string no The name_regex_delete string yes The name_regex_keep string no The keep_n integer no The amount of latest tags of given name to keep.
older_than string no Tags to delete that are older than the given time, written in human readable form 1h, 1d, 1month.

This API returns if successful, and performs the following operations:

These operations are executed asynchronously and can take time to get executed. You can run this at most once an hour for a given container repository. This action doesn’t delete blobs. To delete them and recycle disk space, run the garbage collection.

caution
The number of tags deleted by this API is limited on GitLab.com because of the scale of the Container Registry there. If your Container Registry has a large number of tags to delete, only some of them will be deleted, and you might need to call this API multiple times. To schedule tags for automatic deletion, use a cleanup policy instead.

Examples:

  1. Remove tag names that are matching the regex (Git SHA), keep always at least 5, and remove ones that are older than 2 days: 

    curl --request DELETE --data 'name_regex_delete=[0-9a-z]{40}' --data 'keep_n=5' --data 'older_than=2d' \
     --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"

  2. Remove all tags, but keep always the latest 5: 

    curl --request DELETE --data 'name_regex_delete=.*' --data 'keep_n=5' \
     --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"

  3. Remove all tags, but keep always tags beginning with stable: 

    curl --request DELETE --data 'name_regex_delete=.*' --data 'name_regex_keep=stable.*' \
     --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"

  4. Remove all tags that are older than 1 month: 

    curl --request DELETE --data 'name_regex_delete=.*' --data 'older_than=1month' \
     --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"

Instance-wide endpoints

Beside the group- and project-specific GitLab APIs explained above, the Container Registry has its own endpoints. To query those, follow the Registry’s built-in mechanism to obtain and use an .

Listing all container repositories 

GET /v2/_catalog

To list all container repositories on your GitLab instance, admin credentials are required: 

$ curl --request GET --user "<admin-username>:<admin-password>" "https://gitlab.example.com/jwt/auth?service=container_registry&scope=registry:catalog:*"
{"token":" ... "}

$ curl --header "Authorization: Bearer <token_from_above>" https://gitlab.example.com:5050/v2/_catalog
{"repositories":["user/project1", "group/subgroup/project2", ... ]}
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.

Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
to help shape new features.
Feature availability and product trials
 to see all GitLab tiers and features, or to upgrade.
 with access to all features for 30 days.
Get Help

If you didn't find what you were looking for, search the docs.

If you want help with something specific and could use community support, .

For problems setting up or using this feature (depending on your GitLab subscription).

Request support