Skip to content


Repository files navigation

Docker Registry Artifact plugin

The docker registry artifact plugin provides a way to push and pull docker images on GoCD

Getting started


  • GoCD Server 18.7+
  • Docker registry
  • Docker daemon


  • Download the right version of the plugin from the Releases page. The direct link to the latest released version is:
  • Copy the file build/libs/docker-registry-artifact-plugin-VERSION.jar to the GoCD server under ${GO_SERVER_DIR}/plugins/external and restart the server. * The GO_SERVER_DIR is usually /var/lib/go-server on Linux and C:\Program Files\Go Server on Windows.


There are three levels of configuration needed in order for publishing and fetching a docker image as an artifact.

Configure the Artifact Store

  1. Login to GoCD server as admin and navigate to Admin > Artifact Stores

  2. Click on Add to add the store details for the plugin.

    • Specify the store id
    • Choose the docker registry artifact plugin
    • Specify the Docker Registry Url
    • Specify the Registry Type
    • Specify registry details

    If Registry Type is ecr:

    If Registry Type is other:

Artifact Store Properties
Properties Description Mandatory
RegistryType Can be either ecr or other yes

If RegistryType is ecr:

Properties Description Mandatory
RegistryID ECR registry id to push and pull images yes
AWSRegion The aws region key to execute ecr get authorization token request yes
AWSAccessKeyId The aws access key id to execute ecr get authorization token request no
AWSSecretAccessKey The aws secret access key to execute ecr get authorization token request no

Note: If the AWSAccessKeyId and AWSSecretAccessKey are not provided, the following configurations are checked:

  • Environment Variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
  • System Properties aws.accessKeyId and aws.secretKey
  • Credential profiles file at the default location (~/.aws/credentials)
  • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable
  • Instance profile credentials delivered through the Amazon EC2 metadata service

If RegistryType is other

Properties Description Mandatory
RegistryURL Registry to push and pull images yes
Username Username to authenticate with the docker registry. yes
Password Password to authenticate with the docker registry. yes

Publish artifact config

  1. Navigate to the Artifacts tab under Stage > Job

  2. Choose artifact type External

    • Specify the artifact id.
    • Specify the store id of an existing artifact store
  3. Configure the build specific artifact details.

    • Optionally specify the Image and Tag. Usually, the Tag can be an environment variable that changes for every build. For example, the GO_PIPELINE_LABEL can be used to publish a versioned docker image.
    • Optionally specify the BuildFile. Specify a json file name. The format of the file should be {"image": "name", "tag": "tag pattern"}. The BuildFile option can be used if the Tag option cannot be specified for the tag pattern you want to use. The generation of this json file must be handled within the GoCD job.
    • A private registry has to be part of the image name, like RegistryURL/Image.

Configure the Image in Publish Artifact Config:

Although the artifact store contains the registry url or the registry ID (in case of ECR), the image that needs to be published to the registry still needs to be tagged appropriately with the registry information. Otherwise, the docker client will be unable to push the image to the registry.

Specify the image as shown in the examples below for various container registries:

  • DockerHub: <DOCKERHUB_USERNAME>/image

  • Quay:<username>/image

  • GCR:<username>/image

  • ECR: <registry_id>.dkr.ecr.<aws_region>

Fetch artifact config

To pull an image from an upstream pipeline or stage, the following information is required:

  1. Specify a Pipeline Dependency material if you have an upstream pipeline you want to pull the docker image.

  2. Navigate to Tasks tab under Stage > Job

  3. Add a Fetch Artifact task

    • Choose artifact origin type External
    • Specify the pipeline, stage and job name.
    • Specify the artifact id of the external artifact that belongs to the upstream job


Enable Debug Logs

If you are on GoCD version 19.6 and above:

Edit the file wrapper-properties.conf on your GoCD server and add the following options. The location of the wrapper-properties.conf can be found in the installation documentation of the GoCD server.

# We recommend that you begin with the index `100` and increment the index for each system property

If you're running with GoCD server 19.6 and above on docker using one of the supported GoCD server images, set the environment variable GOCD_SERVER_JVM_OPTIONS:

docker run -e "" ...

If you are on GoCD version 19.5 and lower:

  • On Linux:

    Enabling debug level logging can help you troubleshoot an issue with this plugin. To enable debug level logs, edit the file /etc/default/go-server (for Linux) to add:


    If you're running the server via ./ script:

  • On windows:

    Edit the file config/wrapper-properties.conf inside the GoCD Server installation directory (typically C:\Program Files\Go Server):

    # config/wrapper-properties.conf
    # since the last "" index is 15, we use the next available index.

Building the code base

To build the jar, run ./gradlew clean test assemble


Copyright 2022 Thoughtworks, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.

About the license and releasing your plugin under a different license

The code in this repository is licensed under the Apache 2.0 license. The license itself specifies the terms under which derivative works may be distributed (the license also defines derivative works). The Apache 2.0 license is a permissive open source license that has minimal requirements for downstream licensors/licensees to comply with.

This does not prevent your plugin from being licensed under a different license as long as you comply with the relevant clauses of the Apache 2.0 license (especially section 4). Typically, you clone this repository and keep the existing copyright notices. You are free to add your own license and copyright notice to any modifications.

This is not legal advice. Please contact your lawyers if needed.