QUAY Client API to create, set description and/or visibility, delete a tag or image.



Managing QUAY Meta data and visibility settings from GitLab-CI, allows uniform and version controlled Meta Data without manual interactions. Besides Meta Data, the API can also delete Tags and images allowing cleanup intermediate Tags for dynamic GitLab-CI environments.

Common options for QUAY client API

  • --image=quay.io/namespace/image need to be a valid QUAY image:
    • quay.io/gioxa/odagrun

Note: the tag for --image is ignored.
e.g.: quay.io/gioxa/odagrun:latest is valid too.

  • --credentials=$QUAY_CREDENTIALS

According to : How to use Red Hat Quay API with examples, thanks to CoreOS Support for providing an extract:

All calls to the Red Hat Quay REST API must occur via a token created for a defined Application. A new application can be created under an Organization in the Applications tab.

Generating a Token on on behalf of the currently logged in user
An access token can be generated simply by clicking on the Generate Token tab under the application, choosing scopes, and then clicking the Generate Access Token button. After conducting the OAuth flow for the current account, the newly generated token will be displayed.

More info: QUAY api

  • Create a base64 string credentials with a given username=$oauthtoken and an oauthtoken:
echo -e -n "$oauthtoken:<oauthtoken>" | base64 -
  • verify this and it should return $oauthtoken:<oauthtoken> with:
echo -e -n "dXNlcm5hbW....." | base64 -D  -

Note:if --credentials is defined, it will priority over the environment variables .

Alternatively add a secret variable to the Gitlab-CI settings:




Note: if --credentials is not defined, if QUAY_OAUTH_TOKEN is defined, it will take priority over QUAY_CREDENTIALS environment variable.
  • optional [--allow-fail] will generate only a Warning in stead of failing the build.

Set OR Create QUAY registry META data

QUAY_set_description \
  --image=${repo-name} \
  [--credentials=$(base64($oauthtoken:<authtoken>))] \
  [--set-private[=yes|no|auto|none]] \
  [--description="my description"] \

Defaults: with priority as listed

Option values
credentials QUAY_OATH_TOKEN
set-private auto

QUAY_set_description also allows to set the repository private:

set-private result
auto set to private if Gitlab Project Visibility is private or internal
set to public if Gitlab Project Visibility is public
no options
the QUAY repository is set to private.
same as --set-private without options
no the QUAY repository is set public.
none the QUAY repository private setting is not altered!
defaults to auto

If the repository for the given image does not exists, it will be created, this allows to create a private repository before a registry_push, ensuring that a private image stays private!

The Project visibility of Gitlab is only available since Gitlab version 10.3 in CI, before v10.3, the --set-private=auto option will result in a public docker Repository.

Delete a QUAY image Tag

QUAY_delete_tag \
  [--allow-fail] \
  --image=${image} \
  --reference=${tag} \

Deletes a given tag for a given repository image.

Delete a QUAY repository

QUAY_delete_repository \
  [--allow-fail] \
  --image=${image} \

Deletes a repository with given image name.

Danger! This deletes the repository with all tags and description on the QUAY registry!