Skip to content

Push Images to Harbor

This guide explains how Harbor handles image storage and artifact retention, and provides step-by-step guidance for pushing images using Docker commands.

Image capacity and artifact retention

The Harbor registry currently retains only the five most recent versions of each image. When a sixth version is pushed, the oldest version is automatically deleted. The Game Warden team is working to expand this capacity in the future.

Game Warden’s CI/CD pipelines generate artifacts each time an image is pushed. These artifacts accumulate over time and consume storage. To manage storage and maintain performance:

  • Artifacts older than 15 days are automatically purged.
  • You must initiate the pipeline to push your image to DEV, STG, or PRD within 15 days of pushing it to Harbor.
  • Once artifacts are purged, you must update and re-push your image to continue deployment.
  • Purged artifacts cannot be retrieved.

Steps to push images

The example commands below show how to push an image using the following test data:

  • Username: janed
  • Project name: test-company
  • Image name: test-image
  • Image tag: 0.0.1

Replace <target registry> with your organization's Harbor registry URL.

Log in to Harbor via Docker

Open a terminal and log in to Harbor using your username and CLI secret.

docker login -u <username> -p <cli-secret> <target registry>
Example command: 
docker login -u janed -p password123 <target registry>
If successful, you'll see: 
Login Succeeded
If login fails, ensure your Harbor session is still active in a browser. You may need to re-authenticate.

Tag the image

Avoid using the following disallowed tags:

  • -hardened
  • latest
  • .sig
  • sha256
  • development
  • staging
  • production
Use a semantic version tag such as 0.2.1. Your Deployment Passport requires a valid version number. 
docker tag <source-image>:<tag> <target registry>/<project>/<repository>:<tag>
Example command: 
docker tag your-registry/your-project/previous-image-name:previous-tag \<target registry>test-company/test-image:0.0.1

List Docker images (optional)

You can verify the image exists locally:

docker image ls

Push the image to Harbor

docker push <target registry>/<project>/<repository>:<tag>
Example command: 
docker push <target registry>/test-company/test-image:0.0.1
You should see confirmation messages in your terminal as the image uploads.

Confirm the image in Harbor

  1. Log into to Harbor with your Platform One (P1) SSO credentials.
  2. Select your assigned project from the Projects page.
  3. On the Repositories tab, find your pushed image listed. If the image is not visible:
    • Check your terminal output for errors or warnings.
    • Confirm your user permissions for pushing images.
    • Reach out to Second Front via Slack for assistance.

Associate new images with an application

New versions of an existing image appear in App Central automatically after they are pushed to Harbor. For a brand-new image (i.e., a new name), you must first associate it with an application.

To associate new images with their respective applications:

  1. Log in to Game Warden using your P1 SSO credentials.
  2. From the left navigation, select Images to open the images dashboard.
  3. On the Inactive Images tab, locate your recently pushed image.
  4. Select the image(s) you want to add to an application.
  5. Click Select Application in the green action bar, then choose the application that should own the image.
    The image now appears under Images in App Central for that application.

What happens after image push

Once the image is pushed:

  • A webhook triggers a pipeline that pulls your Dockerfile.
  • The image is built and hardened automatically.
  • The hardened version becomes available in Harbor.
  • If you push the same image again with a new version tag, a new pipeline is triggered, and both versions will appear in Harbor.

Harbor will always display the most recent push timestamp for each tagged version.