Promotion policies overviewEstimated reading time: 1 minute
Docker Trusted Registry allows you to automatically promote and mirror images
based on a policy. In DTR 2.7, you have the option to promote applications with the experimental
docker app CLI addition.
Note that scanning-based promotion policies do not take effect until all application-bundled images have been scanned.
This way you can create a Docker-centric development pipeline.
You can mix and match promotion policies, mirroring policies, and webhooks to create flexible development pipelines that integrate with your existing CI/CD systems.
Promote an image using policies
One way to create a promotion pipeline is to automatically promote images to another repository.
You start by defining a promotion policy that’s specific to a repository. When someone pushes an image to that repository, DTR checks if it complies with the policy you set up and automatically pushes the image to another repository.
Mirror images to another registry
You can also promote images between different DTR deployments. This not only allows you to create promotion policies that span multiple DTRs, but also allows you to mirror images for security and high availability.
You start by configuring a repository with a mirroring policy. When someone pushes an image to that repository, DTR checks if the policy is met, and if so pushes it to another DTR deployment or Docker Hub.
Mirror images from another registry
Another option is to mirror images from another DTR deployment. You configure a repository to poll for changes in a remote repository. All new images pushed into the remote repository are then pulled into DTR.
This is an easy way to configure a mirror for high availability since you won’t need to change firewall rules that are in place for your environments.registry, promotion, mirror