Build Output


Build Output Overview

Builds that use the Docker or Source strategy result in the creation of a new container image. The image is then pushed to the container image registry specified in the output section of the Build specification.

If the output kind is ImageStreamTag, then the image will be pushed to the integrated OKD registry and tagged in the specified image stream. If the output is of type DockerImage, then the name of the output reference will be used as a Docker push specification. The specification may contain a registry or will default to DockerHub if no registry is specified. If the output section of the build specification is empty, then the image will not be pushed at the end of the build.

Output to an ImageStreamTag
      kind: "ImageStreamTag"
      name: "sample-image:latest"
Output to a Docker Push Specification
      kind: "DockerImage"
      name: ""

Output Image Environment Variables

Docker and Source strategy builds set the following environment variables on output images:

Variable Description


Name of the build


Namespace of the build


The source URL of the build


The Git reference used in the build


Source commit used in the build

Additionally, any user-defined environment variable, for example those configured via Source or Docker strategy options, will also be part of the output image environment variable list.

Output Image Labels

Docker and Source builds set the following labels on output images:

Label Description

Author of the source commit used in the build

Date of the source commit used in the build

Hash of the source commit used in the build

Message of the source commit used in the build

Branch or reference specified in the source

Source URL for the build

You can also use the BuildConfig.spec.output.imageLabels field to specify a list of custom labels that will be applied to each image built from the BuildConfig.

Custom Labels to be Applied to Built Images
      kind: "ImageStreamTag"
      name: "my-image:latest"
    - name: "vendor"
      value: "MyCompany"
    - name: "authoritative-source-url"
      value: ""

Output Image Digest

Built images can be uniquely identified by their digest, which can later be used to pull the image by digest regardless of its current tag.

Docker and Source builds store the digest in after the image is pushed to a registry. The digest is computed by the registry. Therefore, it may not always be present, for example when the registry did not return a digest, or when the builder image did not understand its format.

Built Image Digest After a Successful Push to the Registry
      imageDigest: sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912

Using Docker Credentials for Private Registries

To push an image to a private container image registry, credentials can be supplied using a secret. See Build Inputs for instructions.