How can I check image exist on docker hub? - docker

I want to check If my image exist on docker hub or not.
I find 2 solution.
1)
docker pull alpine:invalid > /dev/null && echo "success" || echo "failed"
2)
# set username and password
UNAME="user"
UPASS="password"
function docker_tag_exists() {
TOKEN=$(curl -s -H "Content-Type: application/json" -X POST -d '{"username": "'${UNAME}'", "password": "'${UPASS}'"}' https://hub.docker.com/v2/users/login/ | jq -r .token)
EXISTS=$(curl -s -H "Authorization: JWT ${TOKEN}" https://hub.docker.com/v2/repositories/$1/tags/?page_size=10000 | jq -r "[.results | .[] | .name == \"$2\"] | any")
test $EXISTS = true
}
if docker_tag_exists library/nginx 1.7.5; then
echo exist
else
echo not exists
fi
Solution one is bash script and solution 2 is using jq and I do not want to install jq.
Does exist a way that check existance of an image by simple curl?
like this for harbor
curl -u $USERNAME:$PASSWORD -s -o /dev/null -I -w \"%{http_code}\" -X GET \"http://${REGISTRY_HOST}/api/repositories/images%2F${repo_name}/tags/${image_tag}\"

Related

Unable to add a group member using microsoft graph api in a bash script

If I run below http script from the graph.microsoft.com docs, it works fine.
POST https://graph.microsoft.com/v1.0/groups/9746dce-f530182/members/$ref
Content-type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6Il9Y-pCiTwLhttVX5wg
{
"#odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/e7cb-2f96bba6"
}
where:
9746dce-f530182 = group-id,
e7cb-2f96bba6 = user-id and
eyJ0eXAiOiJKV1QiLCJub25jZSI6Il9Y-pCiTwLhttVX5wg = auth-token
I would like to run this as a bash script, so that I can automate the token generation and the POST call. My script looks like so.
CLIENT_ID='283f4d25-87bde0ef'
TENANT_ID='2d987312-a4ff5ea0'
CLIENT_SECRET='XSY8Q~4Ls-ahi'
GROUP_ID="9746dc-00182"
USER_ID='e7cb46-bbbba6'
AT_URL="https://login.microsoftonline.com/${TENANT_ID}/oauth2/token"
auth_response=$(curl -X POST -d 'grant_type=client_credentials&client_id='${CLIENT_ID}'&client_secret='$CLIENT_SECRET'&resource=https://graph.microsoft.com' $AT_URL | jq .)
token="$(echo $auth_response | jq -r .token_type) $(echo $auth_response | jq -r .access_token)"
curl -H "Authorization: $token" -H "Content-type: application/json" -d '{"#odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/'$USER_ID'"}' "https://graph.microsoft.com/v1.0/groups/$GROUP_ID/members/$ref"
But this fails with the below error. What am I missing?
{"error":{"code":"Request_BadRequest","message":"Unsupported resource type 'DirectoryObject' for operation 'Create'.","innerError":{"date":"2022-05-25T11:24:21","request-id":"e189dc-063e","client-request-id":"e189d-2e42063e"}}}

I managed to fis the issue by changing the last line of the script to the following. The problem was that the $ref at the end of the URL was treated as a bash variable.
curl -H "Authorization: $token" -H "Content-Type: application/json" -d '{"#odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/'${USER_ID}'"}' 'https://graph.microsoft.com/v1.0/groups/'$GROUP_ID'/members/$ref'
Hope this helps someone else.
The final script looks like below
CLIENT_ID='283f4d25-87bde0ef'
TENANT_ID='2d987312-a4ff5ea0'
CLIENT_SECRET='XSY8Q~4Ls-ahi'
GROUP_ID="9746dc-00182"
USER_ID='e7cb46-bbbba6'
AT_URL="https://login.microsoftonline.com/${TENANT_ID}/oauth2/token"
auth_response=$(curl -X POST -d 'grant_type=client_credentials&client_id='${CLIENT_ID}'&client_secret='$CLIENT_SECRET'&resource=https://graph.microsoft.com' $AT_URL | jq .)
token="$(echo $auth_response | jq -r .token_type) $(echo $auth_response | jq -r .access_token)"
curl -H "Authorization: $token" -H "Content-Type: application/json" -d '{"#odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/'${USER_ID}'"}' 'https://graph.microsoft.com/v1.0/groups/'$GROUP_ID'/members/$ref'

How to hide sensitive data from pipeline for sh commands

I have Jenkinsfile that creates mt object and passes vaultToken to psl library:
Jenkinsfile:
#Library('shared-library#psl')
Maintenance mt = new Maintenance()
mt.setVaultToken(config.vaultToken)
mt.setApiUrl(config.apiUrl)
pslService.createMaintenance(mt)
pslService:
String createMaintenance(Maintenance mt){
dockerBuildHelper.getDockerImage(dockerBuildHelper.getWdBuildDockerImageName()).inside('-u root'){
String cmd = "curl -X POST '${mt.getApiUrl()}'" +
" -H 'Content-Type: application/json'" +
" -H 'Authorization: Api-Token ${mt.getVaultToken()}'" +
" -d ${mt.getPayload()} | jq -r '.id'"
return sh(script: cmd, returnStdout: true).trim()
}
}
But this prints curl command and exposes vault token in the pipeline.
Does anyone know how I can hide the sensitive info and/or entire curl command?
I do not want to store this in credentials store, unless I have no choice.
I heard I can use set +x. But I am not sure how to use it and if it helps. Any thoughts?

Try to use mask password plugin. Or create secrets in jenkins and call them in environment block of pipeline.

I went with set +x
String cmd = """set +x
curl -X POST '${mt.getApiUrl()}' -H 'Content-Type: application/json' -H 'Authorization: Api-Token ${mt.getVaultToken()}' -d ${mt.getPayload()} | jq -r '.id'
"""
return sh(script: cmd, returnStdout: true).trim()

How to Get All Tags from Docker Hub (Private Repositories) as Shell Script

I have one shell script when i execute it showing only 64 tags from 300 tags docker hub.
Here is the below command which i'm executing in shell script through curl.
IMAGE_TAGS=$(curl -s -H "Authorization: JWT ${HUB_TOKEN} https://hub.docker.com/v2/repositories/$username/issues/tags/?page_size=300" | jq --raw-output '.results[] | .name')
Even after giving page_size also it is not showing my all tags
Note :- Tags using for Private Repositories
Please help me how can i solve it

Try API version 1 which help me to get all the tags
https://registry.hub.docker.com/v1/repositories/mysql/tags open in browser and you can modify it as per your need
Or have a look to Github https://gist.github.com/robv8r/fa66f5e0fdf001f425fe9facf2db6d49 This is exactly what you want
UPDATE
Add this in a shell script file
#!/usr/bin/env bash
docker-tags() {
arr=("$#")
for item in "${arr[#]}";
do
tokenUri="https://auth.docker.io/token"
data=("service=registry.docker.io" "scope=repository:$item:pull")
token="$(curl --silent --get --data-urlencode ${data[0]} --data-urlencode ${data[1]} $tokenUri | jq --raw-output '.token')"
listUri="https://registry-1.docker.io/v2/$item/tags/list"
authz="Authorization: Bearer $token"
result="$(curl --silent --get -H "Accept: application/json" -H "Authorization: Bearer $token" $listUri | jq --raw-output '.')"
echo $result
done
}
docker-tags "<YOUR_DOCKER_IMAGE_NAME>"
Replace <YOUR_DOCKER_IMAGE_NAME> with your docker image.
have a look to this for more info Listing the tags of a Docker image on a Docker hub through the HTTP API

Docker Private Registry Image Upload

I'm trying to upload images to my private docker registry using the HTTP API, unfortunately without success.
Apparently I haven't understood the upload process yet and would like to ask if anyone can explain this in detail or push me in the right direction.
So far I have tried the following with curl. To experiment I only use the empty alpine image.
For that i download it to my workstation with docker pull alpine and then I create tar archive with docker save -o alpine.tar alpine
I then unpack this archive into an alpine directory. This is what the content looks like:
ls -R alpine
alpine:
39cb81dcd06e3d4e2b813f56b72da567696fa9a59b652bd477615b31af969239
e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a.json
manifest.json
alpine/39cb81dcd06e3d4e2b813f56b72da567696fa9a59b652bd477615b31af969239:
json
layer.tar
VERSION
According to the documentation I should first initiate the upload by sending a POST to the /v2//blobs/uploads/ URL, for this I execute the following command:
curl -X POST -L -D headers $DOCKER_HOST/v2/alpine/blobs/uploads
The answer is the following:
cat headers
HTTP/1.1 301 Moved Permanently
Docker distribution api version: registry/2.0
location: /v2/alpine/blobs/uploads/
Date: Tu, 21 Jan 2020 12:42:55 GMT
content length: 0
HTTP/1.1 202 Accepted
content length: 0
Docker distribution api version: registry/2.0
Docker upload guide: ed595b3c-1236-46c8-a759-14187fc60e7d
Location: http://<IPADDRESS>/v2/alpine/blobs/uploads/ed595b3c-1236-46c8-a759-14187fc60e7d?_state=GjzU_y-YDQherf4xXO57KyEonSSSwNEM8FiF8rmNfuN7Ik5hbWUiOiJhbHBpbmUiLCJVVUlEIjoiZWQ1OTViM2MtMTIzNi00NmM4LWE3NTktMTQxODdmYzYwZTdkIiwiT2Zmc2V0IjowLCJTdGFydGVkQXQiOiIyMDIwLTAxLTIxVDEyOjQyOjU1LjMxNDYzNTg0NVoifQ%3D%3D
Range: 0-0
X Content Type Options: nosniff
Date: Tu, 21 Jan 2020 12:42:55 GMT
now i would like to do a monolithic upload, as described in the docker-registry documentation.
For this I make the following curl request:
url=http://<IPADDRESS>/v2/alpine/blobs/uploads/ed595b3c-1236-46c8-a759-14187fc60e7d?_state=GjzU_y-YDQherf4xXO57KyEonSSSwNEM8FiF8rmNfuN7Ik5hbWUiOiJhbHBpbmUiLCJVVUlEIjoiZWQ1OTViM2MtMTIzNi00NmM4LWE3NTktMTQxODdmYzYwZTdkIiwiT2Zmc2V0IjowLCJTdGFydGVkQXQiOiIyMDIwLTAxLTIxVDEyOjQyOjU1LjMxNDYzNTg0NVoifQ%3D%3D?digest=sha256:39cb81dcd06e3d4e2b813f56b72da567696fa9a59b652bd477615b31af969239
layerpath=/home/user/alpine/39cb81dcd06e3d4e2b813f56b72da567696fa9a59b652bd477615b31af969239/layer.tar
curl -X PUT -H "Content-Type=application/octet-stream" --data-binary #"$layerpath" $url
For this I receive an answer that means nothing to me:
{"errors":[{"code": "BLOB_UPLOAD_INVALID", "message": "blob upload invalid", "detail":212}]}
I don't know what I'm doing wrong. For any help I am very grateful.

Okay, I figured it out.
For all the others who are also dealing with this question here is a little script which should clarify the handling of the HTTP-Api:
#!/bin/bash
# Global Variables
MANIFEST="./Manifest.json"
DOCKER_HOST=$1
REPOSITORY=$2
LAYERPATH=$3
CONFIGPATH=$4
SIZE=
DIGEST=
LOCATION=
CONFIGSIZE=
CONFIGDIGEST=
LAYERSIZE=
LAYERDIGEST=
# Functions
function initiateUpload(){
LOCATION=$(curl -X POST -siL -v -H "Connection: close" $DOCKER_HOST/v2/$REPOSITORY/blobs/uploads | grep Location | sed '2q;d' | cut -d: -f2- | tr -d ' ' | tr -d '\r')
}
function patchLayer(){
layersize=$(stat -c%s "$1")
LOCATION=$(curl -X PATCH -v -H "Content-Type: application/octet-stream" \
-H "Content-Length: $layersize" -H "Connection: close" --data-binary #"$1" \
$LOCATION 2>&1 | grep 'Location' | cut -d: -f2- | tr -d ' ' | tr -d '\r')
SIZE=$layersize
}
function putLayer(){
DIGEST=sha256:$(sha256sum $1 | cut -d ' ' -f1)
url="$LOCATION&digest=$DIGEST"
curl -X PUT -v -H "Content-Length: 0" -H "Connection: close" $url
}
function uploadManifest(){
((size=$(stat -c%s "$MANIFEST")-1))
curl -X PUT -vvv -H "Content-Type: application/vnd.docker.distribution.manifest.v2+json"\
-H "Content-Length: $size" -H "Connection: close" \
-d "$(cat "$MANIFEST")" $DOCKER_HOST/v2/$REPOSITORY/manifests/latest
}
# Check Parameters
if [ $# -lt 4 ]
then
echo "Error: No arguments supplied."
echo "Usage: upload.sh <DOCKER_HOST> <REPOSITORY> <LAYER> <CONFIG>"
exit 1
fi
#upload Layer
initiateUpload
patchLayer $LAYERPATH
LAYERSIZE=$SIZE
putLayer $LAYERPATH
LAYERDIGEST=$DIGEST
#upload Config
initiateUpload
patchLayer $CONFIGPATH
CONFIGSIZE=$SIZE
putLayer $CONFIGPATH
CONFIGDIGEST=$DIGEST
cat > $MANIFEST << EOF
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": $CONFIGSIZE,
"digest": "$CONFIGDIGEST"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size":$LAYERSIZE,
"digest": "$LAYERDIGEST"
}
]
}
EOF
uploadManifest
It's not pretty, but it works for that.
If you need more information, I will gladly extend this answer

How can I list all tags for a Docker image on a remote registry?

How can I list all tags of a Docker image on a remote Docker registry using the CLI (preferred) or curl?
Preferably without pulling all versions from the remote registry. I just want to list the tags.

Update: sadly this solution will no longer work because Docker has deprecated the v1 API.
I got the answer from here . Thanks a lot! :)
Just one-line-script:(find all the tags of debian)
wget -q https://registry.hub.docker.com/v1/repositories/debian/tags -O - | sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}'
UPDATE
Thanks for #degelf's advice.
Here is the shell script.
#!/bin/bash
if [ $# -lt 1 ]
then
cat << HELP
dockertags -- list all tags for a Docker image on a remote registry.
EXAMPLE:
- list all tags for ubuntu:
dockertags ubuntu
- list all php tags containing apache:
dockertags php apache
HELP
fi
image="$1"
tags=`wget -q https://registry.hub.docker.com/v1/repositories/${image}/tags -O - | sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}'`
if [ -n "$2" ]
then
tags=` echo "${tags}" | grep "$2" `
fi
echo "${tags}"
You can just create a new file name, dockertags, under /usr/local/bin (or add a PATH env to your .bashrc/.zshrc), and put that code in it.
Then add the executable permissions(chmod +x dockertags).
Usage:
dockertags ubuntu ---> list all tags of ubuntu
dockertags php apache ---> list all php tags php containing 'apache'

As of Docker Registry V2, a simple GET suffice:
GET /v2/<name>/tags/list
See docs for more.

If you want to use the docker registry v2 API, it lists tags by pages. To list all the tags of an image, you may would like to add a large page_size parameter to the url, e.g.
curl -L -s 'https://registry.hub.docker.com/v2/repositories/library/centos/tags?page_size=1024'|jq '."results"[]["name"]'

The Docker V2 API requires an OAuth bearer token with the appropriate claims. In my opinion, the official documentation is rather vague on the topic. So that others don't go through the same pain I did, I offer the below docker-tags function.
The most recent version of docker-tags can be found in my GitHubGist : "List Docker Image Tags using bash".
The docker-tags function has a dependency on jq. If you're playing with JSON, you likely already have it.
#!/usr/bin/env bash
docker-tags() {
arr=("$#")
for item in "${arr[#]}";
do
tokenUri="https://auth.docker.io/token"
data=("service=registry.docker.io" "scope=repository:$item:pull")
token="$(curl --silent --get --data-urlencode ${data[0]} --data-urlencode ${data[1]} $tokenUri | jq --raw-output '.token')"
listUri="https://registry-1.docker.io/v2/$item/tags/list"
authz="Authorization: Bearer $token"
result="$(curl --silent --get -H "Accept: application/json" -H "Authorization: Bearer $token" $listUri | jq --raw-output '.')"
echo $result
done
}
Example
docker-tags "microsoft/nanoserver" "microsoft/dotnet" "library/mongo" "library/redis"
Admittedly, docker-tags makes several assumptions. Specifically, the OAuth request parameters are mostly hard coded. A more ambitious implementation would make an unauthenticated request to the registry and derive the OAuth parameters from the unauthenticated response.

You can list all the tags with skopeo and jq for json parsing through cli.
skopeo --override-os linux inspect docker://httpd | jq '.RepoTags'
[
"2-alpine",
"2.2-alpine",
"2.2.29",
"2.2.31-alpine",
"2.2.31",
"2.2.32-alpine",
"2.2.32",
"2.2.34-alpine",
"2.2.34",
"2.2",
"2.4-alpine",
"2.4.10",
"2.4.12",
"2.4.16",
"2.4.17",
"2.4.18",
"2.4.20",
"2.4.23-alpine",
"2.4.23",
"2.4.25-alpine",
"2.4.25",
"2.4.27-alpine",
"2.4.27",
"2.4.28-alpine",
"2.4.28",
"2.4.29-alpine",
"2.4.29",
"2.4.32-alpine",
"2.4.32",
"2.4.33-alpine",
"2.4.33",
"2.4.34-alpine",
"2.4.34",
"2.4.35-alpine",
"2.4.35",
"2.4.37-alpine",
"2.4.37",
"2.4.38-alpine",
"2.4.38",
"2.4.39-alpine",
"2.4.39",
"2.4.41-alpine",
"2.4.41",
"2.4.43-alpine",
"2.4.43",
"2.4",
"2",
"alpine",
"latest"
]
For external registries:
skopeo --override-os linux inspect --creds username:password docker://<registry-url>/<repo>/<image> | jq '.RepoTags'
Note: --override-os linux is only needed if you are not running on a linux host. For example, you'll have better results with it if you are on MacOS.

If the JSON parsing tool, jq is available
wget -q https://registry.hub.docker.com/v1/repositories/debian/tags -O - | \
jq -r '.[].name'

I've managed to get it working using curl:
curl -u <username>:<password> https://myrepo.example/v1/repositories/<username>/<image_name>/tags
Note that image_name should not contain user details etc. For example if you're pushing image named myrepo.example/username/x then image_name should be x.

Building on Yan Foto's answer (the v2 api), I created a simple Python script to list the tags for a given image.
Usage:
./docker-registry-list.py alpine
Output:
{
"name": "library/alpine",
"tags": [
"2.6",
"2.7",
"3.1",
"3.2",
"3.3",
"3.4",
"3.5",
"3.6",
"3.7",
"edge",
"latest"
]
}

You can achieve by running on terminal this:
curl -L -s 'https://registry.hub.docker.com/v2/repositories/library/mysql/tags/' | jq . | grep name
Also, if you don't have jq you have to install it by
sudo apt-get install jq

See CLI utility: https://www.npmjs.com/package/docker-browse
Allows enumeration of tags and images.
docker-browse tags <image> will list all tags for the image. e.g. docker-browse tags library/alpine
docker-browse images will list all images in the registry. Not currently available for index.docker.io.
You may connect it to any registry, including your private one, so long as it supports Docker Registry HTTP API V2

Here's a Powershell script I wrote for Windows. Handles v1 and v2 repos:
Get-DockerImageVersions.ps1:
param (
[Parameter (Mandatory=$true)]$ImageName,
[Parameter (Mandatory=$false)]$RegistryURL
)
if (!$RegistryURL)
{
$RegistryURL = "https://registry.hub.docker.com/v1/repositories"
}
$list = ""
if ($RegistryURL -like "*v2*")
{
$list = "/list"
}
$URL = "$RegistryURL/$ImageName/tags$list"
write-debug $URL
$resp = Invoke-WebRequest -UseBasicParsing $URL | ConvertFrom-Json
if ($RegistryURL -like "*v2*")
{
$tags = $resp | select tags
$tags.tags
} else {
$tags = $resp | select name
$tags.name
}

Get all tags from Docker Hub: this command uses the command-line JSON processor jq to select the tag names from the JSON returned by the Docker Hub Registry (the quotes are removed with tr). Replace library with the Docker Hub user name, debian with the image name:
curl -s 'https://registry.hub.docker.com/v2/repositories/library/debian/tags/' | jq -r '."results"[]["name"]'

To view all available tags in a browser:
https://registry.hub.docker.com/v1/repositories/<username>/<image_name>/tags
i.e. https://hub.docker.com/r/localstack/localstack/tags
Or, you can get a json response using this endpoint:
https://registry.hub.docker.com/v1/repositories/localstack/localstack/tags

My contribution:
Shell script
As short and simple as possible
Requires curl and jq
Uses Docker v2 REST API
Returns all tags using REST API pagination
Example:
$ docker-tags prantlf/chromedriver-headless
latest
102
93
86
Script contents:
#!/bin/sh
image=$1
if [ "$image" == "" ]; then
echo "Usage:
docker-tags <image>
Example:
docker-tags library/ubuntu"
exit 0
fi
page_size=100
page_index=0
while true; do
page_index=$((page_index+1))
results=`curl -L -s "https://registry.hub.docker.com/v2/repositories/$image/tags?page=$page_index&page_size=$page_size" | jq -r 'select(.results != null) | .results[]["name"]'`
if [ $? != 0 ] || [ "$results" == "" ]; then
break
fi
echo "$results"
done

As of 2023, there are a number of tools to do this
regclient
skopeo
crane
reg - hasn't been updates for years, unfortunately. Doesn't work with quay.io.
docker run --rm ghcr.io/regclient/regctl:v0.4.5 tag ls ghcr.io/regclient/regctl
docker run --rm quay.io/skopeo/stable:v1.9.2 list-tags docker://quay.io/skopeo/stable \
| jq -r '.Tags[]'
docker run --rm gcr.io/go-containerregistry/crane ls gcr.io/go-containerregistry/crane
docker run --rm r.j3ss.co/reg:v0.16.1 tags r.j3ss.co/reg
BTW - there are even more tools. This list looks comprehensive:
iximiuz/awesome-container-tinkering.

curl -u <username>:<password> https://$your_registry/v2/$image_name/tags/list -s -o - | \
tr -d '{' | tr -d '}' | sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | \
awk -F: '{print $3}' | sed -e 's/,/\n/g'
You can use it if your env has no 'jq', = )

You can use:
skopeo inspect docker://<REMOTE_REGISTRY> --authfile <PULL_SECRET> | jq .RepoTags

Here is a script that lists all tags either with 2 or 3 digits.
You can get the code directly on github
https://github.com/youssefalaoui/dockerhub-tools/blob/main/dockerhub-list-tags.sh
dockerhub_list_tags()
{
#local LOCAL_IMAGE LOCAL_GET_TWO_DIGITS_VERSIONS
LOCAL_IMAGE=${1:-null}
LOCAL_GET_TWO_DIGITS_VERSIONS=${2:-true}
if [[ $LOCAL_IMAGE == "" || $LOCAL_IMAGE == null ]]
then
printf "Image name is required: %s" ${FUNCNAME[0]};
exit 1;
fi
#[[ $LOCAL_IMAGE == "" || $LOCAL_IMAGE == null ]] && printf "Image name is required: %s" ${FUNCNAME[0]}; exit 1;
echo "Listing tags from docker hub for your image '$LOCAL_IMAGE'"
# Check if 2 digits format is requested, otherwise, show it in normal format
if [[ "$LOCAL_GET_TWO_DIGITS_VERSIONS" == true ]]; then
DOCKERHUB_LIST_TAGS=($(curl -L -s "https://registry.hub.docker.com/v2/repositories/$LOCAL_IMAGE/tags?page_size=1024"|jq '."results"[]["name"]' | sed 's/"//g' | sed 's/\.[^.]*$//'))
else
DOCKERHUB_LIST_TAGS=($(curl -L -s "https://registry.hub.docker.com/v2/repositories/$LOCAL_IMAGE/tags?page_size=1024"|jq '."results"[]["name"]' | sed 's/"//g'))
fi
for TAG in ${DOCKERHUB_LIST_TAGS[#]}
do
echo $TAG
done
}
# Test example
dockerhub_list_tags "library/nginx" false

You can also use this scrap :
# vim /usr/sbin/docker-tags
& Append Following (as it is):
#!/bin/bash
im="$1"
[[ -z "$im" ]] && { echo -e '\e[31m[-]\e[39m Where is the image name ??' ; exit ; }
[[ -z "$(echo "$im"| grep -o '/')" ]] && { link="https://hub.docker.com/r/library/$im/tags/" ; } || { link="https://hub.docker.com/r/$im/tags/" ; }
resp="$(curl -sL "$link")"
err="$(echo "$resp" | grep -o 'Page Not Found')"
if [[ ! -z "$err" ]] ; then
echo -e "\e[31m[-]\e[39m No Image Found with name => [ \e[32m$im\e[39m ]"
exit
else
tags="$(echo "$resp"|sed -e 's|}|\n|g' -e 's|{|\n|g'|grep '"result"'|sed -e 's|,|\n|g'|cut -d '[' -f2|cut -d ']' -f1|sed '/"tags":/d'|sed -e 's|"||g')"
echo -e "\e[32m$tags\e[39m"
fi
Make it Executable :
# chmod 755 /usr/sbin/docker-tags
Then Finally Try By :
$ docker-tags testexampleidontexist
[-] No Image Found with name => [ testexampleidontexist ]
$ docker search ubuntu
$ docker-tags teamrock/ubuntu
latest
[ Hope you are aware of $ & # before running any command ]

If folks want to read tags from the RedHat registry at https://registry.redhat.io/v2 then the steps are:
# example nodejs-12 image
IMAGE_STREAM=nodejs-12
REDHAT_REGISTRY_API="https://registry.redhat.io/v2/rhel8/$IMAGE_STREAM"
# Get an oAuth token based on a service account username and password https://access.redhat.com/articles/3560571
TOKEN=$(curl --silent -u "$REGISTRY_USER":"$REGISTRY_PASSWORD" "https://sso.redhat.com/auth/realms/rhcc/protocol/redhat-docker-v2/auth?service=docker-registry&client_id=curl&scope=repository:rhel:pull" | jq --raw-output '.token')
# Grab the tags
wget -q --header="Accept: application/json" --header="Authorization: Bearer $TOKEN" -O - "$REDHAT_REGISTRY_API/tags/list" | jq -r '."tags"[]'
If you want to compare what you have in your local openshift registry against what is in the upstream registry.redhat.com then here is a complete script.

The Docker Registry API has an endpoint to list all tags.
Looks like Tutum has a similar endpoint, as well as a way to access via tutum-cli.
With the tutum-cli, try the following:
tutum tag list <uuid>

In powershell 5.1, I have a simple list_docker_image_tags.ps1 script like this:
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[string]
$image
)
$url = "https://registry.hub.docker.com/v1/repositories/{0}/tags" -f $image
Invoke-WebRequest $url | ConvertFrom-Json | Write-Output
Then I can grep for 4.7 tags like this:
./list_docker_image_tags.ps1 microsoft/dotnet-framework | ?{ $_.name -match "4.7" }

Here's an answer that's applicable for v2 of the registry.
If you have jq and curl installed on your machine:
curl https://registry.hub.docker.com/v2/repositories/$REPOSITORY/tags?page_size=10000 | jq '.results[] | { name: .name, architectures: ([ (.images[] | if .variant? then .os + "/" + .architecture + .variant? else .os + "/" + .architecture end) ] | join(", ")) }'
For instance, running this command for the curlimages/curl repository yields:
{
"name": "latest",
"architectures": "linux/ppc64le, linux/s390x, linux/arm64, linux/386, linux/armv7, linux/amd64"
}
{
"name": "7.78.0",
"architectures": "linux/armv7, linux/arm64, linux/386, linux/s390x, linux/ppc64le, linux/amd64"
}
{
"name": "7.77.0",
"architectures": "linux/ppc64le, linux/arm64, linux/s390x, linux/armv7, linux/386, linux/amd64"
}
{
"name": "7.76.1",
"architectures": "linux/386, linux/arm64, linux/armv7, linux/ppc64le, linux/s390x, linux/amd64"
}
{
"name": "7.76.0",
"architectures": "linux/armv7, linux/386, linux/s390x, linux/amd64, linux/ppc64le, linux/arm64"
}
{
"name": "7.75.0",
"architectures": "linux/armv7, linux/ppc64le, linux/386, linux/amd64, linux/arm64, linux/s390x"
}
{
"name": "7.74.0",
"architectures": "linux/armv7, linux/386, linux/amd64, linux/ppc64le, linux/s390x, linux/arm64"
}
{
"name": "7.73.0",
"architectures": "linux/arm64, linux/armv7, linux/s390x, linux/ppc64le, linux/amd64, linux/386"
}
{
"name": "7.72.0",
"architectures": "linux/s390x, linux/amd64, linux/arm64, linux/386, linux/ppc64le, linux/armv7"
}
{
"name": "7.71.1",
"architectures": "linux/s390x, linux/arm64, linux/ppc64le, linux/amd64, linux/386, linux/armv7"
}
{
"name": "7.71.0",
"architectures": "linux/arm64, linux/ppc64le, linux/386, linux/s390x, linux/amd64, linux/armv7"
}
{
"name": "7.70.0",
"architectures": "linux/386, linux/arm64, linux/s390x, linux/amd64, linux/ppc64le, linux/armv7"
}
{
"name": "7.69.1",
"architectures": "linux/amd64"
}
{
"name": "7.69.0",
"architectures": "linux/amd64"
}
{
"name": "7.68.0",
"architectures": "linux/amd64"
}
{
"name": "7.67.0",
"architectures": "linux/amd64"
}
{
"name": "7.66.0",
"architectures": "linux/amd64"
}
{
"name": "7.65.3",
"architectures": "linux/amd64"
}

Edit:
In answer to the question:
How can I list all tags of a Docker image on a remote Docker registry using the CLI (preferred) or curl?
Preferably without pulling all versions from the remote registry. I just want to list the tags.
To get all the tags for an image you can use "curl" to get the specific image you want and pipe the output into "jq" to extract the information.
curl -L -s 'https://registry.hub.docker.com/v2/repositories/library/python/tags?page_size=1024'|jq '.results[]["name"]'
Output (truncated not the full list):
"3.9-windowsservercore"
"alpine3.14"
"alpine3.13"
"alpine"
"3.9.8-alpine3.14"
"3.9.8-alpine3.13"
"3.9.8-alpine"
Further should you need additional information from the registry you can access additional field information like this.
This command will give you both the tags and the size of the image which might be useful to have too.
curl -L -s 'https://registry.hub.docker.com/v2/repositories/library/python/tags?page_size=1024'|jq '.results[] as $results | ($results["name"] + " - " + ($results["full_size"] | tostring))'
Output (truncated not the full list):
"3.9-windowsservercore - 2241040278"
"alpine3.14 - 17565702"
"alpine3.13 - 17556181"
"alpine - 17565702"
"3.9.8-alpine3.14 -17362557"
"3.9.8-alpine3.13 - 17353629"
"3.9.8-alpine - 17362557"

There is a lot of duplication among the answers given thus far.
Most of them fail to take into account that the GitHub API (at least v2) will never return more than 100 results at a time, even if you ask for more. I noticed this when requesting the tags for php.
The following script works around this.
It only works for public repositories.
#!/bin/sh
# list the tags on Docker Hub for the given image(s)
# thank you, https://stackoverflow.com/questions/28320134/how-can-i-list-all-tags-for-a-docker-image-on-a-remote-registry
TagsFor()
{
curl -L -s 'https://registry.hub.docker.com/v2/repositories/library/'$1'/tags?page='$2'&page_size'=$3
}
for i in "$#"
do
TagsFor "$i" 1 10 |
jq -r .count |
while read nr_of_tags
do
nr_of_pages=`expr $nr_of_tags / 100`
seq 1 $nr_of_pages |
while read p
do
TagsFor "$i" "$p" 100 |
jq -r '.results[] | .name'
done
done
done
I just ran the script; it retrieved 7200 php tags. For all I know, it may be running into yet another API limit, but 7200 >> 100.

I have done this thing when I have to implement a task in which if user somehow type the wrong tag then we have to give the list of all the tag present in the repo(Docker repo) present in the register.
So I have code in batch Script.
<html>
<pre style="background-color:#bcbbbb;">
#echo off
docker login --username=xxxx --password=xxxx
docker pull %1:%2
IF NOT %ERRORLEVEL%==0 (
echo "Specified Version is Not Found "
echo "Available Version for this image is :"
for /f %%i in (' curl -s -H "Content-Type:application/json" -X POST -d "{\"username\":\"user\",\"password\":\"password\"}" https://hub.docker.com/v2/users/login ^|jq -r .token ') do set TOKEN=%%i
curl -sH "Authorization: JWT %TOKEN%" "https://hub.docker.com/v2/repositories/%1/tags/" | jq .results[].name
)
</pre>
</html>
So in this we can give arguments to out batch file like: Dockerfile java version7

Building on #AlexForbes's answer I've improved the api v2 docker-registry-list.py to support:
  – slashes in the repository name (eg curlimages/curl) and
  – private repos (authentication by username and password)
https://github.com/axil/docker-registry-list
Usage:
./docker-registry-list.py -u dockerid -p password dockerid/myrepo
Output:
{
"name": "dockerid/myrepo",
"tags": [
"1.0"
]
}

Was looking for an sdk in java that I could use to hit the Docker V2 API but couldn't find one. Repo here for anyone that might find it useful: https://github.com/fern-api/docker-registry-api.
Should be possible to generate in other languages too, feel free to open an issue on the repo!

Resources