Crane
Inspects, copies, and manipulates container images and registries without requiring a local Docker daemon.
What is crane image?
The crane image provides the Crane CLI from the go-containerregistry project, a set of tools for interacting directly with container registries. Crane allows users to pull, push, copy, tag, delete, and inspect container images using registry APIs rather than a local container runtime. It’s commonly used to view image manifests, list tags, extract layers, and move images between registries without building or running containers. In modern CI/CD pipelines and supply chain workflows, crane is valuable for automation tasks such as promoting images across environments, validating image metadata, signing or verifying artifacts (when paired with other tools), and debugging registry state. Its daemonless design makes it lightweight, scriptable, and well-suited for restricted or ephemeral environments like CI runners.
How to use this image
The crane image is typically run as a short-lived utility container in CI jobs or scripts. It executes commands directly against registries using credentials provided via environment variables or mounted config files.
Inspect an image manifest:
Copy an image between registries:
List tags in a repository:
Authenticate using a mounted Docker config:
Crane writes output to stdout and exits after each command, making it easy to compose into scripts and pipelines. For reproducibility, pin exact image tags and prefer baking registry credentials into secrets rather than passing them inline.
Image variants
Published under gcr.io/go-containerregistry/crane, the image is available as:
Crane releases are frequent and focused on registry compatibility and bug fixes; pinning specific versions helps avoid unexpected CLI behavior changes.
.avif)
