Can't push docker image to gitlab group

I have a gitlab group that holds projects that in turn only contain a single Dockerfile.

So contains


I am trying to push docker images from each project to its parent group container registry so that it is easier to pull them. So pulling would be

docker pull

docker pull

And it would be as if adding an image file to the group’s container registry.

I have created a deploy token for my_fancy_group that has write_registry scope.

I have added this as a masked variable (user: DEPLOY_USER, pass: DEPLOY_TOKEN) in my_fancy_group as well in order to be able to use it in the projects.

Now in my .gitlab-ci.yml I will run:

- echo $DEPLOY_TOKEN | docker login -u $DEPLOY_USER --password-stdin

Which will return

Login Succeeded

After I run these commands

- docker build -t$CI_COMMIT_TAG .
- docker image push$CI_COMMIT_TAG

And I get the error

The push refers to repository []
denied: requested access to the resource is denied

I have tested that the image is built ok with a docker run in between build and push

I have tried:

  1. Logging in again with the Deploy Token, which succeeds but the docker push fails as well.
  2. Using a different name to amaze_project_to_build_docker_image_1 in case there is some sort of name clash. Docker push fails
  3. Pushing to$CI_COMMIT_TAG. This succeeds but does not achieve the desired functionality.

It looks like the deploy token will only allow images such as$CI_COMMIT_TAG

Is there a way to do this? Or should I stick with separate projects? I guess that in the end it would be the same and I am just nitpicking.

Relevant documentation and posts: