All Products
Search

This Product

    Container Registry:Manage triggers

    Document Center

    Container Registry:Manage triggers

    Last Updated:Mar 26, 2026

    Container Registry triggers let you automate continuous integration workflows. When a new image tag is pushed to a repository, the trigger sends an HTTP POST notification to your endpoint so downstream systems—such as container services—can automatically pull and redeploy the updated image.

    Trigger methods

    Container Registry supports two methods for filtering which image pushes fire a trigger. If no method is specified, the trigger fires on every new or updated image tag.

    Method How it works Best for
    Expression-based Fires when the image tag matches a regular expression Filtering by naming convention (e.g., release builds only)
    Tag-based Fires when the image tag matches one of up to 10 specified tags Tracking a fixed set of known tags

    Expression-based triggering

    The trigger fires only when a pushed image tag matches the regular expression you specify.

    Example: Set the expression to release-v.* to trigger only images whose tags start with release-v. Images with non-matching tags do not fire the trigger, and the access log records the status as untriggered.

    To review the history of trigger invocations, click Access Log.

    Tag-based triggering

    Specify up to 10 tags. The trigger fires only when a pushed image tag matches one of those exact tags. If the pushed tag is not in the list, the trigger does not fire and the access log records the status as untriggered.

    To review the history of trigger invocations, click Access Log.

    Security rules

    HTTP

    Setting Value
    Default port 80
    Supported ports 80, 21, 443, 70, 210, 280, 488, 591, 777, and 1025–65535
    Non-default port Append the port number to the trigger URL

    HTTPS

    Setting Value
    Default port 443
    Supported ports 443 only
    Certificates Standard certificates only — self-signed certificates are not supported
    Other ports Use an HTTP endpoint instead

    Notification payload

    Each trigger invocation sends an HTTP POST request with a JSON payload to the trigger URL.

    Request format:

    POST /payload HTTP/1.1
Content-Type: application/json
Request URL: https://cs.console.alibabacloud.com/hook/trigger?triggerUrl=YzRmMWE5YzM2ZjMzYzQ0NmFiMGYzNWJlMmM2MjM2NzIyfGV4cHJlc3N8cmVkZXBsb3l8MThlMmllY2drdXYyZXw=&secret=365a4a664b45615438716a487a75695a7ac48329224b35b073c2197374e7d62a
Request method: POST

    Payload example:

    {
    "push_data": {
        "digest": "sha256:457f4aa83fc9a6663ab9d1b0a6e2dce25a12a943ed5bf2c1747c58d48bbb4917",
        "pushed_at": "2016-11-29 12:25:46",
        "tag": "latest"
    },
    "repository": {
        "date_created": "2016-10-28 21:31:42",
        "name": "repoTest",
        "namespace": "namespace",
        "region": "cn-hangzhou",
        "repo_authentication_type": "NO_CERTIFIED",
        "repo_full_name": "namespace/repoTest",
        "repo_origin_type": "NO_CERTIFIED",
        "repo_type": "PUBLIC"
    }
}

    `push_data` fields:

    Field Description
    digest SHA-256 digest of the pushed image
    pushed_at Timestamp of the push event
    tag Image tag that was pushed

    `repository` fields:

    Field Description
    date_created Timestamp when the repository was created
    name Repository name
    namespace Namespace the repository belongs to
    region Region where the repository is hosted
    repo_authentication_type Authentication type of the repository
    repo_full_name Full repository name in namespace/name format
    repo_origin_type Origin type of the repository
    repo_type Repository visibility (e.g., PUBLIC)