In a .gitlab-ci.yml job, if you do not specify a tag for an image, the latest tag is used by default.
The default configuration of the gitlab-runner to pull Docker images is if-not-present, which means the image is only loaded if it is not already present. This in turn means that the image used is not updated. So if you use latest or no tag at all,, the image used is the one that was current at the time it was pulled, any updates afterwards will be ignored.
To change this behavior, you can use one of the following methods:
- Change the pull-policy in GitLab Runner and in the job. This can be done by following the instructions in the official documentation: https://docs.gitlab.com/ee/ci/yaml/#imagepull_policy
- update the image manually on the server of the runner (with
docker pull foo:latest) - use ephemeral runners that are always rebuilt