Skip to content

Timoni artifact push

timoni artifact push

Push a directory contents to a container registry


The push command packages a directory contents as an OCI artifact and pushes it to the container registry. If the directory contains a timoni.ignore file, the ignore rules will be used to exclude files from the artifact.

timoni artifact push [REPOSITORY URL] [flags]


  # Push the current dir contents to Docker Hub using the credentials from '~/.docker/config.json'
  echo $DOCKER_PAT | docker login --username timoni --password-stdin
  timoni artifact push oci:// -t latest -f .

 # Push a dir contents to GitHub Container Registry using a GitHub token
  timoni artifact push oci:// -f ./path/to/bundles \
    --creds=timoni:$GITHUB_TOKEN \
    --tag="$(git rev-parse --short HEAD)" \
    --tag=latest \
    --annotation="org.opencontainers.image.source=$(git config --get remote.origin.url)" \
    --annotation="org.opencontainers.image.revision=$(git rev-parse HEAD)' \

  # Push and sign with Cosign (the cosign binary must be present in PATH)
  echo $GITHUB_TOKEN | timoni registry login -u timoni --password-stdin
  export COSIGN_PASSWORD=password
  timoni artifact push oci:// \
    -f=/path/to/schemas \
    --tag=1.0.0 \
    --sign=cosign \


  -a, --annotation stringArray   Annotation in the format '<key>=<value>'.
      --content-type string      The content type of this artifact. (default "generic")
      --cosign-key string        The Cosign private key for signing the module.
      --creds creds              The credentials for the container registry in the format '<username>[:<password>]'.
  -f, --filepath string          Path to local file or directory. (default ".")
  -h, --help                     help for push
      --sign string              Signs the module with the specified provider.
  -t, --tag stringArray          Tag of the artifact.

Options inherited from parent commands

      --cache-dir string                    Artifacts cache dir, can be disable with 'TIMONI_CACHING=false' env var. (defaults to "$HOME/.timoni/cache")
      --kube-as string                      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
      --kube-as-group stringArray           Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
      --kube-as-uid string                  UID to impersonate for the operation.
      --kube-certificate-authority string   Path to a cert file for the certificate authority.
      --kube-client-certificate string      Path to a client certificate file for TLS.
      --kube-client-key string              Path to a client key file for TLS.
      --kube-context string                 The name of the kubeconfig context to use.
      --kube-insecure-skip-tls-verify       if true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure.
      --kube-server string                  The address and port of the Kubernetes API server.
      --kube-tls-server-name string         Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used.
      --kube-token string                   Bearer token for authentication to the API server.
      --kubeconfig string                   Path to the kubeconfig file.
      --log-color                           Adds colorized output to the logs. (defaults to false when no tty)
      --log-pretty                          Adds timestamps to the logs. (default true)
  -n, --namespace string                    The the namespace scope for the operation. (default "default")
      --registry-insecure                   If true, allows connecting to a container registry without TLS or with a self-signed certificate.
      --timeout duration                    The length of time to wait before giving up on the current operation. (default 5m0s)


  • timoni artifact - Commands for managing Open Container Initiative (OCI) artifacts