From adb36722465300d0c0329dc1103134953c7036b6 Mon Sep 17 00:00:00 2001
From: Viktor Nagy <126671+nagyv@users.noreply.github.com>
Date: Sat, 31 Jan 2026 17:53:48 +0100
Subject: [PATCH] Add example to push artifacts to a registry with a
 self-signed certificate

As discussed over Slack, the SSL_CERT_FILE env var can be used to set the path to the certificate, and it will be consumed properly by golang.

Signed-off-by: Viktor Nagy <126671+nagyv@users.noreply.github.com>
---
 cmd/flux/push_artifact.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/cmd/flux/push_artifact.go b/cmd/flux/push_artifact.go
index c37f0ef1..3948647d 100644
--- a/cmd/flux/push_artifact.go
+++ b/cmd/flux/push_artifact.go
@@ -98,6 +98,13 @@ The command can read the credentials from '~/.docker/config.json' but they can a
 	--source="$(git config --get remote.origin.url)" \
 	--revision="$(git tag --points-at HEAD)@sha1:$(git rev-parse HEAD)" \
 	--creds flux:$DOCKER_PAT
+
+  # Push manifests to a registry with a self-signed cert
+  export SSL_CERT_FILE=/path/to/your/certificate.crt
+  flux push artifact oci://ghcr.io/org/config/app:$(git rev-parse --short HEAD) \
+	--path="./path/to/local/manifests" \
+	--source="$(git config --get remote.origin.url)" \
+	--revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)"
 `,
 	RunE: pushArtifactCmdRun,
 }