Push Command
Tag, push, and optionally deploy an image to the Gordon registry.
gordon push
Synopsis
gordon push [image] [options]
Arguments
| Argument | Description |
|---|---|
[image] |
Image name to push (optional). If omitted, auto-detected from Dockerfile labels or current directory name |
Options
| Option | Description |
|---|---|
--build |
Build the image first using docker buildx |
-f, --file |
Path to Dockerfile (default: ./Dockerfile, used with --build) |
--platform |
Target platform for buildx (default: linux/amd64) |
--build-arg |
Additional build args (repeatable, KEY=VALUE) |
--tag |
Override version tag (default: tag ref from CI, then git describe --tags --dirty) |
--no-confirm |
Skip deploy confirmation prompt |
--no-deploy |
Push only; skip deployment prompt |
--domain |
Explicit domain override (legacy mode) |
--remote |
Remote Gordon URL |
--token |
Authentication token for remote |
Description
gordon push resolves the target image from the backend, tags it for the
Gordon registry, pushes it, and optionally deploys it.
Image resolution order:
- If
--domainis provided, uses domain-based route lookup - If an image name is provided as argument, resolves domain(s) from the backend
- If no argument, auto-detects from Dockerfile
gordon.domainlabel or current directory name
To push attachment images (databases, caches, etc.), use gordon attachments push.
- For first deploys, run
gordon bootstrapfirst to create or update the route, attachments, and secrets, then rungordon pushto upload and deploy the image. - The registry and repository are derived from the route image on the server.
- The version tag defaults to a CI tag ref (like
refs/tags/v1.2.3) when available, then falls back togit describe --tags --dirty(for examplev1.2.3-4-gabc1234orv1.2.3-dirty). If no tag is found,latestis used. - When
--buildis set, the command builds withdocker buildx build --loadand injectsVERSION,GIT_TAG,GIT_SHA, andBUILD_TIMEinto the build environment plus any--build-argvalues. To use these in your Dockerfile, declare them withARG(e.g.,ARG VERSION) then reference viaENVor in build steps. - Use
-f/--fileto build from a Dockerfile outside the current directory root. - The version tag and
latestare both pushed (unless the version islatest).
Authentication
When used with --remote, gordon push authenticates in two ways:
- Admin API (route resolution, deploy): uses
--tokenor$GORDON_TOKENas Bearer token - Registry push: automatically exchanges the token for a short-lived (5 min) registry access token via
/auth/token-- nodocker loginrequired
This means CI/CD pipelines only need a single secret (GORDON_TOKEN).
Deploy Modes
When the token has admin:config:write scope, the CLI manages deployment explicitly
(DeployIntent → push → Deploy). This gives the CLI control over deploy timing.
When the token lacks admin:config:write, the CLI pushes the image and the server
auto-deploys when it receives it via its event listener. The CLI logs:
info: deploy intent skipped (insufficient scope), server will auto-deploy on image receive
Version Auto-Detection
Gordon reads version tags from CI environment variables (in priority order):
| CI System | Variable | Example |
|---|---|---|
| GitHub Actions | $GITHUB_REF |
refs/tags/v1.2.0 |
| GitHub Actions | $GITHUB_REF_TYPE + $GITHUB_REF_NAME |
tag + v1.2.0 |
| GitLab CI | $CI_COMMIT_TAG |
v1.2.0 |
| Azure DevOps | $BUILD_SOURCEBRANCH |
refs/tags/v1.2.0 |
| Any | git describe --tags |
v1.2.3-4-gabc1234 |
| Fallback | - | latest |
Examples
# Build, push, and deploy (auto-detect image name)
gordon push --build --remote https://gordon.example.com --no-confirm
# Specify image name explicitly
gordon push myapp --build --remote https://gordon.example.com --no-confirm
# Push existing local image, skip deploy
gordon push myapp --tag v1.2.0 --no-deploy
# Push and deploy without confirmation
gordon push myapp --no-confirm
# Build for ARM and pass build args
gordon push myapp --build --platform linux/arm64 --build-arg CGO_ENABLED=0
# Build from a custom Dockerfile path
gordon push myapp --build -f docker/app/Dockerfile
# CI/CD usage (single env var, no docker login needed)
export GORDON_TOKEN="your-token"
gordon push --build --remote https://gordon.example.com --no-confirm
Notes
- Remote mode required. See CLI Overview for targeting options.
gordon pushrequires the route to already exist so it can resolve the target image. Usegordon bootstrapfor first deploys.--buildrequires Docker with Buildx. Docker Desktop includes it; on Linux, install thedocker-buildx-pluginpackage.- Gordon uses native registry uploads instead of shelling out to
docker push. Image layers are sent in 50MB chunks, which stays under Cloudflare's 100MB per-request limit so proxied pushes keep working. Keep the server'smax_blob_chunk_sizelarger than the client chunk size; the default95MBworks out of the box.