GitHub Action
Defang Deployment Action
A GitHub Action to deploy with Defang. Use this action to deploy your application with Defang, either to the Defang Playground, or to your own AWS account.
The simplest usage is to deploy a Compose-based project to the Defang Playground. This is done by adding the following to your GitHub workflow, assuming you have a compose.yaml
file in the root of your repository.
To do so, just add a job like the following to your GitHub workflow (note the permissions and the Deploy step):
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Deploy
uses: DefangLabs/[email protected]
Defang allows you to securely manage configuration values. You can store your config using GitHub Actions Secrets and then pass them through to the Defang action.
To publish a secret stored in GitHub to the cloud as a secure config value with defang, you need to do two things:
- Use the
env
section of the step to pass the value of the secrets to environment variables that match the names of the config values in your Compose file. - Specify the names of the environment variables you want to push to the cloud as config values in the
config-env-vars
input.
The second step is to make sure that we only publish the secrets you explicitly tell us to. For example, you could have a secret in an env var at the job level, instead of the step level that you might not want to push to the cloud, even if it is in a secure store.
jobs:
test:
# [...]
steps:
# [...]
- name: Deploy
uses: DefangLabs/[email protected]
with:
# Note: you need to tell Defang which env vars to push to the cloud as config values here. Only these ones will be pushed up.
config-env-vars: "API_KEY DB_CONNECTION_STRING"
env:
API_KEY: ${{ secrets.API_KEY }}
DB_CONNECTION_STRING: ${{ secrets.DB_CONNECTION_STRING }}
If your Compose file is in a different directory than your project root, you can specify the path to the project in the cwd
input.
jobs:
test:
# [...]
steps:
# [...]
- name: Deploy
uses: DefangLabs/[email protected]
with:
cwd: "./test"
If you want to use a specific version of the Defang CLI, you can specify it using the cli-version
input.
jobs:
test:
# [...]
steps:
# [...]
- name: Deploy
uses: DefangLabs/[email protected]
with:
cli-version: v0.5.38
Here is a full example of a GitHub workflow that does everything we've discussed so far:
name: Deploy
on:
push:
branches:
- main
jobs:
test:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Deploy
uses: DefangLabs/[email protected]
with:
cli-version: v0.5.43
config-env-vars: "API_KEY DB_CONNECTION_STRING"
cwd: "./test"
env:
API_KEY: ${{ secrets.API_KEY }}
DB_CONNECTION_STRING: ${{ secrets.DB_CONNECTION_STRING }}