Build and deploy with GitHub Actions¶

This how-to guide shows you how to build and deploy your application using GitHub Actions and the Nais deploy action.

Prerequisites¶

You're part of a Nais team
A Github repository where the Nais team has access
The repository contains a valid workload manifest

Authorize your Github repository for deployment¶

Open Nais Console in your browser and select your team.
Select the Repositories tab
Input your repository (organization/repository) and press Add.

Create a Github workflow¶

Note

If you require a more advanced workflow, or already have one: copy the relevant parts from the example below.

.github/workflows/main.yml

name: Build and deploy
on:
  push:
    branches:
      - main
jobs:
  build_and_deploy:
    name: Build, push and deploy
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
      actions: read
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Fetch all history for what-changed action
      - name: Determine what to do
        id: changed-files
        uses: "nais/what-changed@main"
        with:
          files: .nais/app.yaml #, topic.yaml, statefulset.yaml, etc.
      - name: Build and push image and SBOM to OCI registry
        if: steps.changed-files.outputs.changed != 'only-inputs'
        uses: nais/docker-build-push@v0
        id: docker-build-push
        with:
          team: <MY-TEAM> # Replace
      - name: Deploy to Nais
        uses: nais/deploy/actions/deploy@v2
        env:
          CLUSTER: <MY-CLUSTER> # Replace (1)
          RESOURCE: .nais/app.yaml # same list as in changed-files step above
          WORKLOAD_IMAGE: ${{ steps.docker-build-push.outputs.image }}
          TELEMETRY: ${{ steps.docker-build-push.outputs.telemetry }}

Cluster in this context is the same as the environment name. You can find the value in workloads/environments.

This example workflow is a minimal example that builds, signs, and pushes your container image to the image registry. It then deploys the app.yaml.

The WORKLOAD_IMAGE variable is used to tell the platform which image to use when deploying the workload. This is optional, and you can also set the image in the workload manifest directly using templating. If you do this, you should not set the WORKLOAD_IMAGE variable, but instead set a suitable VAR (traditionally, image is used).

When this file is pushed to the main branch, the workflow will be triggered, and you are all set.

Registry used by Nais

The nais/docker-build-push GitHub action as well as the nais/login GitHub action work with a registry that is only meant for use within the Nais platform.

Usage of this registry for other purposes is not supported. If you need to use the image outside of Nais, e.g. locally in a development environment, you should push the image to another registry.