GitHub Action

Let repository events trigger deploys.

appaloft/deploy-action installs and verifies the Appaloft CLI, maps GitHub Secrets, and invokes existing Appaloft deployment paths.

Entrypoint

GitHub Actions

Default

Pure SSH BYOS

Preview

Explicit workflow

GitHub App

control-plane owned

Minimal deploy workflow

name: Deploy
on:
  push:
    branches: [main]
jobs:
  deploy:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@v4
      - uses: appaloft/deploy-action@v1
        with:
          config: appaloft.yml
          ssh-host: ${{ secrets.APPALOFT_SSH_HOST }}
          ssh-user: ${{ secrets.APPALOFT_SSH_USER }}
          ssh-private-key: ${{ secrets.APPALOFT_SSH_PRIVATE_KEY }}

Aligned with

Public deploy-action plan, PR preview workflow spec, and Cloud self-deployment runbook.

Push deploys and PR previews both require an explicit user-authored workflow

Pure SSH Action is the default BYOS path

Self-hosted Server Action lets an Appaloft server/API own state and source links

Three modes

Pure SSH Action runs the CLI and stores state on the target server. Self-hosted Server Action calls the control-plane API. Product-grade Preview is owned by Cloud or a self-hosted control plane with preview policy, comments, checks, cleanup, audit, and quota.

Credential model

SSH keys, tokens, and secrets come from GitHub Secrets or trusted environments. Workflows may name secret references, but must not print secret values.

PR preview

The Action runs when a workflow subscribes to pull_request events. Close cleanup uses a separate close-event workflow; preview success leaves cleanup to that workflow.

Deployment flow

Checkout

GitHub Actions checks out the repository or PR SHA.

Run action

deploy-action installs the CLI or calls the self-hosted server API.

Emit status

Return deployment status, preview URL, and follow-up diagnostics.