Skip to main content

An official website of the United States government

Here’s how you know

Continuous deployment

Setting up continuous deployment allows you to automatically upload your changes to your desired environment.

Get ready

Before setting up continuous deployment:

  1. Go through the production-ready guide to ensure your application uses the core best practices and zero-downtime deployment. This will help you use continuous deployment with reduced risk of errors and outages.
  • The essential requirements: your code needs to be in version control, and it needs to include a manifest.yml file that captures the intended deployment configuration for your application.
  1. Set up continuous integration. This will protect you from deploying a broken application. You can use the same service for continuous integration and continuous deployment — see the list of continuous integration services below for suggestions.

Provision deployment credentials

Continuous deployment systems require credentials for use in pushing new versions of your application code to Cloud.gov. You should use a restricted set of credentials that can only access a particular target space, rather than credentials tied to a user who has more access, or who may lose access when leaving your team or project. This "least privilege" approach minimizes the harm that is possible if the credentials are compromised in any way.

To create deployer account credentials with permission to deploy to a single space, set up a service account.

Configure your service

Cloud.gov does not provide a CI/CD (continuous integration/continuous deployment) service, but you can use any CI/CD service of your choice.

You can configure your code repositories, spaces, and CI/CD service together to enable automated or semi-automated deployments to your environments (such as development, staging, and production environments). For deployments in each environment, you can configure access control and testing requirements according to your project's needs.

The core concept is to set up a script that triggers when you update the material that you want to test and deploy (typically your code in your version control system). The script runs your commands, including your deploy command, using your service account credentials.

To illustrate how a CI/CD workflow could be incorporated with cloud.gov:

Another example of a CI/CD workflow (this illustration omits the org/space boundaries):

Service examples

Here are examples of how to set up three cloud-based services that have free tiers for open source projects:

Travis

See the Travis documentation.

Use api: https://api.fr.cloud.gov

You must encrypt the password, and you must escape any symbol characters in the password, to prevent possible situations where Travis could dump an error message that contains passwords or environment variables.

For more information about configuring Travis, see Customizing the Build.

Using Conditional Deployments with Travis

A common pattern for team workflows is to use separate development and main branches, along with using a staging or QA deployment with the development branch, and a production deployment with the main branch. This can be achieved in Travis with on: to specify a branch, and using unique manifests for each deployment.

deploy:
  - manifest: manifest-staging.yml
    # ...
    on:
      branch: develop
  - manifest: manifest.yml
    # ...
    on:
      branch: main

Each manifest should at the very least define an unique name, but can also define an unique host. Also, it may be necessary to define unique services for each application to use. See Cloning Applications for more information.

Jekyll with Travis

To deploy a Jekyll site, add the following to your .travis.yml:

language: ruby
rvm:
  - 2.1
script: jekyll build ./_site
deploy:
  skip_cleanup: true
  # ...

For details, see Jekyll's Continuous Integration guide.

CircleCI

See Getting Started with CircleCI -- you'll need to set up a CircleCI account and give it access to your code repository.

In your code repository, use the following template to set up your .circleci/config.yml file.

version: 2.1

jobs:
  deploy-cf:
    docker:
      - image: ubuntu:latest
    steps:
      - checkout # check out the code in the project directory
      - run:
          name: Install CF CLI v8
          command: |
            if command cf > /dev/null; then echo "CF client already installed"; exit 0; fi
            wget 'https://packages.cloudfoundry.org/stable?release=linux64-binary&version=8.8.0&source=github-rel' -O /tmp/cf8.tar.gz
            cd /usr/bin/ && sudo tar xzvpf /tmp/cf8.tar.gz
            rm -f /tmp/cf8.tar.gz
            cf -v
      - run:
          name: Deploy app
          command: |
            cf login -a https://api.fr.cloud.gov -u DEPLOYER_SERVICE_ACCOUNT_USERNAME -p $CF_PASS -o ORG -s SPACE
            cf push

workflows:
  deploy-workflow:
    jobs:
      - deploy-cf

Replace DEPLOYER_SERVICE_ACCOUNT_USERNAME, ORG, and SPACE with your information. Do not replace $CF_PASS with your deployer service account password -- instead, export the CF_PASS environment variable in the CircleCI interface and put the deployer password there.

You can also review their sample .circleci/config.yml file for more configuration options.

Note: If your manifest.yml describes more than one app, you might want to specify which app to push in the cf push line.

GitHub Actions

See the GitHub Actions documentation to get started, and this pre-made GitHub Action.

Usage

After following the instructions for setting up a Cloud.gov service account, store your username (CG_USERNAME) and password (CG_PASSWORD) as encrypted secrets.

Sample workflow

The following is an example of a workflow that uses this action. This example shows how to deploy a simple .NET Core app to Cloud.gov

name: .NET Core Deploy

on:
  pull_request:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
      - name: Setup .NET Core
        uses: actions/setup-dotnet@v1
        with:
          dotnet-version: 3.1.101

      - name: Install dependencies
        run: dotnet restore

      - name: Build
        run: dotnet build

  deploy:
    runs-on: ubuntu-latest
    needs: build

    steps:
      - uses: actions/checkout@v2
      - name: Deploy to Cloud.gov
        uses: cloud-gov/cg-cli-tools@main
        with:
          cf_api: https://api.fr.cloud.gov
          cf_username: ${{ secrets.CG_USERNAME }}
          cf_password: ${{ secrets.CG_PASSWORD }}
          cf_org: your-org
          cf_space: your-space

Note the reference to cloud-gov/cg-cli-tools@main in the workflow file above. You can use another workflow file as part of your deployment process if you desire, or add additional steps to your workflow by referencing other GitHub actions.

GSA.gov

An official website of the U.S. General Services Administration

Looking for U.S. government information and services?
Visit USA.gov