Tip
Now works with Docker Compose. NoΒ SwarmΒ Required!
mode: compose. See Inputs for more details...
This action deploys a docker stack from a compose file to a remote docker host using SSH through a Cloudflare Tunnel. You can also optionally authenticate against a private registry using a username and password.
This action uses a remote docker context to deploy the stack from the working directory allowing you to easily prepare the workspace for deployment.
Portainer Users: You can deploy directly to Portainer with: cssnr/portainer-stack-deploy-action
Note
Please submit a Feature Request for new features or Open an Issue if you find any bugs.
For more details see action.yaml and src/main.sh.
| InputΒ Name | IsΒ Required | DefaultΒ Value | InputΒ Description |
|---|---|---|---|
name |
Yes | - | Docker Stack/Project Name * |
file |
- | docker-compose.yaml |
Docker Stack/Compose File |
modeΒΉ |
- | swarm |
Deploy Mode: [swarm, compose] * |
argsΒΉ |
- | --remove-orphans --force-recreate |
Additional Arguments for Compose * |
host |
Yes | - | Remote Docker Hostname or IP * |
port |
- | 22 |
Remote Docker Port |
user |
Yes | - | Remote Docker Username |
ssh_key |
Yes | - | Remote SSH Key File * |
env_file |
- | - | Docker Environment File * |
cf_service_token_id |
- | - | Cloudflare Service Token ID * |
cf_service_token_secret |
- | - | Cloudflare Service Token Secret * |
detachΒ² |
- | true |
Detach Flag, false, to disable * |
pruneΒ² |
- | false |
Prune Flag, true, to enable |
resolve_imageΒ² |
- | always |
Resolve [always, changed, never] * |
registry_authΒ² |
- | - | Enable Registry Authentication * |
registry_host |
- | - | Registry Authentication Host * |
registry_user |
- | - | Registry Authentication Username * |
registry_pass |
- | - | Registry Authentication Password * |
summary |
- | true |
Add Job Summary * |
ΒΉ Compose Only, view the Docs.
Β² Swarm Only, view the Docs.
* More details below...
π Click Here to see how the deployment command is generated
if [[ "${INPUT_MODE}" == "swarm" ]];then
DEPLOY_TYPE="Swarm"
COMMAND=("docker" "stack" "deploy" "-c" "${INPUT_FILE}" "${EXTRA_ARGS[@]}" "${INPUT_NAME}")
else
DEPLOY_TYPE="Compose"
COMMAND=("docker" "compose" "-f" "${INPUT_FILE}" "-p" "${INPUT_NAME}" "up" "-d" "-y" "${EXTRA_ARGS[@]}")
finame: Stack name for Swarm and project name for Compose.
mode: Compose only. Set this to compose to use compose up instead of stack deploy for non-swarm hosts.
args: Compose only. Compose arguments to pass to the compose up command. Only used for mode: compose deployments.
The detach flag defaults to false for compose. With no args the default is --remove-orphans --force-recreate.
Use an empty string to override. For more details, see the compose
docs.
host: The hostname or IP address of the remote docker server to deploy to through Cloudflare Tunnel.
ssh_key: SSH private key for authentication. Required for Cloudflare Tunnel connections.
cf_service_token_id/cf_service_token_secret: Cloudflare service token credentials for accessing the tunnel. If not provided, the action will attempt to use the default authentication method.
env_file: Variables in this file are exported before running stack deploy.
To use a docker env_file specify it in your compose file and make it available in a previous step.
If you need compose file templating this can also be done in a previous step.
If using mode: compose you can also add the compose_arg: --env-file stringArray.
detach: Swarm only. Set this to false to not exit immediately and wait for the services to converge.
This will generate extra output in the logs and is useful for debugging deployments.
Defaults to false in mode: compose.
resolve_image: Swarm only. When the default always is used, this argument is omitted.
registry_auth: Swarm only. Set to true to deploy with --with-registry-auth.
registry_host: To run docker login on another registry. Example: ghcr.io.
registry_user/registry_pass: Required to run docker login before stack deploy.
summary: Write a Summary for the job. To disable this set to false.
To view a workflow run, click on a recent Test job (requires login).
π View Example Successful βοΈ Job Summary
π Swarm Stack test_stack-deploy Successfully Deployed.
docker stack deploy -c docker-compose.yaml --detach=false --resolve-image=changed test_stack-deploy
Results
Updating service test_stack-deploy_alpine (id: tdk8v42m0rvp9hz4rbfrtszb6)
1/1:
overall progress: 0 out of 1 tasks
overall progress: 1 out of 1 tasks
verify: Waiting 5 seconds to verify that tasks are stable...
verify: Waiting 4 seconds to verify that tasks are stable...
verify: Waiting 3 seconds to verify that tasks are stable...
verify: Waiting 2 seconds to verify that tasks are stable...
verify: Waiting 1 seconds to verify that tasks are stable...
verify: Service tdk8v42m0rvp9hz4rbfrtszb6 converged
π View Example Failure β Job Summary
β Swarm Stack test_stack-deploy Failed to Deploy!
docker stack deploy -c docker-compose.yaml --detach=false --resolve-image=changed test_stack-deploy
Errors
Creating network test_stack-deploy_default
failed to create network test_stack-deploy_default: Error response from daemon: network with name test_stack-deploy_default already exists
- name: 'Stack Deploy via Cloudflare Tunnel'
uses: gamerou/stack-deploy-action-cf-tunnel@v1
with:
name: 'stack-name'
file: 'docker-compose-swarm.yaml'
host: ${{ secrets.SSH_HOST }}
port: ${{ secrets.SSH_PORT }}
user: ${{ secrets.SSH_USERNAME }}
ssh_key: ${{ secrets.SSH_PRIVATE_KEY }}
cf_service_token_id: ${{ secrets.CF_SERVICE_TOKEN_ID }}
cf_service_token_secret: ${{ secrets.CF_SERVICE_TOKEN_SECRET }}π‘ Click on an example heading to expand or collapse the example.
With Cloudflare Tunnel and SSH Key
- name: 'Stack Deploy via Cloudflare Tunnel'
uses: gamerou/stack-deploy-action-cf-tunnel@v1
with:
name: 'stack-name'
file: 'docker-compose-swarm.yaml'
host: ${{ secrets.SSH_HOST }}
user: ${{ secrets.SSH_USERNAME }}
ssh_key: ${{ secrets.SSH_PRIVATE_KEY }}
cf_service_token_id: ${{ secrets.CF_SERVICE_TOKEN_ID }}
cf_service_token_secret: ${{ secrets.CF_SERVICE_TOKEN_SECRET }}With Cloudflare Tunnel, SSH Key and Registry Authentication
- name: 'Stack Deploy via Cloudflare Tunnel'
uses: gamerou/stack-deploy-action-cf-tunnel@v1
with:
name: 'stack-name'
file: 'docker-compose-swarm.yaml'
host: ${{ secrets.SSH_HOST }}
user: ${{ secrets.SSH_USERNAME }}
ssh_key: ${{ secrets.SSH_PRIVATE_KEY }}
cf_service_token_id: ${{ secrets.CF_SERVICE_TOKEN_ID }}
cf_service_token_secret: ${{ secrets.CF_SERVICE_TOKEN_SECRET }}
registry_host: 'ghcr.io'
registry_user: ${{ vars.GHCR_USER }}
registry_pass: ${{ secrets.GHCR_PASS }}With Cloudflare Tunnel, SSH Key, --prune, --detach=false and --resolve-image=changed
- name: 'Stack Deploy via Cloudflare Tunnel'
uses: gamerou/stack-deploy-action-cf-tunnel@v1
with:
name: 'stack-name'
file: 'docker-compose-swarm.yaml'
host: ${{ secrets.SSH_HOST }}
user: ${{ secrets.SSH_USERNAME }}
ssh_key: ${{ secrets.SSH_PRIVATE_KEY }}
cf_service_token_id: ${{ secrets.CF_SERVICE_TOKEN_ID }}
cf_service_token_secret: ${{ secrets.CF_SERVICE_TOKEN_SECRET }}
detach: false
prune: true
resolve_image: 'changed'Compose with Cloudflare Tunnel
- name: 'Compose Deploy via Cloudflare Tunnel'
uses: gamerou/stack-deploy-action-cf-tunnel@v1
with:
name: 'stack-name'
file: 'docker-compose.yaml'
host: ${{ secrets.SSH_HOST }}
user: ${{ secrets.SSH_USERNAME }}
ssh_key: ${{ secrets.SSH_PRIVATE_KEY }}
cf_service_token_id: ${{ secrets.CF_SERVICE_TOKEN_ID }}
cf_service_token_secret: ${{ secrets.CF_SERVICE_TOKEN_SECRET }}
mode: composeSimple Workflow Example with Cloudflare Tunnel
name: 'Stack Deploy Action via Cloudflare Tunnel'
on:
push:
jobs:
deploy:
name: 'Deploy'
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: 'Checkout'
uses: actions/checkout@v4
- name: 'Stack Deploy via Cloudflare Tunnel'
uses: gamerou/stack-deploy-action-cf-tunnel@v1
with:
name: 'stack-name'
file: 'docker-compose-swarm.yaml'
host: ${{ secrets.SSH_HOST }}
user: ${{ secrets.SSH_USERNAME }}
ssh_key: ${{ secrets.SSH_PRIVATE_KEY }}
cf_service_token_id: ${{ secrets.CF_SERVICE_TOKEN_ID }}
cf_service_token_secret: ${{ secrets.CF_SERVICE_TOKEN_SECRET }}Full Workflow Example with Cloudflare Tunnel
name: 'Stack Deploy Action via Cloudflare Tunnel'
on:
workflow_dispatch:
inputs:
tags:
description: 'Tags: comma,separated'
required: true
default: 'latest'
env:
REGISTRY: 'ghcr.io'
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: true
jobs:
build:
name: 'Build'
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
packages: write
steps:
- name: 'Checkout'
uses: actions/checkout@v4
- name: 'Setup Buildx'
uses: docker/setup-buildx-action@v2
with:
platforms: 'linux/amd64,linux/arm64'
- name: 'Docker Login'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.GHCR_USER }}
password: ${{ secrets.GHCR_PASS }}
- name: 'Generate Tags'
id: tags
uses: cssnr/docker-tags-action@v1
with:
images: ${{ env.REGISTRY }}/${{ github.repository }}
tags: ${{ inputs.tags }}
- name: 'Build and Push'
uses: docker/build-push-action@v6
with:
context: .
platforms: 'linux/amd64,linux/arm64'
push: true
tags: ${{ steps.tags.outputs.tags }}
labels: ${{ steps.tags.outputs.labels }}
deploy:
name: 'Deploy'
runs-on: ubuntu-latest
timeout-minutes: 5
needs: [build]
steps:
- name: 'Checkout'
uses: actions/checkout@v4
- name: 'Stack Deploy via Cloudflare Tunnel'
uses: gamerou/stack-deploy-action-cf-tunnel@v1
with:
name: 'stack-name'
file: 'docker-compose-swarm.yaml'
host: ${{ secrets.SSH_HOST }}
user: ${{ secrets.SSH_USERNAME }}
ssh_key: ${{ secrets.SSH_PRIVATE_KEY }}
cf_service_token_id: ${{ secrets.CF_SERVICE_TOKEN_ID }}
cf_service_token_secret: ${{ secrets.CF_SERVICE_TOKEN_SECRET }}
cleanup:
name: 'Cleanup'
runs-on: ubuntu-latest
timeout-minutes: 5
needs: deploy
permissions:
contents: read
packages: write
steps:
- name: 'Purge Cache'
uses: cssnr/cloudflare-purge-cache-action@v2
with:
token: ${{ secrets.CLOUDFLARE_API_TOKEN }}
zones: example.com
```
</details>
## Tags
The following rolling [tags](https://github.com/gamerou/stack-deploy-action-cf-tunnel/tags) are maintained.
| Version Tag | Rolling | Bugs | Feat. | Name | Target | Example |
| :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :-----: | :--: | :---: | :-------: | :------: | :------- |
| [](https://github.com/gamerou/stack-deploy-action-cf-tunnel/releases/latest) | β
| β
| β
| **Major** | `vN.x.x` | `vN` |
| [](https://github.com/gamerou/stack-deploy-action-cf-tunnel/releases/latest) | β
| β
| β | **Minor** | `vN.N.x` | `vN.N` |
| [](https://github.com/gamerou/stack-deploy-action-cf-tunnel/releases/latest) | β | β | β | **Micro** | `vN.N.N` | `vN.N.N` |
You can view the release notes for each version on the [releases](https://github.com/gamerou/stack-deploy-action-cf-tunnel/releases) page.
The **Major** tag is recommended. It is the most up-to-date and always backwards compatible.
Breaking changes would result in a **Major** version bump. At a minimum you should use a **Minor** tag.
## Features
- Deploy to a remote host using SSH through a Cloudflare Tunnel
- Deploy using a remote context from the current working directory
- Deploy from a compose file to either a Docker Swarm or Compose host
- Displays output in logs, captures it in the Summary, and checks the status
- Allows logging into a private registry and deploying with registry auth
- Allows specifying all arguments for both Swarm and Compose deployments
Don't see your feature here? Request it below in the [Support](#Support) section.
# Support
For general help or to request a feature see:
- Q&A Discussion: https://github.com/gamerou/stack-deploy-action-cf-tunnel/discussions/categories/q-a
- Request a Feature: https://github.com/gamerou/stack-deploy-action-cf-tunnel/discussions/categories/feature-requests
If you are experiencing an issue/bug or getting unexpected results you can:
- Report an Issue: https://github.com/gamerou/stack-deploy-action-cf-tunnel/issues
# Contributing
Currently, the best way to contribute to this project is to star this project on GitHub.
If you would like to submit a PR, please review the [CONTRIBUTING.md](CONTRIBUTING.md).
This action is a fork of [cssnr/stack-deploy-action](https://github.com/cssnr/stack-deploy-action) with added support for Cloudflare Tunnels.
```