This Action for Radix CLI to integrate with the Radix platform from a GitHub Action workflow.
Want to contribute? Read our contributing guidelines
This Action will install rx into your workflow and optionally authenticate against Radix.
Arguments:
version: The version ofrxto install. If not specified, the latest version will be installed.azure_client_id: The Azure client ID of the service principal to use for authentication.azure_client_secret: The Azure client secret of the service principal to use for authentication.
Note: If azure_client_id is not set the action will not authenticate against Radix.
If you are using GitHub Workload Identity to authenticate against Azure, you need to set the azure_client_id input parameter and leave the azure_client_secret empty.
When the azure_client_secret is blank, we default to signing in using GitHub workload identity.
See the second example below for a complete example.
When in yaml file of the workflow a step uses | , next lines are considered as multiple separate lines (multiple commands), if there is no | - multiple lines are joined to one command arguments.
- run: |
rx create pipeline-job deploy
--from-config
-c developmentthis will be transformed to multiple separate shell commands
$ rx create pipeline-job deploy
$ --from-config
$ -c development- run:
rx create pipeline-job deploy
--from-config
-c developmentthis will be transformed to the one shell command
rx create pipeline-job deploy --from-config -c developmentname: Validate Radix Config
on:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: equinor/radix-github-actions@v2
- run: rx validate radix-configname: Deploy on Radix # Authenticate with Federated Credentials
on:
workflow_dispatch:
permissions:
contents: read
id-token: write # required to get a GitHub federated credential
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: equinor/radix-github-actions@v2
with:
azure_client_id: "00000000-0000-0000-0000-000000000000"
- run: rx create job deploy
--application application-name
--environment qa
--follow # `--follow` will ensure that the action step is followed, and won't continue until step is complete.
#--context platform,platform2 or playgroundname: Deploy on Radix # Authenticate with Client Secret
on:
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: equinor/radix-github-actions@v2
with:
azure_client_id: "00000000-0000-0000-0000-000000000000"
azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
- run: rx create job deploy
--environment qa
--follow
--from-config # will read information such as application-name, branch mapping etc from your radixconfig.yamlname: Configure secret # Authenticate with Federated Credentials
on:
workflow_dispatch:
permissions:
contents: read
id-token: write # required to get a GitHub federated credential
jobs:
update-secret:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: equinor/radix-github-actions@v2
with:
azure_client_id: "00000000-0000-0000-0000-000000000000"
- run: rx set environment-secret
--from-config
--environment prod
--component backend
--secret <your secret name>
--value '<your secret value>'name: Get environment from branch mapping in Radix config for repository
on:
workflow_dispatch:
jobs:
get-environment:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: equinor/radix-github-actions@v2
- id: getEnvironment
run: rx get config branch-environment
--from-config
--branch ${GITHUB_REF##*/}
> env.txt
- name: Print the environment
run: cat env.txtWe must run npm run build before commiting to ensure that the lib folder is up to date.
Tag a new version in the format vX.Y.Z and push it to the repository.
The Dockerfile and associated scripts and documentation in this project are released under the MIT License.
This is how we handle security issues