digitalocean/app_action

digitalocean/app_action

Description: ⛵ App Platform - Deploy to DigitalOcean Container Registry and App Platform

Language: Go

License: MIT

Stars: 156

Forks: 26

Open issues: 24

Created: 2021-08-13T16:56:30Z

Pushed: 2026-04-13T09:59:01Z

Default branch: main

Fork: no

Archived: no

README:

Deploy a DigitalOcean App Platform app using GitHub Actions.

Deploy an app from source (including the configuration) on commit, while allowing you to run tests or perform other operations as part of your CI/CD pipeline.

• Supports picking up an in-repository (or filesystem really) app.yaml (defaults to .do/app.yaml, configurable via the app_spec_location input) to create the app from instead of having to rely on an already existing app that's then downloaded (though that is still supported). The in-filesystem app spec can also be templated with environment variables automatically (see examples below).
• Prints the build and deploy logs into the Github Action log on demand (configurable via print_build_logs and print_deploy_logs) and surfaces them as outputs build_logs and deploy_logs.
• Provides the app's metadata as the output app.
• Supports a "preview mode" geared towards orchestrating per-PR app previews. It can be enabled via deploy_pr_review, see the [Implementing Preview Apps](#launch-a-preview-app-per-pull-request) example.

Support

If you require assistance or have a feature idea, please create a support ticket at the official DigitalOcean Support.

Documentation

deploy action

Inputs

• token: DigitalOcean Personal Access Token. See https://docs.digitalocean.com/reference/api/create-personal-access-token/ for creating a new token.
• app_spec_location: Location of the app spec file. Defaults to .do/app.yaml.
• project_id: ID of the project to deploy the app to. If not given, the app will be deployed to the default project.
• app_name: Name of the app to pull the spec from. The app must already exist. If an app name is given, a potential in-repository app spec is ignored.
• print_build_logs: Print build logs. Defaults to false.
• print_deploy_logs: Print deploy logs. Defaults to false.
• deploy_pr_preview: Deploy the app as a PR preview. The app name will be derived from the PR, the app spec will be modified to exclude conflicting configuration like domains and alerts and all Github references to the current repository will be updated to point to the PR's branch. Defaults to false.

Outputs

• app: A JSON representation of the entire app after the deployment.
• build_logs: The builds logs of the deployment.
• deploy_logs: The deploy logs of the deployment.

delete action

Inputs

• token: DigitalOcean Personal Access Token. See https://docs.digitalocean.com/reference/api/create-personal-access-token/ for creating a new token.
• app_id: ID of the app to delete.
• app_name: Name of the app to delete.
• from_pr_preview: Use this if the app was deployed as a PR preview. The app name will be derived from a combination of the repo name and the PR.
• ignore_not_found: Ignore if the app is not found.

Usage

As a prerequisite for all examples, you'll need a DIGITALOCEAN_ACCESS_TOKENsecret in the respective repository. If not already done, get a DigitalOcean Personal Access token by following this instructions and declare it as that secret in the repository you're working with.

Deploy an app (with a referenced secret)

With the following contents of .do/app.yaml in the repository:

name: sample
services:
- name: sample
envs:
- key: SOME_SECRET
value: ${SOME_SECRET_FROM_REPOSITORY}
type: SECRET
github:
branch: main
repo: digitalocean/sample-golang

The following action deploys the app whenever a new commit is pushed to the main branch. Note that deploy_on_push is not used here, since the Github Action is the driving force behind the deployment. Updates to .do/app.yaml will automatically be applied to the app.

In this case, a secret of the repository named SOME_SECRET_FROM_REPOSITORY will also be passed into the app via its environment variables as SOME_SECRET. It is passed to the action's environment via the ${{ secrets.KEY }} notation and then substituted into the spec itself via the environment variable reference in value. Make sure to define the respective env var's type as SECRET in the spec to ensure the value is stored in an encrypted way.

Note: APP_DOMAIN, APP_URL and APP_ID are predefined App-wide variables. Avoid overriding them in the action's environment to avoid the env-var-expansion process of the Github Action to interfere with that of the platform itself.

name: Update App

on:
push:
branches: [main]

permissions:
contents: read

jobs:
deploy-app:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Deploy the app
uses: digitalocean/app_action/deploy@v2
env:
SOME_SECRET_FROM_REPOSITORY: ${{ secrets.SOME_SECRET_FROM_REPOSITORY }}
with:
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}

Deploy an app with a prebuilt image

With the following contents of .do/app.yaml in the repository:

name: sample
services:
- name: sample
image:
registry_type: GHCR
registry: YOUR_ORG
repository: YOUR_REPO
registry_credentials: ${GHCR_CREDENTIALS}
digest: ${SAMPLE_DIGEST}

The following action builds a new image from a Dockerfile in the repository and deploys the respective app from it. The build in App Platform is automatically bypassed. The built image is deployed from its digest, avoiding any inconsistencies around mutable tags and guaranteeing that exactly this image is deployed.

Similar to how we've passed the SOME_SECRET_FROM_REPOSITORY secret as an environment variable in the paragraph above, a secret of the repository, named for example GHCR_CREDENTIALS (which will have to be setup beforehand as well), can be passed to the app as registry_credentials…