Skip to main content
Redhat Developers  Logo
  • Products

    Platforms

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat AI
      Red Hat AI
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • View All Red Hat Products

    Featured

    • Red Hat build of OpenJDK
    • Red Hat Developer Hub
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenShift Dev Spaces
    • Red Hat OpenShift Local
    • Red Hat Developer Sandbox

      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Secure Development & Architectures

      • Security
      • Secure coding
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • Product Documentation
    • API Catalog
    • Legacy Documentation
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

OpenShift Actions: Deploy to Red Hat OpenShift directly from your GitHub repository

February 13, 2020
Luca Stocchi
Related topics:
CI/CDDeveloper ToolsDevOps
Related products:
Red Hat OpenShift

Share:

    Here is a common situation: You write your code, everything is on GitHub, and you are ready to publish it. But, you know that your job is not finished yet. You need to deploy your code and this process can be a nightmare at times.

    Ideally, you should be able to do this whole process all in one place, but until now, you always had to set up external services and integrate them with GitHub (or add post-commit hooks). What if, instead, you could replace all of these extras and run everything directly from your GitHub repository with just a few YAML lines? Well, this is exactly what GitHub Actions are for.

    GitHub Actions are a new feature recently introduced by GitHub. They enable users to set up custom software development life cycle (SDLC) workflows directly from their GitHub repositories. By using actions, developers can let GitHub take care of a number of processes that can be triggered by a variety of events on the platform, like pushing code, making a release, and so on. This way, you can let GitHub deploy your app every time an event occurs and just focus on your code.

    Although GitHub Actions is still quite new, we could not wait to make an action and let developers connect and deploy to their Red Hat OpenShift cluster directly from their GitHub repository. In this article, we will take a quick look at the OpenShift Actions extension and show how easy it is to set up and use.

    Note: OpenShift Actions can be downloaded from the GitHub marketplace directly from this link.

    Using OpenShift Actions

    To use OpenShift Actions in your GitHub repository, start by creating your workflow and saving it as a YAML file in .github/workflows/<file name>.yml. By clicking on the Actions tab (on top of your repository, next to Pull request) you will be shown the most popular continuous integration workflows and you will be guided to set up your own, as shown in Figure 1.

    new workflow in the GitHub Actions tab

    Figure 1: Your new workflow in GitHub.">

    As you can see in the example below, you can define the events that trigger your workflow, the runner to execute each job (e.g., different types and versions of virtual host machines, including Linux, Windows, and macOS), and all of the actions to run:

    name: CI
    on:
      # Trigger the workflow on push to the master branch
      push:
        branches:
          - master
    jobs:
      build:
        runs-on: ubuntu-latest
        steps:
        - name: OpenShift Action
          uses: redhat-developer/openshift-actions@v1.1
          with:
            version: 'latest'
            openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_URL }}
            parameters: '{"apitoken": "${{ secrets.API_TOKEN }}", "acceptUntrustedCerts": "true"}'
            cmd: |
              'version'
              'start-build nodejs-ex --follow'
              'status'
    

    In our example, we want to deploy our application on OpenShift every time something is pushed to our master. For this reason, we configure our workflow to start when the event push occurs and also specify the branch we are interested in, the master. If the branch is omitted, the workflow will trigger on each push made to the repository.

    Next, we need to specify whether to use a GitHub-hosted or self-hosted runner. GitHub only provides runners on Windows Server 2019, Linux Ubuntu 16.04/18.04, and macOS Catalina 10.15. If you want to have your own runner on Red Hat Enterprise Linux/CentOS/Fedora, you have to choose self-hosted. Here is a list of all supported operating systems.

    Finally, we need to set up all of the actions (steps) we want to execute. In this case, we are just deploying our application to our OpenShift cluster using our OpenShift action, but you could also add another action to send an email or an SMS to someone, or run tests. Just use your imagination.

    Note: In this example, we are using OpenShift Actions v1.1. To use the latest release, go to the marketplace.

    OpenShift action inputs

    You can see that the OpenShift action requires inputs to run. Let’s look at what they are and what they are for:

    • version (optional): The version of the oc CLI that we want the OpenShift Actions to use when executing commands. This input accepts three different values:
      • version number (i.e., 3.11.36)
      • URL for downloading the oc bundle (i.e., https://mirror.openshift.com/pub/openshift-v3/clients/3.11.36/linux/oc.tar.gz)
      • version:
        • Used in the form version: 'latest'.
        • Downloads the latest version available.
        • Acts as the default value for this input.
    • openshift_server_url (required): The URL for the OpenShift cluster, used in the form openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_URL }}.
    • parameters (required): A JSON string with the values needed to connect to the OpenShift cluster. Must be in the form parameters: '{"apitoken": "${{ secrets.API_TOKEN }}", "acceptUntrustedCerts": "true"}'.
    • cmd (required): One or more oc commands to be executed.

    OpenShift action authentication

    To allow the extension to connect to our cluster, we need to configure an OpenShift connection. The parameters input is used for this purpose. Based on its value, one of two supported authentication methods will be used: basic or token.

    Basic authentication

    The parameters input uses a username and password to connect to the cluster, i.e., parameters: '{"username": "${{ secrets.USERNAME }}", "password": "${{ secrets.PASSWORD }}", "acceptUntrustedCerts": "true"}'

    Name Requirement Description
    username required The OpenShift username.
    password required The password for the specified user.
    acceptUntrustedCerts optional Whether it is ok to accept self-signed (untrusted) certificates.
    certificateAuthorityFile optional The path to where the certificate authority file is stored.

    Token authentication

    The parameters input uses an API token to connect to the cluster, i.e., parameters: '{"apitoken": "${{ secrets.API_TOKEN }}"}'.

    Name Requirement Description
    apitoken required The API token used for authentication.
    acceptUntrustedCerts optional Whether it is ok to accept self-signed (untrusted) certificate.
    certificateAuthorityFile optional The path where the certificate authority file is stored.

    Secrets

    As you can see above, we never write our sensitive data in the clear. We always use secrets. Even though this setup is not mandatory, we highly suggest using secrets when needed.

    Secrets are encrypted environment variables created in a repository and are only used by GitHub Actions. GitHub encrypts secrets in the web browser using public key-authenticated encryption and the Poly1305 cipher algorithm. For more information, see the TweetNaCl.js documentation.

    To make a secret available to an action, you must set it in your repository and then add it as an input or environment variable in the workflow file.

    Note: For an organization's repository, you must have admin access in order to create encrypted secrets. For a user account repository, you must be the repository owner to create encrypted secrets.

    Here is how to create a secret:

    1. Go to the main page of your repository.
    2. Click on Settings.
    3. In the left sidebar, select Secrets.
    4. Type a name for your secret in the Name input box. (Secret names must be unique and cannot contain any spaces.)
    5. Type the value for your secret. (To ensure that GitHub redacts your secret in logs, avoid using structured data as the values of secrets. Avoid creating secrets that contain JSON or encoded Git blobs.)
    6. Click Add secret.

    Note: Your workflow can have up to 100 secrets.

    Final words

    At this point, you should be able to set up your workflow and see the OpenShift action running every time the event chosen in your YAML file is triggered. To check if your workflow is working properly, you can always visit the Actions tab in your repository and verify that all of the steps succeeded, as shown in Figure 2.

    Workflow status in the Actions tab

    Figure 2: Check on your workflow in your repository's Actions tab.">

    If you encounter any bugs, have any suggestions, or if you would like to have a new feature implemented, you can submit an issue through our repo. OpenShift Actions is an open source project and suggestions, comments, and pull requests are always welcome.

    Last updated: February 5, 2024

    Recent Posts

    • A deep dive into Apache Kafka's KRaft protocol

    • Staying ahead of artificial intelligence threats

    • Strengthen privacy and security with encrypted DNS in RHEL

    • How to enable Ansible Lightspeed intelligent assistant

    • Why some agentic AI developers are moving code from Python to Rust

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit
    © 2025 Red Hat

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue