GitHub Actions
Use GitHub Actions to automate the validation and deployment of your Kestra flows.
Overview
Kestra provides two official GitHub Actions that let you build a CI/CD pipeline directly within your GitHub repository. These actions allow you to validate and deploy flows automatically every time you push updates to your version control system.
In GitHub Actions, CI/CD pipelines are called Workflows — sequences of Actions that execute validation and deployment steps.
To use these Actions, your Kestra instance must be accessible to the GitHub Actions runner — either publicly over the internet or through a self-hosted runner within your network.
For flows managed through CI/CD, add the system.readOnly label set to "true" so the UI editor is disabled and production configurations stay immutable. This is especially recommended for critical production flows:
labels:
system.readOnly: true
Official Kestra Actions
Kestra provides two dedicated Actions to integrate with GitHub CI/CD pipelines:
- Kestra Validate Action — Validate your flows and templates before deployment.
- Kestra Deploy Action — Deploy validated flows and templates to your Kestra server.
Input Reference
Validate Action Inputs
| Input | Required | Default | Description |
|---|---|---|---|
directory | ✅ | — | Folder containing your resources. |
resource | ✅ | — | Resource type to validate — flow or template. |
server | ❌ | — | URL of your Kestra server. If omitted, validation runs locally. |
user | ❌ | — | Username for basic authentication. |
password | ❌ | — | Password for basic authentication. |
apiToken | ❌ | — | API token for Enterprise Edition authentication. |
tenant | ❌ | — | Tenant identifier (Enterprise Edition only). |
Deploy Action Inputs
| Input | Required | Default | Description |
|---|---|---|---|
namespace | ✅ | — | Namespace containing your flows and templates. |
directory | ✅ | — | Folder containing your resources. |
resource | ✅ | — | Resource type to deploy — flow, template, or namespace_files. |
server | ✅ | — | URL of your Kestra server. |
user | ❌ | — | Username for basic authentication. |
password | ❌ | — | Password for basic authentication. |
delete | ❌ | true | If true, flows not found in the directory will be deleted from the server. Set to false to preserve them. |
tenant | ❌ | — | Tenant identifier (Enterprise Edition only). |
to | ❌ | — | Remote path where namespace files should be uploaded. |
Example Workflow
The following GitHub Actions workflow validates all flows and then deploys them to multiple namespaces when changes are pushed to the repository.
name: Kestra CI/CD
on: [push]
jobs:
validate:
runs-on: ubuntu-latest
name: Validate Kestra flows
steps:
- name: Checkout repository content
uses: actions/checkout@v4
- name: Validate flows on server-side
uses: kestra-io/validate-action@develop
with:
directory: ./kestra/flows
resource: flow
server: ${{ secrets.KESTRA_HOSTNAME }}
deploy:
runs-on: ubuntu-latest
name: Deploy Kestra flows
needs: validate
steps:
- name: Checkout repository content
uses: actions/checkout@v4
# Deploy to product namespace
- name: Deploy product flows
uses: kestra-io/deploy-action@master
with:
namespace: product
directory: ./kestra/flows/product
resource: flow
server: ${{ secrets.KESTRA_HOSTNAME }}
# Deploy to engineering namespace
- name: Deploy engineering flows
uses: kestra-io/deploy-action@master
with:
namespace: engineering
directory: ./kestra/flows/engineering
resource: flow
server: ${{ secrets.KESTRA_HOSTNAME }}
Tips:
- Store your Kestra server credentials as GitHub Secrets to keep them secure.
- The example uses the
serverinput directly, but you can also authenticate using an API token instead of a username and password:
with:
server: ${{ secrets.KESTRA_HOSTNAME }}
apiToken: ${{ secrets.KESTRA_API_TOKEN }}
Additional Resources
- How-to Guide: GitHub Actions CI/CD — More examples and advanced workflows.
- Kestra Validate Action on GitHub
- Kestra Deploy Action on GitHub
Was this page helpful?