GitHub Actions for Kestra – CI/CD Workflow Examples
Use GitHub Actions to automate the validation and deployment of your Kestra flows.
Automate Kestra deployments with GitHub Actions
Kestra provides two official GitHub Actions that let you build a CI/CD pipeline directly within your GitHub repository. These actions allow you to validate and deploy flows automatically every time you push updates to your version control system.
In GitHub Actions, CI/CD pipelines are called Workflows — sequences of Actions that execute validation and deployment steps. To use these Actions, your Kestra instance must be accessible to the GitHub Actions runner — either publicly over the internet or through a self-hosted runner within your network.
For flows managed through CI/CD, add the system.readOnly label set to "true" so the UI editor is disabled and production configurations stay immutable. This is especially recommended for critical production flows:
labels: system.readOnly: trueOfficial Kestra Actions
Kestra provides two dedicated Actions to integrate with GitHub CI/CD pipelines:
- Kestra Validate Action — Validate your flows and templates before deployment.
- Kestra Deploy Action — Deploy validated flows and templates to your Kestra server.
Input reference
Validate Action inputs
| Input | Required | Default | Description |
|---|---|---|---|
directory | ✅ | — | Folder containing your resources. |
resource | ✅ | — | Resource type to validate — flow or template. |
server | ❌ | — | URL of your Kestra server. If omitted, validation runs locally. |
user | ❌ | — | Username for basic authentication. |
password | ❌ | — | Password for basic authentication. |
apiToken | ❌ | — | API token for Enterprise Edition authentication. |
tenant | ❌ | — | Tenant identifier (Enterprise Edition only). |
Deploy Action inputs
| Input | Required | Default | Description |
|---|---|---|---|
namespace | ✅ | — | Namespace containing your flows and templates. |
directory | ✅ | — | Folder containing your resources. |
resource | ✅ | — | Resource type to deploy — flow, template, or namespace_files. |
server | ✅ | — | URL of your Kestra server. |
user | ❌ | — | Username for basic authentication. |
password | ❌ | — | Password for basic authentication. |
delete | ❌ | true | If true, flows not found in the directory will be deleted from the server. Set to false to preserve them. |
tenant | ❌ | — | Tenant identifier (Enterprise Edition only). |
to | ❌ | — | Remote path where namespace files should be uploaded. |
Example workflow
The following GitHub Actions workflow validates all flows and then deploys them to multiple namespaces when changes are pushed to the repository.
name: Kestra CI/CDon: [push]
jobs: validate: runs-on: ubuntu-latest name: Validate Kestra flows steps: - name: Checkout repository content uses: actions/checkout@v4
- name: Validate flows on server-side uses: kestra-io/validate-action@develop with: directory: ./kestra/flows resource: flow server: ${{ secrets.KESTRA_HOSTNAME }}
deploy: runs-on: ubuntu-latest name: Deploy Kestra flows needs: validate steps: - name: Checkout repository content uses: actions/checkout@v4
# Deploy to product namespace - name: Deploy product flows uses: kestra-io/deploy-action@master with: namespace: product directory: ./kestra/flows/product resource: flow server: ${{ secrets.KESTRA_HOSTNAME }}
# Deploy to engineering namespace - name: Deploy engineering flows uses: kestra-io/deploy-action@master with: namespace: engineering directory: ./kestra/flows/engineering resource: flow server: ${{ secrets.KESTRA_HOSTNAME }}Tips:
- Store your Kestra server credentials as GitHub Secrets to keep them secure.
- The example uses the
serverinput directly, but you can also authenticate using an API token instead of a username and password:
with: server: ${{ secrets.KESTRA_HOSTNAME }} apiToken: ${{ secrets.KESTRA_API_TOKEN }}Additional resources
- How-to Guide: GitHub Actions CI/CD — More examples and advanced workflows.
- Kestra Validate Action on GitHub
- Kestra Deploy Action on GitHub
Was this page helpful?