diff --git a/.llms-snapshots/llms-full.txt b/.llms-snapshots/llms-full.txt index 6b9d91f4..31ea65b9 100644 --- a/.llms-snapshots/llms-full.txt +++ b/.llms-snapshots/llms-full.txt @@ -6692,17 +6692,13 @@ You can deploy using either ([GitHub Actions](#github-actions-deployment)) or ([ ### GitHub Actions deployment -1. From your Satellite's overview, navigate to the **Setup** tab. +1. From your Satellite's overview, navigate to the **Deployments** page. -2. Click on **Add an access key**. +2. Click **Connect repository** and follow the steps to register your repository. -3. Generate a new key with the default option. Click **Submit**. +3. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. -4. Upon successful creation, a **Secret token** will be displayed. Copy the value and save it as an [encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) in your GitHub repository or organization, using the key `JUNO_TOKEN`. - -5. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. - -6. Add the following workflow configuration: +4. Add the following workflow configuration: * npm @@ -6712,19 +6708,19 @@ You can deploy using either ([GitHub Actions](#github-actions-deployment)) or ([ .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` ### CLI deployment @@ -6917,17 +6913,13 @@ You can deploy using either ([GitHub Actions](#github-actions-deployment)) or ([ ### GitHub Actions deployment -1. From your Satellite's overview, navigate to the **Setup** tab. - -2. Click on **Add an access key**. +1. From your Satellite's overview, navigate to the **Deployments** page. -3. Generate a new key with the default option. Click **Submit**. +2. Click **Connect repository** and follow the steps to register your repository. -4. Upon successful creation, a **Secret token** will be displayed. Copy the value and save it as an [encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) in your GitHub repository or organization, using the key `JUNO_TOKEN`. +3. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. -5. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. - -6. Add the following workflow configuration: +4. Add the following workflow configuration: * npm @@ -6937,19 +6929,19 @@ You can deploy using either ([GitHub Actions](#github-actions-deployment)) or ([ .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` ### CLI deployment @@ -7024,17 +7016,13 @@ You can deploy using either ([GitHub Actions](#github-actions-deployment)) or ([ ### GitHub Actions deployment -1. From your Satellite's overview, navigate to the **Setup** tab. - -2. Click on **Add an access key**. - -3. Generate a new key with the default option. Click **Submit**. +1. From your Satellite's overview, navigate to the **Deployments** page. -4. Upon successful creation, a **Secret token** will be displayed. Copy the value and save it as an [encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) in your GitHub repository or organization, using the key `JUNO_TOKEN`. +2. Click **Connect repository** and follow the steps to register your repository. -5. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. +3. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. -6. Add the following workflow configuration: +4. Add the following workflow configuration: * npm @@ -7044,19 +7032,19 @@ You can deploy using either ([GitHub Actions](#github-actions-deployment)) or ([ .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` ### CLI deployment @@ -7120,19 +7108,19 @@ To configure an action to deploy your frontend assets, follow these steps: .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` Whenever code is pushed to your `main` branch, this action performs the following tasks: it checks out your repository, installs dependencies. It then utilizes the [junobuild/juno-action](https://github.com/junobuild/juno-action) GitHub Action to build and deploy your dapp. @@ -7156,13 +7144,13 @@ The GitHub Action is basically just an environment that proxies commands to the You can either hardcode the mode in the arguments: ``` -- name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy --mode staging env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +- name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy --mode staging ``` Or, if you're using an environment variable, pass it like this: ``` -- name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy --mode ${{ env.JUNO_MODE }} env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} JUNO_MODE: staging +- name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy --mode ${{ env.JUNO_MODE }} env: JUNO_MODE: staging ``` --- @@ -7203,19 +7191,19 @@ To configure an action to build and publish serverless functions, follow these s .github/workflows/publish.yml ``` -name: Publish Serverless Functionson: workflow_dispatch: push: branches: [main]jobs: publish: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Build uses: junobuild/juno-action@full with: args: functions build - name: Publish uses: junobuild/juno-action@full with: args: functions publish env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Publish Serverless Functionson: workflow_dispatch: push: branches: [main]jobs: publish: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Build uses: junobuild/juno-action@full with: args: functions build - name: Publish uses: junobuild/juno-action@full with: args: functions publish ``` .github/workflows/publish.yml ``` -name: Publish Serverless Functionson: workflow_dispatch: push: branches: [main]jobs: publish: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Build uses: junobuild/juno-action@full with: args: functions build - name: Publish uses: junobuild/juno-action@full with: args: functions publish env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Publish Serverless Functionson: workflow_dispatch: push: branches: [main]jobs: publish: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Build uses: junobuild/juno-action@full with: args: functions build - name: Publish uses: junobuild/juno-action@full with: args: functions publish ``` .github/workflows/publish.yml ``` -name: Publish Serverless Functionson: workflow_dispatch: push: branches: [main]jobs: publish: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Build uses: junobuild/juno-action@full with: args: functions build - name: Publish uses: junobuild/juno-action@full with: args: functions publish env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Publish Serverless Functionson: workflow_dispatch: push: branches: [main]jobs: publish: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Build uses: junobuild/juno-action@full with: args: functions build - name: Publish uses: junobuild/juno-action@full with: args: functions publish ``` This action will build and publish your serverless function bundle. @@ -7225,7 +7213,7 @@ If your access key is an **editor**, the changes will be automatically deployed If your key is only a **submitter**, the release will be proposed as a pending change for manual approval. To avoid errors in submit-only workflows, you can explicitly use the `--no-apply` flag to skip auto-application. ``` -- name: Publish uses: junobuild/juno-action@full with: args: functions publish --no-apply env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +- name: Publish uses: junobuild/juno-action@full with: args: functions publish --no-apply ``` --- @@ -7252,7 +7240,23 @@ We do not recommend upgrading your container directly from CI in **production**. --- -## Configuration +## 1\. Authentication + +Unlike other actions, upgrading a container requires admin privileges. Since OIDC-generated tokens are intentionally restricted from admin permissions for security reasons, you need to set up a secret token instead. + +Follow the steps below to generate such a token: + +1. Go to the Juno's [console](https://console.juno.build). +2. Select your Satellite. +3. On the Satellite's dashboard, navigate to the "Setup" tab. +4. Click on "Add an access key". +5. Generate a new key and assign it an "Administrator" (⚠️) role. +6. Click "Submit". +7. Upon successful creation, a new access key will be generated, and a "Secret token" will be displayed. Copy the token value and save it as an [encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) in your repository or organization, using the key `JUNO_TOKEN`. + +--- + +## 2\. Configuration To configure an action to upgrade your Satellite container, follow these steps: @@ -7486,17 +7490,13 @@ You can deploy using either ([GitHub Actions](#github-actions-deployment)) or ([ ### GitHub Actions deployment -1. From your Satellite's overview, navigate to the **Setup** tab. - -2. Click on **Add an access key**. +1. From your Satellite's overview, navigate to the **Deployments** page. -3. Generate a new key with the default option. Click **Submit**. +2. Click **Connect repository** and follow the steps to register your repository. -4. Upon successful creation, a **Secret token** will be displayed. Copy the value and save it as an [encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) in your GitHub repository or organization, using the key `JUNO_TOKEN`. +3. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. -5. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. - -6. Add the following workflow configuration: +4. Add the following workflow configuration: * npm @@ -7506,19 +7506,19 @@ You can deploy using either ([GitHub Actions](#github-actions-deployment)) or ([ .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` ### CLI deployment @@ -7747,17 +7747,13 @@ You can deploy using either ([GitHub Actions](#github-actions-deployment)) or ([ ### GitHub Actions deployment -1. From your Satellite's overview, navigate to the **Setup** tab. - -2. Click on **Add an access key**. +1. From your Satellite's overview, navigate to the **Deployments** page. -3. Generate a new key with the default option. Click **Submit**. +2. Click **Connect repository** and follow the steps to register your repository. -4. Upon successful creation, a **Secret token** will be displayed. Copy the value and save it as an [encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) in your GitHub repository or organization, using the key `JUNO_TOKEN`. +3. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. -5. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. - -6. Add the following workflow configuration: +4. Add the following workflow configuration: * npm @@ -7767,19 +7763,19 @@ You can deploy using either ([GitHub Actions](#github-actions-deployment)) or ([ .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` ### CLI deployment @@ -8042,17 +8038,13 @@ You can deploy using either ([GitHub Actions](#github-actions-deployment)) or ([ ### GitHub Actions deployment -1. From your Satellite's overview, navigate to the **Setup** tab. - -2. Click on **Add an access key**. - -3. Generate a new key with the default option. Click **Submit**. +1. From your Satellite's overview, navigate to the **Deployments** page. -4. Upon successful creation, a **Secret token** will be displayed. Copy the value and save it as an [encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) in your GitHub repository or organization, using the key `JUNO_TOKEN`. +2. Click **Connect repository** and follow the steps to register your repository. -5. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. +3. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. -6. Add the following workflow configuration: +4. Add the following workflow configuration: * npm @@ -8062,19 +8054,19 @@ You can deploy using either ([GitHub Actions](#github-actions-deployment)) or ([ .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` ### CLI deployment @@ -8303,17 +8295,13 @@ You can deploy using either ([GitHub Actions](#github-actions-deployment)) or ([ ### GitHub Actions deployment -1. From your Satellite's overview, navigate to the **Setup** tab. - -2. Click on **Add an access key**. - -3. Generate a new key with the default option. Click **Submit**. +1. From your Satellite's overview, navigate to the **Deployments** page. -4. Upon successful creation, a **Secret token** will be displayed. Copy the value and save it as an [encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) in your GitHub repository or organization, using the key `JUNO_TOKEN`. +2. Click **Connect repository** and follow the steps to register your repository. -5. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. +3. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. -6. Add the following workflow configuration: +4. Add the following workflow configuration: * npm @@ -8323,19 +8311,19 @@ You can deploy using either ([GitHub Actions](#github-actions-deployment)) or ([ .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Install Dependencies run: npm ci - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - name: Enable Corepack run: corepack enable - name: Activate Yarn run: corepack prepare yarn@1.x --activate - name: Install Dependencies run: yarn install --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` .github/workflows/deploy.yml ``` -name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy env: JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} +name: Deploy to Junoon: workflow_dispatch: push: branches: [main]jobs: deploy: runs-on: ubuntu-latest permissions: id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 24 registry-url: "https://registry.npmjs.org" - uses: pnpm/action-setup@v4 with: version: 10 - name: Install Dependencies run: pnpm i --frozen-lockfile - name: Deploy to Juno uses: junobuild/juno-action@main with: args: hosting deploy ``` ### CLI deployment diff --git a/docs/guides/components/deploy.mdx b/docs/guides/components/deploy.mdx index 88502ba4..67d4f88b 100644 --- a/docs/guides/components/deploy.mdx +++ b/docs/guides/components/deploy.mdx @@ -2,17 +2,13 @@ You can deploy using either [GitHub Actions](#github-actions-deployment) or [CLI ### GitHub Actions deployment -1. From your Satellite's overview, navigate to the **Setup** tab. +1. From your Satellite's overview, navigate to the **Deployments** page. -2. Click on **Add an access key**. +2. Click **Connect repository** and follow the steps to register your repository. -3. Generate a new key with the default option. Click **Submit**. +3. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. -4. Upon successful creation, a **Secret token** will be displayed. Copy the value and save it as an [encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) in your GitHub repository or organization, using the key `JUNO_TOKEN`. - -5. Create a `deploy.yml` file in the `.github/workflows` subfolder of your repo. - -6. Add the following workflow configuration: +4. Add the following workflow configuration: import Deploy from "./github-actions/deploy.mdx"; diff --git a/docs/guides/components/github-actions/deploy.mdx b/docs/guides/components/github-actions/deploy.mdx index c2246488..0a3f32f8 100644 --- a/docs/guides/components/github-actions/deploy.mdx +++ b/docs/guides/components/github-actions/deploy.mdx @@ -14,6 +14,8 @@ on: jobs: deploy: runs-on: ubuntu-latest + permissions: + id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 @@ -30,8 +32,6 @@ jobs: uses: junobuild/juno-action@main with: args: hosting deploy - env: - JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} ``` @@ -47,6 +47,8 @@ on: jobs: deploy: runs-on: ubuntu-latest + permissions: + id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 @@ -69,8 +71,6 @@ jobs: uses: junobuild/juno-action@main with: args: hosting deploy - env: - JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} ``` @@ -86,6 +86,8 @@ on: jobs: deploy: runs-on: ubuntu-latest + permissions: + id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 @@ -106,8 +108,6 @@ jobs: uses: junobuild/juno-action@main with: args: hosting deploy - env: - JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} ``` diff --git a/docs/guides/components/github-actions/publish.mdx b/docs/guides/components/github-actions/publish.mdx index 8d428da1..55faa1a9 100644 --- a/docs/guides/components/github-actions/publish.mdx +++ b/docs/guides/components/github-actions/publish.mdx @@ -14,6 +14,8 @@ on: jobs: publish: runs-on: ubuntu-latest + permissions: + id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 @@ -35,8 +37,6 @@ jobs: uses: junobuild/juno-action@full with: args: functions publish - env: - JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} ``` @@ -52,6 +52,8 @@ on: jobs: publish: runs-on: ubuntu-latest + permissions: + id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 @@ -79,8 +81,6 @@ jobs: uses: junobuild/juno-action@full with: args: functions publish - env: - JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} ``` @@ -96,6 +96,8 @@ on: jobs: publish: runs-on: ubuntu-latest + permissions: + id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 @@ -121,8 +123,6 @@ jobs: uses: junobuild/juno-action@full with: args: functions publish - env: - JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} ``` diff --git a/docs/guides/github-actions/deploy-frontend.mdx b/docs/guides/github-actions/deploy-frontend.mdx index f6f377f6..26ac725e 100644 --- a/docs/guides/github-actions/deploy-frontend.mdx +++ b/docs/guides/github-actions/deploy-frontend.mdx @@ -45,8 +45,6 @@ You can either hardcode the mode in the arguments: uses: junobuild/juno-action@main with: args: hosting deploy --mode staging - env: - JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} ``` Or, if you're using an environment variable, pass it like this: @@ -57,7 +55,6 @@ Or, if you're using an environment variable, pass it like this: with: args: hosting deploy --mode ${{ env.JUNO_MODE }} env: - JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} JUNO_MODE: staging ``` diff --git a/docs/guides/github-actions/index.mdx b/docs/guides/github-actions/index.mdx index c8b13bb7..ba1bf287 100644 --- a/docs/guides/github-actions/index.mdx +++ b/docs/guides/github-actions/index.mdx @@ -9,27 +9,11 @@ toc_max_heading_level: 3 You can leverage the Juno [CLI] to perform tasks within GitHub Actions. -This guide will show you how to use the [junobuild/juno-action](https://github.com/junobuild/juno-action) to deploy your frontend assets, build and publish serverless functions, and optionally upgrade your WASM container. +This guide shows you how to use the [junobuild/juno-action](https://github.com/junobuild/juno-action) to deploy your frontend assets, build and publish serverless functions, and optionally upgrade your WASM container. --- -## 1. Add a Secret Token for Automation - -Before you can effectively implement automation, it is necessary to add a secret token to your GitHub repository or organization. This token will enable the CI (Continuous Integration) to interact with your [satellite]. - -Follow the steps below to generate a new controller: - -1. Go to the Juno's [console](https://console.juno.build). -2. Select your Satellite. -3. On the Satellite's dashboard, navigate to the "Setup" tab. -4. Click on "Add an access key". -5. Generate a new key (default option) and assign it an appropriate role based on your workflow. [Learn more about the available roles and their permissions](../../miscellaneous/access-keys.md) to choose the appropriate level of access for your use case. -6. Click "Submit". -7. Upon successful creation, a new access key will be generated, and a "Secret token" will be displayed. Copy the token value and save it as an [encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) in your repository or organization, using the key `JUNO_TOKEN`. - ---- - -## 2. Configure your project +## 1. Configure your project If you already have a `juno.config` file at the root of your project, you can skip to the next chapter. Otherwise, you need to create one [manually](#configuration-file-example) or by running: @@ -78,6 +62,35 @@ For detailed information about all available configuration options, refer to the --- +## 2. Connect Your Repository + +By default, your Satellite does not accept any deployments from unknown source. To enable automation from GitHub Actions, you need to authorize which repositories are allowed to trigger them. + +### Using the Console + +1. Go to the Juno [Console](https://console.juno.build). +2. Select your Satellite. +3. Navigate to the **Deployments** tab. +4. Click **Connect repository** and follow the steps to register your repository and, optionally, restrict deployments to specific references. + +// A screenshot of the Deployments tab in Juno Console // Screenshot + +Once configured, the Console will start displaying your future deployments from GitHub Actions. + +### Using the CLI + +You can also configure automation via the CLI. Refer to the [CLI configuration](../../reference/cli.mdx) documentation for details. + +:::note + +Juno uses GitHub's OpenID Connect (OIDC) to authenticate your workflows without requiring any secret tokens. GitHub automatically generates short-lived tokens for each workflow run, which Juno verifies to authorize deployments. + +The duration (up to one hour) and role of those short-lived tokens can also be configured. + +::: + +--- + ## 3. Create the GitHub Action You can use GitHub Actions to automate different parts of your Juno deployment workflow: @@ -94,10 +107,9 @@ Each task can be performed independently or combined, depending on your project When using the Actions, you can configure the following environment variables: -| Environment Variable | Mandatory | Description | -| -------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| `JUNO_TOKEN` | Yes | The token to use for authentication. It can be generated through Juno's [Console](https://console.juno.build). Prefer a controller with "Read-write" permission rather than administrator. | -| `PROJECT_PATH` | No | The path to the folder containing the `juno.config` file if it doesn't exist at the root of your repository. e.g. `./my-app-subfolder`. | +| Environment Variable | Mandatory | Description | +| -------------------- | --------- | --------------------------------------------------------------------------------------------------------------------------------------- | +| `PROJECT_PATH` | No | The path to the folder containing the `juno.config` file if it doesn't exist at the root of your repository. e.g. `./my-app-subfolder`. | [CLI]: ../../reference/cli.mdx [satellite]: ../../terminology.mdx#satellite diff --git a/docs/guides/github-actions/publish-functions.mdx b/docs/guides/github-actions/publish-functions.mdx index d8d2f1e3..97c7cfe1 100644 --- a/docs/guides/github-actions/publish-functions.mdx +++ b/docs/guides/github-actions/publish-functions.mdx @@ -30,8 +30,6 @@ If your key is only a **submitter**, the release will be proposed as a pending c uses: junobuild/juno-action@full with: args: functions publish --no-apply - env: - JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }} ``` --- diff --git a/docs/guides/github-actions/upgrade-functions.mdx b/docs/guides/github-actions/upgrade-functions.mdx index 8f4b519e..40d82b7a 100644 --- a/docs/guides/github-actions/upgrade-functions.mdx +++ b/docs/guides/github-actions/upgrade-functions.mdx @@ -14,7 +14,23 @@ Prefer a change workflow and executing the upgrade with your CLI or in the Conso --- -## Configuration +## 1. Authentication + +Unlike other actions, upgrading a container requires admin privileges. Since OIDC-generated tokens are intentionally restricted from admin permissions for security reasons, you need to set up a secret token instead. + +Follow the steps below to generate such a token: + +1. Go to the Juno's [console](https://console.juno.build). +2. Select your Satellite. +3. On the Satellite's dashboard, navigate to the "Setup" tab. +4. Click on "Add an access key". +5. Generate a new key and assign it an "Administrator" (⚠️) role. +6. Click "Submit". +7. Upon successful creation, a new access key will be generated, and a "Secret token" will be displayed. Copy the token value and save it as an [encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) in your repository or organization, using the key `JUNO_TOKEN`. + +--- + +## 2. Configuration To configure an action to upgrade your Satellite container, follow these steps: