CI/CD deployment

So far we have covered the steps of deploying a project manually from the command line. In many cases, you will want to automate this process through a CI/CD system. In this section, we explain how to set up a CI/CD system to register, execute and promote workflows on Union.ai. We will use GitHub Actions as the example CI/CD system.

Create a Union.ai API key

An API key is registered in your Union.ai control plane to enable external systems to perform actions on your behalf. To allow your CI/CD system to authenticate with Union.ai, create a Union.ai API key. See Managing API keys for details.

$ union create api-key admin --name my-cicd-key

Copy the UNION_API_KEY value for later use; this is the only time the secret is displayed.

Store the secret in your CI/CD secrets store

Store the secret in your CI/CD secrets store. In GitHub, from the repository page:

  1. Select Settings > Secrets and variables > Actions.
  2. Select the Secrets tab and click New repository secret.
  3. Give a meaningful name to the secret, like UNION_CICD_API_KEY.
  4. Paste in the string from above as the value.
  5. Click Add secret.

Configure your CI/CD workflow file

Create the CI/CD workflow file. For GitHub Actions, you might add example-project/.github/workflows/deploy.yaml similar to:

name: Deploy

on:
  push:
    branches:
      - main

env:
  PROJECT: flytesnacks
  DOMAIN: production

jobs:
  build_and_register:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Install python & uv 
        run: |
          sudo apt-get install python3
          curl -LsSf https://astral.sh/uv/install.sh | sh
      - name: Install dependencies
        run: uv sync
      - name: Register to Union
        env:
          UNION_API_KEY: ${{ secrets.CICD_API_KEY }}
        run: |
          source .venv/bin/activate
          union register --version ${{ github.sha }} -p ${{ env.PROJECT }} \
          -d ${{ env.DOMAIN }} --activate-launchplans ./launchplans

The Register to Union step registers the launch plans and related Flyte entities in the launchplans directory. It sets the project and domain, activates launch plans automatically, and pins the version to the Git commit SHA for traceability across all registered Flyte entities. See union register for additional options.

Once this is set up, every push to the main branch in your repository will build and deploy your project to Union.ai.