Deployment
GitHub Actions
Build, sign, and deploy from GitHub Actions.
A reference workflow that builds the workspace, emits a signed Docker image, and pushes to a registry.
name: build-agents
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: 10.10.0
- uses: actions/setup-node@v4
with:
node-version: 22
cache: pnpm
- run: pnpm install --frozen-lockfile
- run: pnpm build
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build, sign, push agents image
env:
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
run: |
./packages/cli/dist/bin/fabric-harness.js build \
--target docker \
--docker-build --docker-push \
--docker-tag ghcr.io/${{ github.repository }}/agents:${{ github.sha }} \
--image-sbom --image-sbom-required \
--provenance --sign-provenance --signing-key env://COSIGN_PRIVATE_KEY \
--attestation
- uses: actions/upload-artifact@v4
with:
name: build-manifest
path: |
.fabricharness/build/docker/manifest.json
.fabricharness/build/docker/provenance.json
.fabricharness/build/docker/attestation.intoto.jsonlCI smoke tests
Add a job that runs the agent against the mock model in CI:
smoke:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: 10.10.0
- uses: actions/setup-node@v4
with:
node-version: 22
cache: pnpm
- run: pnpm install --frozen-lockfile
- run: pnpm build
- run: |
cd examples/issue-triage-ci
../../packages/cli/dist/bin/fabric-harness.js doctor --tools
../../packages/cli/dist/bin/fabric-harness.js run triage \
--model mock/test-model \
--payload-file fixtures/issue.jsonSee examples/issue-triage-ci for a complete read-only triage pipeline.