Mage supports GitHub Actions for CI/CD workflows. We have templates for deploying to AWS ECS, GCP Cloud Run, and Azure.

Before you configure your action, follow the Mage project setup instructions.

GitHub Actions setup

  1. Create a new repository on GitHub.
  2. Open your repository on GitHub, then click the tab labeled Settings.
  3. Click the section labeled Security on the left hand side to expand it.
  4. Click the link labeled Actions.
  5. Click the button labeled New repository secret in the top right corner.
  6. Follow the instructions below for your specific cloud provider:

AWS

  1. If you haven’t already, create a new AWS ECR repository.
  2. You’ll need AWS credentials with the following policy permissions: 
    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecr:BatchCheckLayerAvailability",
        "ecr:CompleteLayerUpload",
        "ecr:GetAuthorizationToken",
        "ecr:InitiateLayerUpload",
        "ecr:PutImage",
        "ecr:UploadLayerPart",
        "ecs:DeregisterTaskDefinition",
        "ecs:DescribeClusters",
        "ecs:DescribeServices",
        "ecs:DescribeTaskDefinition",
        "ecs:RegisterTaskDefinition",
        "ecs:UpdateService",
        "iam:PassRole"
      ],
      "Resource": "*"
    }
  ]
}
  3. In the field labeled Name, enter the value AWS_ACCESS_KEY_ID.
  4. In the field labeled Secret, enter your AWS Access Key ID.
  5. Click the button labeled Add secret to save.
  6. Add a 2nd secret by clicking the button labeled New repository secret in the top right corner.
  7. In the field labeled Name, enter the value AWS_SECRET_ACCESS_KEY.
  8. In the field labeled Secret, enter your AWS Secret Access Key.
  9. Click the button labeled Add secret to save.
  10. Click on the tab labeled Actions.
  11. On the left side, click the button labeled New workflow.
  12. Find the link labeled set up a workflow yourself and click it.
  13. Copy the contents from the GitHub Action YAML file for AWS at templates/github_actions/build_and_deploy_to_aws_ecs.yml, and paste it into the textarea.
  14. Change the following values under the key labeled env:
env:
  AWS_REGION: ...
  ECR_REPOSITORY: ...
  ECS_CLUSTER: ...
  ECS_SERVICE: ...
  ECS_TASK_DEFINITION: ...
  CONTAINER_NAME: ...
KeyDescriptionSample value
AWS_REGIONRegion of your AWS ECS cluster.us-west-2
CONTAINER_NAMESet this to the name of the container in the containerDefinitions section of your task definition.mage-data-production-container
ECR_REPOSITORYThe name of the AWS ECR repository you created to store your Docker images.mage-data
ECS_CLUSTERThe name of your AWS ECS cluster.mage-production-cluster
ECS_SERVICEThe name of your AWS ECS service.mage-production-ecs-service
ECS_TASK_DEFINITIONGo to your AWS ECS task definition for the above service. Click on the JSON tab on the task definition detail page. Copy the JSON string content and save it to a file in your root folder containing your Mage project. Use the path to that file as the value in this field.some_path/ecs-task-definition.json
  1. Click the button labeled Start commit in the top right corner.
  2. Click the button labeled Commit new file.
  3. Every time you merge a pull request into the master branch, this GitHub Action will run, building a Docker image using your GitHub code, then updating AWS ECS to use the new image with the updated code.

GCP

  1. You’ll need to add these roles to the service account that you’ll be using to deploy Mage from GitHub:

    • Artifact Registry Read
    • Artifact Registry Writer
    • Cloud Run Admin
    • Service Account Token Creator
    • Service Account User

  2. In the field labeled Name, enter the value GCP_CREDENTIALS.

  3. In the field labeled Secret, enter the JSON string containing your GCP service account credentials. It should look something like this: json { "type": "service_account", "project_id": "mage-123456", "private_key_id": "...", "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n", "client_email": "mage@mage-123456.iam.gserviceaccount.com", "client_id": "...", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/mage%40mage-123456.iam.gserviceaccount.com" }

  4. Click the button labeled Add secret to save.

  5. Click on the tab labeled Actions.

  6. On the left side, click the button labeled New workflow.

  7. Find the link labeled set up a workflow yourself and click it.

  8. Copy the contents from the GitHub Action YAML file for GCP at templates/github_actions/build_and_deploy_to_gcp_cloud_run.yml, and paste it into the textarea.

  9. Change the following values under the key labeled env:

    env:
  GAR_LOCATION: ...
  GOOGLE_CLOUD_RUN_SERVICE_NAME: ...
  IMAGE: ...
  PROJECT_ID: ...
  REPOSITORY: ...
    KeyDescriptionSample value
    GAR_LOCATIONRegion that Mage is already deployed in.us-east1
    GOOGLE_CLOUD_RUN_SERVICE_NAMEThe name of your Google Cloud Run service. Go to the Google Cloud Run dashboard to find it.mage-data
    IMAGEThe name of the Docker image you pushed to the above GCP Artifact Registry.mageai
    PROJECT_IDProject ID of where you launched Mage using Terraform.mage-123456
    REPOSITORYThe name of your GCP Artifact Registry that is storing your Docker image.mageprod

  10. Click the button labeled Start commit in the top right corner.

  11. Click the button labeled Commit new file.

  12. Everytime you merge a pull request into the master branch, this GitHub Action will run, building a Docker image using your GitHub code, then updating Google Cloud Run to use the new image with the updated code.

Azure

Mage can be deployed to Azure using GitHub Actions.

Our template for deploying to an Azure Container instance is located here and based off the “GitHub Workflow” option in Azure’s docs.

To configure this workflow, you will need to add the following secrets to your GitHub repo:

KeyDescription
AZURE_CREDENTIALSThe entire JSON output from the service principal creation step
REGISTRY_LOGIN_SERVERThe login server name of your registry (all lowercase). Example: myregistry.azurecr.io
REGISTRY_USERNAMEThe clientId from the JSON output from the service principal creation
REGISTRY_PASSWORDThe clientSecret from the JSON output from the service principal creation
RESOURCE_GROUPThe name of the resource group you used to scope the service principal

We recommend Microsoft’s Guide for obtaining these credentials via the Azure CLI.

Microsoft also has templates that are similar to ours— we use the Service ID Principal method for authentication, but you can check Microsoft’s docs for the OpenID Connect method.

Alternatively, you can use the az container app up command in the Deploy to Azure extension in the Azure CLI. This command streamlines creation of the GitHub workflow and deployment steps.