Reusable GitHub Actions workflows for the Cherry Deploy platform.
App repos call the reusable workflow with a brief caller file:
# .github/workflows/cherry-deploy.yml
name: Cherry Deploy
on: [push, workflow_dispatch]
jobs:
deploy:
uses: joinmason/cherry-deploy-workflows/.github/workflows/deploy.yml@main
with:
app-name: my-app
port: 8000
secrets: inherit| Type | Where | Managed by | Example |
|---|---|---|---|
| Platform | Org secrets (selected repos) | DevOps | CHERRY_DEPLOY_AWS_ROLE_ARN |
| App (build-time) | Repo secrets | App owner | GOOGLE_API_KEY (if Dockerfile has ARG GOOGLE_API_KEY) |
| App (runtime) | Repo secrets | App owner | DATABASE_URL, MCP_AUTH_TOKEN |
- Platform secrets are prefixed
CHERRY_DEPLOY_*and filtered out from app injection - Build-time secrets are auto-detected from
ARGdirectives in the Dockerfile - Runtime secrets are everything else — injected into the ECS task definition as environment variables
- Users never see or manage platform secrets
| Input | Required | Default | Description |
|---|---|---|---|
app-name |
Yes | — | App name (matches ECS service) |
port |
Yes | — | Container port |
dockerfile |
No | Dockerfile |
Path to Dockerfile |