GitHub Actions + AXHub deploy

GitHub connection, auto deploy, and safe CI usage for CLI 0.17.4

Recommended path

The preferred integration is AXHub GitHub App connection + backend webhook deploy, not a hand-written GitHub Actions workflow.

axhub apps git connect --app <app> --repo owner/repo --branch main --execute
axhub apps git status --app <app>

After connection, GitHub push webhooks can start backend deploys.

Using the CLI in Actions

If CI must call the CLI explicitly, use an OAuth token file for deploy/admin routes. PAT is only for explicitly allowed data/table/PAT surfaces.

.github/workflows/axhub-deploy.yml

name: axhub deploy
on:
  workflow_dispatch:

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Install axhub
        run: curl -fsSL https://cli.axhub.ai/install.sh | bash
      - name: Deploy
        env:
          AXHUB_NO_KEYCHAIN: "1"
          AXHUB_NO_INPUT: "1"
          AXHUB_TOKEN_FILE: ${{ secrets.AXHUB_TOKEN_FILE_PATH }}
        run: |
          ~/.axhub/bin/axhub --json deploy create --app "$AXHUB_APP" --execute

Adapt secret injection to your organization's policy. Never print token values.

Agent-safe options

Pin --idempotency-key on mutation retries.
Set AXHUB_NO_INPUT=1 and AXHUB_NO_KEYCHAIN=1 in no-TTY environments.
Watch/follow commands may switch to snapshot mode in agent contexts; use explicit --watch-timeout/--limit.