Deploy Docker Compose stacks to Arcane via GitOps sync. Automatically discovers compose files and creates or updates syncs in Arcane — no manual git sync setup required.
- Auto-discover compose files from a directory
- Explicit compose file list for full control
- Creates the git repository in Arcane if it doesn't exist
- Creates or updates gitops syncs (never deletes)
- Workflow environment variables for subsequent steps
- Triggers immediate sync after changes
Directory scan — automatically finds compose files in a directory:
- name: Deploy stacks to Arcane
uses: nsheaps/github-actions/.github/actions/arcane-deploy@main
with:
arcane-url: ${{ secrets.ARCANE_URL }}
arcane-api-key: ${{ secrets.ARCANE_API_KEY }}
environment-id: '1'
compose-dir: stacks
git-token: ${{ secrets.REPO_TOKEN }}Explicit file list — deploy specific compose files:
- name: Deploy stacks to Arcane
uses: nsheaps/github-actions/.github/actions/arcane-deploy@main
with:
arcane-url: ${{ secrets.ARCANE_URL }}
arcane-api-key: ${{ secrets.ARCANE_API_KEY }}
environment-id: '1'
compose-files: |
services/web/compose.yml
services/api/compose.yml
services/db/compose.yml
git-token: ${{ secrets.REPO_TOKEN }}SSH deploy key — use a GitHub deploy key instead of a PAT:
- name: Deploy stacks to Arcane
uses: nsheaps/github-actions/.github/actions/arcane-deploy@main
with:
arcane-url: ${{ secrets.ARCANE_URL }}
arcane-api-key: ${{ secrets.ARCANE_API_KEY }}
environment-id: '1'
compose-dir: stacks
auth-type: ssh
ssh-private-key: ${{ secrets.DEPLOY_KEY }}Note: When
auth-type: ssh, therepository-urldefaults to the SSH format (git@github.com:owner/repo.git) automatically. You can override it withrepository-urlif needed.
With workflow environment variables (available to subsequent steps, not inside containers):
- name: Deploy stacks to Arcane
uses: nsheaps/github-actions/.github/actions/arcane-deploy@main
with:
arcane-url: ${{ secrets.ARCANE_URL }}
arcane-api-key: ${{ secrets.ARCANE_API_KEY }}
environment-id: '1'
compose-dir: stacks
git-token: ${{ secrets.REPO_TOKEN }}
env-vars: |
DOMAIN=example.com
NETWORK=traefik
TZ=America/New_York| Input | Required | Default | Description |
|---|---|---|---|
arcane-url |
Yes | Base URL of the Arcane instance (must use HTTPS) | |
arcane-api-key |
Yes | API key (from Arcane Settings > API Keys) | |
environment-id |
Yes | Arcane environment ID | |
compose-dir |
No | Directory to scan for compose files (up to 2 levels deep) | |
compose-files |
No | Newline-separated list of compose file paths | |
repository-url |
No | GitHub repo HTTPS URL | Git URL for Arcane to clone. Defaults to SSH format when auth-type=ssh. |
repository-name |
No | GitHub repo name | Display name in Arcane |
branch |
No | Triggering branch | Branch to sync from |
auth-type |
No | http |
Git auth type: none, http, or ssh |
git-token |
No | Token for HTTP git auth. Required when auth-type=http. | |
ssh-private-key |
No | SSH private key for git auth (e.g. deploy key). Required when auth-type=ssh. | |
ssh-host-key-verification |
No | accept_new |
SSH host key verification mode: accept_new, accept_all, or reject. Warning: accept_all disables host key checking and should only be used for testing. |
auto-sync |
No | true |
Enable Arcane auto-sync polling |
sync-interval |
No | 5 |
Minutes between auto-sync polls |
trigger-sync |
No | true |
Trigger immediate sync after create/update |
sync-name-prefix |
No | GitHub repo name | Prefix for sync names in Arcane |
env-vars |
No | Runner env vars (KEY=VALUE per line) for subsequent steps. Values are masked. |
| Output | Description |
|---|---|
syncs-created |
Number of new syncs created |
syncs-updated |
Number of existing syncs updated |
repository-id |
Arcane git repository ID used |
- Discovers compose files from
compose-dir(scanning forcompose.y[a]ml/docker-compose.y[a]ml) and/or the explicitcompose-fileslist - Ensures a git repository exists in Arcane matching your repo URL (creates one if needed, updates credentials if it already exists)
- Upserts a gitops sync for each compose file — matched by compose path + repository ID, so re-runs are idempotent
- Triggers an immediate sync on each stack (unless
trigger-syncisfalse)
Sync names are derived from the compose file's parent directory: stacks/myapp/compose.yml becomes <prefix>-myapp.