name: 'GitHub Action code snippet'
on:
  pull_request:
  push:
    branches:
      - '*'

jobs:
  run-example-deployment:
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v3
      - uses: UnlyEd/github-action-deploy-on-vercel@latest
        with:
          command: "vercel examples/static-deployment --confirm --debug --token ${{ secrets.VERCEL_TOKEN }}"
        env:
          VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}

      - run: "echo \"Found deployment url: ${{ env.VERCEL_DEPLOYMENT_URL }}\""

Source

You can use this action to deploy a Vercel project online through a GitHub action.

The action will return the url of the Vercel deployment (and store it as environment variable, too), it will also apply domain aliases if there are any configured in the Vercel config file (vercel.config by default).

This action works quite differently compared to vercel-action.

TL;DR: vercel-action is great if you don't need a lot of flexibility over the vercel deploy command. github-action-deploy-on-vercel is great if you need to run a custom command, such as a npm/yarn script.

vercel-action hides the vercel deploy command from you, and acts as a wrapper by providing its own API on top of it.

They simplify the vercel command by doing so. Unfortunately, they also reduce the flexibility available to the consumer (you).

In our case, we are dealing with multiple customers (B2B) which are all sharing the same code base. The vercel-action was too limited and would have complicated our setup, because it requires additional information such as project_id/org_id.

For most project, we believe using vercel-action is enough, and we encourage you to use it, if you don't need to run a special vercel deploy command.

You want to run a custom command that (amongst other things) performs a Vercel deployment and returns the URL of the Vercel deployment.

The URL of the deployment is often necessary to run follow-up actions, such as:

• Running End-to-End tests on the deployed site
• Running LightHouse tests on the deployed site
• Etc.

The below variables are available as outputs, but are also injected as environment variables automatically.

• VERCEL_DEPLOYMENT_URL: Full Vercel deployment url (parsed from the deployment logs), e.g: https://xxx.vercel.app
• VERCEL_DEPLOYMENT_DOMAIN: Url without the protocol declaration, e.g: xxx.vercel.app
• VERCEL_ALIASES_ERROR: (optional) Vercel errors during domain aliasing
• VERCEL_ALIASES_CREATED: List of aliases created successfully, as a string separated by , for each alias
• VERCEL_ALIASES_CREATED_COUNT: Number of created aliases
• VERCEL_ALIASES_CREATED_FULL: List of aliases created successfully, as a JSON array containing the Vercel's response
• VERCEL_ALIASES_CREATED_URLS_MD: List of aliases created successfully, as a Markdown string separated by , for each alias
• VERCEL_ALIASES_FAILED_COUNT: Number of aliases that failed to be created
• VERCEL_ALIASES_FAILED_FULL: List of aliases that failed, as a JSON array containing the Vercel's response

Hint: You can use ${{ env.VERCEL_DEPLOYMENT_URL }} in you GitHub Action to read the deployment URL, after the action has run.

name: 'GitHub Action deploy example'
on:
  pull_request:
  push:
    branches:
      - '*'

jobs:
  run-example-deployment:
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v3

      # Extracts GitHub metadata (branch name, etc.)
      - name: Expose GitHub slug/short variables # See https://github.com/rlespinasse/github-slug-action#exposed-github-environment-variables
        uses: rlespinasse/github-slug-action@v3.x # See https://github.com/rlespinasse/github-slug-action

      - uses: ./
        with:
          # Deploys examples/static-deployment
          command: "yarn deploy:example --token ${{ secrets.VERCEL_TOKEN }}"
          applyDomainAliases: true
          failIfAliasNotLinked: false
          # Uses dynamically resolved additional aliases (e.g: one based on the current branch's name)
          # Uses alias that's longer than 63 chars to check if it gets shortened, because of RFC 1035 - See https://vercel.com/support/articles/why-is-my-vercel-deployment-url-being-shortened?query=url%20length#rfc-1035
          #  github-action-deploy-on-vercel-example-extra-alias-test-limit-alias-length.vercel.app > github-action-deploy-on-vercel-example-extra-alias-test-limit-a.vercel.app (shortened)
          # TODO Don't always use GITHUB_REF_SLUG (push) but GITHUB_HEAD_REF_SLUG when event is pull_request - See https://github.com/rlespinasse/github-slug-action/issues/71
          extraAliases: >-
            github-action-deploy-on-vercel-example-${{ env.GITHUB_REF_SLUG }}.vercel.app

        env:
          VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}

      - run: "echo \"Found deployment url: ${{ env.VERCEL_DEPLOYMENT_URL }}\""
      - run: "echo \"Created ${{ env.VERCEL_ALIASES_CREATED_COUNT }} aliases\""
      - run: "echo \"Created aliases: ${{ env.VERCEL_ALIASES_CREATED }}\""
      - run: "echo \"Created aliases (full): ${{ env.VERCEL_ALIASES_CREATED_FULL }}\""
      - run: "echo \"Alias markdown generated: ${{ env.VERCEL_ALIASES_CREATED_URLS_MD }}\""
      - run: "echo \"Failed ${{ env.VERCEL_ALIASES_FAILED_COUNT }} aliases\""
      - run: "echo \"Failed aliases (full): ${{ env.VERCEL_ALIASES_FAILED_FULL }}\""

Here are a few community-powered examples, those are usually advanced use-cases!

• Next Right Now (Disclosure: We're the author!)
  • PR - "Using this action helped us reduce a lot of bash code which was hardly testable." - Next Right Now core contributors

Learn how to enable logging, from within the github-action-store-variable action.

Our GitHub Action is written using the GitHub Actions native core.debug API.

Therefore, it allows you to enable logging whenever you need to debug what's happening within our action.

To enable debug mode, you have to set a GitHub Secret, such as:

• ACTIONS_STEP_DEBUG of value true

Please see the official documentation for more information.

Enabling debugging using ACTIONS_STEP_DEBUG will also enable debugging for all other GitHub Actions you use that are using the core.debug API.

We gladly accept PRs, but please open an issue first, so we can discuss it beforehand.

Changelog

We follow Semantic Versioning. (major.minor.patch)

Our versioning process is completely automated, any changes landing on the main branch will trigger a new release.

• MAJOR: Behavioral change of the existing API that would result in a breaking change.
  • E.g: Removing an input, or changing the output would result in a breaking change and thus would be released as a new MAJOR version.
• Minor: Behavioral change of the existing API that would not result in a breaking change.
  • E.g: Adding an optional input would result in a non-breaking change and thus would be released as a new Minor version.
• Patch: Any other change.
  • E.g: Documentation, tests, refactoring, bug fix, etc.

The examples above use an auto-updated major version tag (@v1). It is also possible to use the @latest tag. (RC stands for "Release candidate", which is similar to a Beta version)

While those options can be useful, we intend to give some "production-grade" best practices.

• Do NOT use @latest for production, ever. While only "supposed-to-be-stable" versions will be tagged as @latest, it could harbor bugs nonetheless.
• You can use auto-upgrading major version, such as @v1 or @v1.2, but this is not always the best practice, see our explanations below.

Here are a few useful options you can use to pin a more-or-less specific version of our GitHub Action, alongside some " production-grade" best practices.

• @{COMMIT-SHA}, e.g: @1271dc3fc4c4c8bc62ba5a4e248dac95cb82d0e3, recommended for all production-grade apps, it's the only truly safe way to pinpoint a version that cannot change against your will (SAFEST)
• @{MAJOR}-{MINOR}-{PATCH}, e.g: @v1.2.31, while not as safe as the COMMIT-SHA way, it's what most people use ( SAFER)
• @{MAJOR}, e.g: @v1, can be used on production, but we do not advise to do so (SAFE-ISH)
• @{MAJOR}-rc, e.g: @v1-rc, reserved for development mode, useful when debugging on a specific prerelease version (UNSAFE)
• @{MAJOR}.{MINOR}, e.g: @v1.2, can be used on production, but we do not advise to do so (SAFE-ISH)
• @{MAJOR}.{MINOR}-rc, e.g: @v1.2-rc, reserved for development mode, useful when debugging on a specific prerelease version (UNSAFE)
• @latest, reserved for development mode, useful when debugging (UNSAFE)

"But, what is the issue with the @{MAJOR}-{MINOR}-{PATCH} way to pin a specific version"?

Well, if this repository gets hacked by a 3rd party, they can easily change all Git tags to a different commit, which could contain malicious code.

That's why pinning a specific commit SHA is the only truly safe option. This way, the code you're using cannot be changed against your will.

Most people won't care about this and will use a MAJOR version tag instead anyway, such as @v1. It's common, but not often the best practice.

It all comes down to the risks you're ready to take, and it's up to you to decide what's best in your situation.

MIT

See our policy.

This project is being authored by:

• [Unly] Ambroise Dhenain (Vadorequest) (active)
• Hugo Martin (Demmonius) (active)

Unly is a socially responsible company, fighting inequality and facilitating access to higher education. Unly is committed to making education more inclusive, through responsible funding for students.

We provide technological solutions to help students find the necessary funding for their studies.

We proudly participate in many TechForGood initiatives. To support and learn more about our actions to make education accessible, visit :

• https://twitter.com/UnlyEd
• https://www.facebook.com/UnlyEd/
• https://www.linkedin.com/company/unly
• Interested to work with us?

Tech tips and tricks from our CTO on our Medium page!