> ## Documentation Index
> Fetch the complete documentation index at: https://cerebrium.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# CI/CD Pipelines

> Automate Cerebrium deployments using GitHub Actions

Configure a Continuous Integration or Continuous Deployment system (CI/CD) to automatically deploy a new version of an app to production/development when a branch is pushed or workflow triggered.

This guide sets up a CI/CD pipeline using GitHub Actions and Cerebrium's Service Accounts.

<Note>
  {" "}

  Maintaining **separate development and production apps** in separate projects
  is recommended, so that changes can be safely tested before going live.
</Note>

### 1. Authenticating to Cerebrium

The GitHub Action workflow uses a **Service Account key** to authenticate to Cerebrium. Service Account keys are credentials tied to a specific service, not an individual.

1. Go to the [Cerebrium Dashboard](https://dashboard.cerebrium.ai/) and open the **API Keys** page.
2. Click **Create Service Account**, name it `"GitHub Actions CI/CD"`, choose an expiry date, and click **Create**.
3. **Copy the key** generated for the new service account.

<img src="https://mintcdn.com/cerebrium/w6QrtZunT-SzaBze/images/api-keys-sa.png?fit=max&auto=format&n=w6QrtZunT-SzaBze&q=85&s=4e9bf0de37bfd0e1c5bcbfad8e049eda" alt="Cerebrium API Keys dashboard" width="1422" height="686" data-path="images/api-keys-sa.png" />

### 2. Define secrets in a GitHub environment

Store this key in a secret for use in GitHub Actions workflows.

1. Navigate to the **GitHub repository → Settings → Environments**
2. Create environments named `"dev"` and/or `"prod"` (Adjust to specific needs)
3. Inside each environment, add 2 secrets:
   * **Name**: `CEREBRIUM_SERVICE_ACCOUNT_TOKEN`
   * **Value**: the key copied in the previous step
   * **Name**: `CEREBRIUM_PROJECT_ID`
   * **Value**: your project ID

> 🔒 Use *secrets*, not plain environment variables, to prevent leaking sensitive data in logs.

<img src="https://mintcdn.com/cerebrium/w6QrtZunT-SzaBze/images/githubActions.png?fit=max&auto=format&n=w6QrtZunT-SzaBze&q=85&s=71c1c8a9ec05026da349d324b2f3c6da" alt="GitHub" width="2854" height="1408" data-path="images/githubActions.png" />

### 3. GitHub Actions Workflow

GitHub Actions use workflow files in the `.github/workflows/` directory. Create one to define the deployment process.

1. Create a `.github/workflows` directory in the root of a new or existing GitHub repository
2. Within that directory, create a new file named `cerebrium-deploy.yml`
3. Paste the following YAML into the file:

```yaml theme={null}
name: Cerebrium Deployment
on:
  push:
    branches:
      - master
  workflow_dispatch:
    inputs:
      environment:
        description: "Environment"
        type: choice
        options:
          - "dev"
          - "prod"
        required: true
        default: "dev"
  pull_request:
    branches:
      - master
      - development

jobs:
  deployment:
    runs-on: ubuntu-latest
    environment: ${{ github.event.inputs.environment || (github.ref == 'refs/heads/master' && 'prod') || 'dev' }}
    env:
      ENV: ${{ github.event.inputs.environment || (github.ref == 'refs/heads/master' && 'prod') || 'dev' }}
      CEREBRIUM_SERVICE_ACCOUNT_TOKEN: ${{ secrets.CEREBRIUM_SERVICE_ACCOUNT_TOKEN }}
      CEREBRIUM_PROJECT_ID: ${{ secrets.CEREBRIUM_PROJECT_ID }}
    steps:
      - uses: actions/checkout@v4.0
      - uses: actions/setup-python@v5.0
        with:
          python-version: "3.10"

      - name: Install Cerebrium
        run: pip install cerebrium

      - name: Set Cerebrium Project ID
        run: cerebrium project set ${{ secrets.CEREBRIUM_PROJECT_ID }}

      - name: Deploy App
        run: cerebrium deploy
```

Once committed, this workflow will automatically:

* Deploy a production application on every push to master.
* Deploy a development app on pull requests to master or development branches.

Monitor workflow runs in the “Actions” tab of the repository on GitHub.