GitHub Action
Deploy your OrbitKit app site automatically from GitHub Actions.
The OrbitKit Deploy GitHub Action deploys your app site straight from your CI/CD pipeline. Use it to automatically publish privacy policies, support pages, and other hosted content whenever you push changes.
Quick start
- uses: OrbitKit-io/OrbitKit-Deploy@v1
with:
api-key: $
app-id: $
Setup
- Get your API key from the OrbitKit Dashboard under Settings → API Keys
- Add it as a GitHub secret in your repo: Settings → Secrets and variables → Actions → New repository secret →
ORBITKIT_API_KEY - Add your app ID as a variable: Settings → Secrets and variables → Actions → Variables →
ORBITKIT_APP_ID
Inputs
| Input | Required | Default | Description |
|---|---|---|---|
api-key |
Yes | — | OrbitKit API key (ok_xxxx). Store as a GitHub secret. |
app-id |
Yes | — | Your OrbitKit app ID |
api-endpoint |
No | https://api.orbitkit.io |
API base URL override |
Outputs
| Output | Description |
|---|---|
site-url |
The deployed site URL (e.g., https://sites.orbitkit.io/my-app/) |
deployed-at |
Deploy timestamp (ISO 8601) |
Examples
Deploy on every push to main
name: Deploy OrbitKit
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: OrbitKit-io/OrbitKit-Deploy@v1
with:
api-key: $
app-id: $
Deploy only when policy files change
name: Deploy on Policy Update
on:
push:
branches: [main]
paths:
- 'privacy-policy.json'
- 'support-page.json'
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: OrbitKit-io/OrbitKit-Deploy@v1
id: deploy
with:
api-key: $
app-id: $
- name: Print site URL
run: echo "Deployed to $"
Update policy data before deploying
Use the OrbitKit CLI to update content, then deploy:
jobs:
deploy:
runs-on: ubuntu-latest
env:
ORBITKIT_API_KEY: $
ORBITKIT_APP_ID: $
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
- name: Update privacy policy
run: npx @orbitkit-io/cli policy set privacy-policy.json
- name: Update support page
run: npx @orbitkit-io/cli support set support.json
- name: Deploy
uses: OrbitKit-io/OrbitKit-Deploy@v1
with:
api-key: $
app-id: $
Scheduled daily deploy
name: Daily Deploy
on:
schedule:
- cron: '0 6 * * *' # 6:00 AM UTC daily
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: OrbitKit-io/OrbitKit-Deploy@v1
with:
api-key: $
app-id: $
Security
- API key as secret — always store your API key as a GitHub secret, never hardcode it in workflow files
- Secret scanning — OrbitKit API keys use the
ok_prefix, which is auto-detected by GitHub secret scanning if accidentally committed - No script injection — all inputs are passed as environment variables, not interpolated in shell commands (per GitHub security hardening best practices)
Errors
If the deploy fails, the action sets a ::error:: annotation visible in the GitHub Actions UI:
Deploy failed (HTTP 401): Invalid or revoked API key
Common causes:
| Error | Fix |
|---|---|
| HTTP 401 | Check that ORBITKIT_API_KEY is set correctly in repository secrets |
| HTTP 403 | API key doesn’t have access to the specified app |
| HTTP 404 | Check that ORBITKIT_APP_ID is correct |
| HTTP 402 | App requires an active subscription to deploy |
CLI vs. GitHub Action vs. MCP Server
| Feature | CLI | GitHub Action | MCP Server |
|---|---|---|---|
| Deploy | Yes | Yes | Yes |
| Update policy/pages | Yes | No — use CLI in a prior step | Yes |
| Custom domains | Yes | No | Yes |
| App management | Yes | No | Yes |
| Works in CI/CD | Yes | Yes | No |
| Works in AI tools | No | No | Yes |
| Requires Node.js | Yes | No | No |
Use the action for simple deploy-on-push workflows. Use the CLI when you need to update content, manage apps, or work outside GitHub Actions. Use the MCP Server to manage OrbitKit from Claude, Cursor, and other AI tools.