Automated Workflows

Every time you push code, Fly automatically publishes your artifacts and creates intelligent releases. Your GitHub Actions workflows seamlessly integrate with Fly Registry - no manual publishing, no token management, just push and deploy.

What Fly automates for you:

• Artifact publishing on every commit
• Smart release generation with AI summaries
• Complete traceability from code to deployment
• Secure, token-free authentication
• Multi-package manager support

One-time setup: Configure your workflows once, then enjoy automated publishing forever.

How to Configure

The Fly GitHub action configures your supported package managers in your workflow runner and handles authentication for you, so you can simply use your regular commands (npm publish, pip install, docker push, etc.).

Option 1: Agentic with MCP (Recommended)

Requirements: Make sure your Desktop App is installed and connected with Fly MCP (supported in Cursor and VS Code Copilot)

See guide on how to install and connect the Desktop App →

Steps:

1. Open your IDE

2. Prompt:

Configure my workflows with Fly

3. Review the changes - Fly MCP automatically adds these snippets to your .github/workflows/*.yml files:

1. Permissions (top level, after on:):

permissions:
  contents: read
  id-token: write

2. Fly Action (after package manager setup steps like actions/setup-node, before artifact operations like npm install, docker push):

- name: JFrog Fly - Configure all your package managers to work with Fly registry
  uses: jfrog/fly-action@v1
  with:
    url: https://<your-fly-subdomain>.jfrog.io

4. Commit and push

For Docker: Include your Fly subdomain in image names: <your-fly-subdomain>.jfrog.io/docker/my-app:tag

Option 2: Manual

Add the same snippets from Option 1 manually to your .github/workflows/*.yml files.

Make sure:

• The permissions block is at the top level of your workflow file (after on:, before jobs:)
• The configuration step is within your job, placed:
  • After package manager setup steps (e.g., actions/setup-node, actions/setup-python)
  • Before artifact operations (e.g., npm install, docker push, mvn deploy)

Example GitHub Actions Workflows

Here are complete examples of GitHub Actions workflows configured for Fly (Fly additions are marked with comments):

Example 1: npm Package Workflow

name: Build and Publish npm Package

on:
  push:
    branches: [main]

# ✨ Fly Addition: Permissions block
permissions:
  contents: read
  id-token: write  # Required for Fly authentication

jobs:
  build:
    runs-on: ubuntu-latest
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      
      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '18'
      
      # ✨ Fly Addition: Configuration step
      - name: JFrog Fly - Configure all your package managers to work with Fly registry
        uses: jfrog/fly-action@v1
        with:
          url: https://<your-fly-subdomain>.jfrog.io
      
      - name: Install dependencies
        run: npm install
      
      - name: Build
        run: npm run build
      
      - name: Publish
        run: npm publish

Example 2: Docker Image Workflow

name: Build and Push Docker Image

on:
  push:
    branches: [main]

# ✨ Fly Addition: Permissions block
permissions:
  contents: read
  id-token: write  # Required for Fly authentication

jobs:
  build:
    runs-on: ubuntu-latest
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      
      # ✨ Fly Addition: Configuration step
      - name: JFrog Fly - Configure all your package managers to work with Fly registry
        uses: jfrog/fly-action@v1
        with:
          url: https://<your-fly-subdomain>.jfrog.io
      
      - name: Build Docker image
        run: docker build -t <your-fly-subdomain>.jfrog.io/docker/my-app:${{ github.sha }} .
      
      - name: Push Docker image
        run: docker push <your-fly-subdomain>.jfrog.io/docker/my-app:${{ github.sha }}

Note: For Docker, always include <your-fly-subdomain>.jfrog.io/docker in your image names.

How Authentication Works

Fly uses OpenID Connect (OIDC) with GitHub for secure, token-free authentication.

Benefits:

• No secrets or tokens stored in GitHub
• Temporary, scoped access
• Automatic token rotation
• Complete audit trail

How Registry Configuration Works

Once your workflow is configured, Fly automatically sets up all package managers on the CI runner to use your Fly Registry.

For Standard Package Managers (npm, pip, Maven, Go, NuGet):

• Use your regular commands - no registry paths or configuration files needed
• Fly automatically routes all packages through your Fly Registry
• Examples: npm install, npm publish, pip install, twine upload, mvn deploy work as-is

For Docker:

• Include your Fly subdomain in image names: <your-fly-subdomain>.jfrog.io/docker/my-app:tag
• See Example 2: Docker Image Workflow above for a complete example

Tracking Workflow Activity

Configuration Status

Once configured, Fly Web shows:

Git Repository View

• Configured - At least one workflow is integrated with Fly
• Not Configured - Repository is connected but workflows need setup

Workflow View

See the configuration status for each individual workflow:

• Workflow name
• Configuration status (Configured/Not Configured)
• Direct link to GitHub workflow file

Learn more in Workflows Section.

Releases

Every successful workflow run that pushes an artifact creates a Release:

• Auto-generated summary of changes
• List of pushed artifacts
• Consumed dependencies
• Related commits and pull requests
• Link to GitHub workflow run

Learn more in Releases Section.

Artifact Provenance

Every artifact pushed from CI is automatically tagged with:

• Artifact Name and Version - Package identifier and version number
• Git Repository - Source repository name and URL
• Release - Associated release record
• Timestamp - When the artifact was created

This ensures complete traceability from artifact back to source code.

Next: Runtime Deployment →