CI integration
Pagifier has no CLI by design — CI integration is one authenticated HTTP call, and the platform ships reusable steps so pipelines stay one line.
GitHub Actions
Use the composite action published by your platform team
(source: examples/ci/github-action in the Pagifier repository):
- uses: company/pagifier-deploy@v1
with:
config: frontend/pagifier.toml
environment: prod
token: ${{ secrets.PAGIFIER_TOKEN }}
The action validates the configuration first (fast failure with readable
errors annotated on the PR), zips the workspace, uploads with ?wait=true,
streams build/deploy progress into the job log, fails the job with the
build log inline on error, and exports the deployed URL as an output.
Jenkins
The shared-library step (examples/ci/jenkins) has the same flow:
pagifierDeploy(
config: 'frontend/pagifier.toml',
environment: 'prod',
credentialsId: 'pagifier-token',
)
Any other CI
Three commands work everywhere:
# 1. Validate (fail the PR early)
curl --fail-with-body -sS -H "Authorization: Bearer $PAGIFIER_TOKEN" \
--data-binary @pagifier.toml "$PAGIFIER_URL/v1/validate"
# 2. Package
zip -qr app.zip . -x '.git/*' -x 'node_modules/*'
# 3. Deploy and wait
curl --fail-with-body -sS -N -H "Authorization: Bearer $PAGIFIER_TOKEN" \
-F config=@pagifier.toml -F archive=@app.zip \
"$PAGIFIER_URL/v1/applications/$APP/environments/$ENV/deployments?wait=true"
The ?wait=true stream is newline-delimited JSON. The final line carries
done: true plus success, the app url, and — on build failure — the
tail of the build log, so your pipeline needs no polling loop and no
kubectl access to debug a red deploy.
Building in CI instead of in-cluster
If your pipeline already builds the artifact, skip the in-cluster build:
build: false
artifact: dist
Zip the built output and upload as usual. Pagifier still packages it into a content-addressed OCI image, verifies its digest, and (when configured) signs it.
Signed artifacts
Tenants with a signing policy sign the archive in CI and pass the signature:
cosign sign-blob --key cosign.key app.zip > app.sig
curl ... -F signature=@app.sig ...
Unsigned uploads are rejected with 403 signature_required when the
policy demands it. See supply-chain security.