OrchStep in CI
Run the same orchstep.yml locally and in CI - GitHub Actions and GitLab, with plain logs, exit codes, and inline failure annotations
The whole point of a single static binary is that the workflow you run on your
laptop runs byte-for-byte the same in CI. There's nothing to install
differently - curl | sh the binary (or use the official actions) and run the
same orchstep.yml.
CI gets the machine-friendly behavior automatically: piped output is
plain (no emoji/boxes), failures follow a documented
exit-code contract, and on GitHub the failure shows
up as an inline ::error annotation.
GitHub Actions
Two official actions: orchstep/setup-orchstep
installs the CLI, orchstep/run-orchstep
installs and runs in one step.
One step (install + run)
name: orchstep
on: [push, pull_request]
jobs:
run:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: orchstep/run-orchstep@v1
with:
workflow: orchstep.yml
task: ci # default: the main taskA failed run fails the job, prints plain logs in the run, and adds an inline
::error annotation pointing at the offending file/line.
Install once, run several tasks
steps:
- uses: actions/checkout@v4
- uses: orchstep/setup-orchstep@v1
with:
version: latest # or a pinned semver
- run: orchstep lint
- run: orchstep run build
- run: orchstep run deploy --env stagingStructured result for later steps
Keep the readable logs and capture a machine-readable result:
- uses: orchstep/run-orchstep@v1
with:
workflow: orchstep.yml
task: deploy
json-file: result.json # logs stream to the run; result written to a file
- run: jq -r '.status' result.jsonrun-orchstep also exposes exit-code and summary outputs, and writes a
collapsible step summary to the job page.
Reproducible module supply chain
Commit your orchstep.lock and gate the build so a
force-moved module tag fails CI instead of silently changing what runs:
- uses: orchstep/setup-orchstep@v1
- run: orchstep module verify # exits non-zero on supply-chain drift
- run: orchstep run deployGitLab CI
No action needed - install the binary and run:
orchstep:
image: alpine:latest
before_script:
- apk add --no-cache curl bash git
- curl -fsSL https://orchstep.dev/install.sh | sh
script:
- orchstep module verify
- orchstep run ci --output plain--output plain is explicit here; OrchStep would auto-detect it anyway since
the GitLab job log is not a TTY.
Exit codes in any CI
Branch on the kind of failure, not just pass/fail:
| Code | Meaning |
|---|---|
0 | success |
1 | a task/step failed |
3 | the workflow itself is broken (bad key, unmet required.orchstep, missing file) |
4 | an assert step failed |
See Output & Exit Codes for the full contract and JSON shape.