Pre-launch — Gluecron is in final validation. Public signups and git hosting for non-owner users open after launch review.

Workflow YAML syntax

Workflows live in .gluecron/workflows/*.yml at the repo root. Gluecron runs them on the same node that handles your pushes — no external scheduler required.

Minimal example

name: CI

on:
  push:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: bun install --frozen-lockfile
      - run: bun test

Triggers

The on: key controls when a workflow fires. Multiple triggers can be combined in a single file.

push

on:
  push:
    branches: [main, "release/**"]
    # Optional — only run when these paths change:
    paths:
      - "src/**"
      - "package.json"

pull_request

on:
  pull_request:
    types: [opened, synchronize, reopened]
    branches: [main]

schedule (cron)

Drop a cron expression in the schedule array. The Gluecron autopilot ticker fires it from the same node — no external scheduler needed.

on:
  schedule:
    # Every day at 06:00 UTC
    - cron: "0 6 * * *"
    # Every Monday at 09:00 UTC
    - cron: "0 9 * * 1"

workflow_dispatch (manual)

on:
  workflow_dispatch:
    inputs:
      environment:
        description: "Target environment"
        required: true
        default: staging
        type: choice
        options: [staging, production]

Jobs

Each job runs in a fresh container. Jobs within the same workflow run in parallel by default; use needs: to sequence them.

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: bun run build

  deploy:
    runs-on: ubuntu-latest
    needs: build           # waits for build to succeed
    if: github.ref == 'refs/heads/main'
    steps:
      - run: echo "Deploying…"

Steps

run — shell commands

steps:
  - name: Install deps
    run: bun install --frozen-lockfile

  - name: Multi-line script
    run: |
      bun run lint
      bun run typecheck
      bun test --reporter=verbose

uses — reusable actions

steps:
  - uses: actions/checkout@v4          # check out the repo

  - uses: oven-sh/setup-bun@v2         # install Bun
    with:
      bun-version: latest

  - uses: actions/cache@v4             # cache restore/save
    with:
      path: ~/.bun/install/cache
      key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}

Environment variables

Set env vars at the workflow, job, or step level. Step-level values override job-level which override workflow-level.

env:
  NODE_ENV: test
  LOG_LEVEL: debug

jobs:
  test:
    runs-on: ubuntu-latest
    env:
      DATABASE_URL: postgresql://localhost/testdb
    steps:
      - run: bun test
        env:
          VERBOSE: "1"            # step-level override

Secrets

Secrets are stored encrypted at the repo or org level and injected at runtime. They never appear in logs — values are masked automatically.

steps:
  - name: Deploy
    run: curl -X POST $DEPLOY_WEBHOOK
    env:
      DEPLOY_WEBHOOK: ${{ secrets.DEPLOY_WEBHOOK_URL }}

Manage repo secrets at /:owner/:repo/settings/secrets. Org-level secrets live at /orgs/:slug/settings/secrets and are shared across all repos in the org.

Matrix builds

Run the same job across multiple configurations in parallel.

jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node: [18, 20, 22]
        os: [ubuntu-latest, macos-latest]
      fail-fast: false    # don't cancel others on first failure
    steps:
      - uses: actions/checkout@v4
      - run: node --version   # uses matrix.node implicitly via setup-node
      - run: bun test

Cache action

# Bun package cache — speeds up installs by ~80% on warm hits
- uses: actions/cache@v4
  id: bun-cache
  with:
    path: ~/.bun/install/cache
    key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
    restore-keys: |
      ${{ runner.os }}-bun-

- run: bun install --frozen-lockfile

Expressions

# Context access
${{ github.actor }}          # username that triggered the run
${{ github.ref }}            # refs/heads/main
${{ github.sha }}            # full commit SHA
${{ runner.os }}             # Linux | macOS | Windows
${{ job.status }}            # success | failure | cancelled

# Functions
${{ hashFiles('**/bun.lockb') }}
${{ contains(github.ref, 'release') }}
${{ startsWith(github.ref, 'refs/tags/') }}

Complete CI + deploy example

# .gluecron/workflows/ci.yml
name: CI / Deploy

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  ci:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: actions/cache@v4
        with:
          path: ~/.bun/install/cache
          key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}

      - uses: oven-sh/setup-bun@v2
        with:
          bun-version: latest

      - run: bun install --frozen-lockfile
      - run: bun run typecheck
      - run: bun test

  deploy:
    runs-on: ubuntu-latest
    needs: ci
    if: github.ref == 'refs/heads/main'
    steps:
      - uses: actions/checkout@v4
      - run: bun run build
      - name: Deploy to Fly.io
        run: flyctl deploy --remote-only
        env:
          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
Edit this page