Skip to main content

Vienna OS GitHub Action

Integrate Vienna OS governance directly into your GitHub workflows. The Vienna OS GitHub Action allows you to govern deployments, releases, and other critical operations through your existing CI/CD pipeline.

Quick Start

Add the Vienna OS governance check to your workflow:

name: Deploy to Production

on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Vienna OS Governance Check
        uses: vienna-os/governance-action@v1
        with:
          api-key: ${{ secrets.VIENNA_API_KEY }}
          action: 'deploy'
          environment: 'production'
          agent-id: 'github-ci'

      - name: Deploy Application
        run: |
          echo "Deploying to production..."
          # Your deployment commands here

Setup Instructions

1. Get Your Vienna OS API Key

  1. Log into your Vienna OS console at console.regulator.ai
  2. Navigate to Settings → API Keys
  3. Create a new API key with execution:submit permissions
  4. Copy the generated API key

2. Add API Key to GitHub Secrets

  1. Go to your repository's Settings → Secrets and Variables → Actions
  2. Click New repository secret
  3. Name: VIENNA_API_KEY
  4. Value: Your Vienna OS API key
  5. Click Add secret

3. Add the Action to Your Workflow

Reference the action in your .github/workflows/*.yml file:

- name: Vienna OS Governance Check
  uses: vienna-os/governance-action@v1
  with:
    api-key: ${{ secrets.VIENNA_API_KEY }}
    action: 'deploy'              # The action being governed
    environment: 'production'     # Target environment
    agent-id: 'github-ci'         # Optional: agent identifier

Configuration Options

api-key

Required

Your Vienna OS API key. Store this as a GitHub secret.

action

Required (default: "deploy")

The action type being governed. Examples: deploy, release, migrate, rollback

environment

Optional (default: "production")

Target environment. Examples: production, staging, development

agent-id

Optional (default: "github-actions")

Identifier for the agent performing the action. Used for governance policies and audit trails.

Governance Responses

The Vienna OS GitHub Action can return different governance modes:

Allowed

The action is approved and the workflow continues normally.

⏳ Approval Required

The action requires manual approval. The workflow will fail with a warning message containing an approval ID. Check your Vienna OS console or Slack for approval options.

Blocked

The action is blocked by governance policies. The workflow fails with an error message.

Advanced Examples

Environment-Specific Governance

name: Multi-Environment Deploy

on:
  workflow_dispatch:
    inputs:
      environment:
        description: 'Target environment'
        required: true
        type: choice
        options:
          - staging
          - production

jobs:
  governance-check:
    runs-on: ubuntu-latest
    outputs:
      governance-mode: ${{ steps.vienna.outputs.governance-mode }}
    steps:
      - name: Vienna OS Governance Check
        id: vienna
        uses: vienna-os/governance-action@v1
        with:
          api-key: ${{ secrets.VIENNA_API_KEY }}
          action: 'deploy'
          environment: ${{ github.event.inputs.environment }}
          agent-id: ${{ github.actor }}

  deploy:
    needs: governance-check
    runs-on: ubuntu-latest
    steps:
      - name: Deploy
        run: |
          echo "Governance mode: ${{ needs.governance-check.outputs.governance-mode }}"
          echo "Deploying to ${{ github.event.inputs.environment }}..."
          # Deployment logic here

Database Migration Governance

name: Database Migration

on:
  workflow_dispatch:
    inputs:
      migration_name:
        description: 'Migration name'
        required: true

jobs:
  migrate:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Vienna OS Migration Governance
        uses: vienna-os/governance-action@v1
        with:
          api-key: ${{ secrets.VIENNA_API_KEY }}
          action: 'database_migration'
          environment: 'production'
          agent-id: 'db-migrator'

      - name: Run Migration
        run: |
          echo "Running migration: ${{ github.event.inputs.migration_name }}"
          # Migration commands here

Monitoring and Audit

All GitHub Actions governed by Vienna OS are logged in your governance console:

  • Execution History — View all governance checks from GitHub Actions
  • Audit Trail — Complete record of approvals, denials, and policy decisions
  • Metrics Dashboard — Track governance effectiveness across your CI/CD pipeline
  • Slack Notifications — Get real-time alerts for approvals and policy violations

Troubleshooting

Action Fails with "Invalid API Key"

  • Verify the API key is correctly stored in GitHub Secrets
  • Ensure the API key has execution:submit permissions
  • Check that the secret name matches exactly: VIENNA_API_KEY

Action Fails with "Blocked by Governance"

  • Review your governance policies in the Vienna OS console
  • Check if the action type, environment, or agent is restricted
  • Contact your governance administrator for policy adjustments

Approval Required but No Notification

  • Verify Slack integration is configured in Vienna OS
  • Check that approval notifications are enabled for your tenant
  • Look for the approval in the Vienna OS console under Approvals → Pending

Next Steps

Need help? Contact support at support@regulator.ai or join our developer community.