Deploy Your Grant Kit

Once you have a Grant Kit configured and a repo connected, you can deploy your Grant Kit. You would typically do this through your CI.

If you created a Grant Kit using one of the official Starter Kits, you'll already have GitHub Actions configured for you. You can use these or provide your own. Additionally, they use Terraform State hosted by Abbey, but it's recommended you point your state backends to your own, that way reducing security risk on your end from having state external to your infrastructure.

Deploy Your Grant Kit

You'll want to commit your grant kit changes to your default branch in GitHub. For most users, that will be the main branch.

To deploy, push to your default branch:

git push origin main

The deploy registers your resources with Abbey and effectively says "Hey Abbey, from this point forward, please manage permissions for these resources for me."

(Optional) Deploy without using CI

You can optionally deploy from your local machine without going through CI. To do this, you'll need to have Terraform installed. Once installed, you'll need to:

Initialize your Terraform configuration:

terraform init

(Optional) Plan your Terraform configuration:

You can optionally run terraform plan to get a sense of what changes would be made.

terraform plan -var-file=dev.tfvars

Before you deploy, make sure you push any changes to your repository. That way, Abbey has the latest changes when generating your Terraform output.

Deploy your Terraform configuration:

ABBEY_TOKEN=<your API token> TF_HTTP_USERNAME=<http backend username> TF_HTTP_PASSWORD=<abbey token> terraform apply -var-file=dev.tfvars

To use the same state backend as your CI/CD, your TF_HTTP_USERNAME can be found in your .github/workflows/abbey-grant-kit-materialize.yaml file. Your TF_HTTP_PASSWORD will be the same value as your ABBEY_TOKEN.

At this point, you should see your deployed grant kit under If it's not showing up, it likely has a configuration issue causing the deployment to fail.

Go to your CI (or wherever you deploy Terraform) to check for any failed runs during the Terraform plan or apply steps.

If you're following the quickstart, this will be in your GitHub repo under the Actions tab i.e.{username|org-name}/{repo-name}/actions. Find the corresponding action run to the commit where you added the grant kit and see if it ran successfully. If it failed, open the run to see the failure exception.

A common deployment failure for grant kits is a misconfigured location field in the output block or bundle field in the policies block

  • Double check it starts with github://

  • Double check repository and username or org name is correct

  • Double check for any extra : or /'s

Last updated