Skip to main content

Upgrade Serverless Functions (Optional)

caution

We do not recommend upgrading your container directly from CI in production. This approach hands over control to automation, which may not be suitable for critical environments. Prefer a change workflow and executing the upgrade with your CLI or in the Console UI.

1. Authentication

Unlike other actions, upgrading a container requires admin privileges. Since OIDC-generated tokens are intentionally restricted from admin permissions for security reasons, you need to set up a secret token instead.

Follow the steps below to generate such a token:

  1. Go to the Juno's console.
  2. Select your Satellite.
  3. On the Satellite's dashboard, navigate to the "Setup" tab.
  4. Click on "Add an access key".
  5. Generate a new key and assign it an "Administrator" (⚠️) role.
  6. Click "Submit".
  7. Upon successful creation, a new access key will be generated, and a "Secret token" will be displayed. Copy the token value and save it as an encrypted secret in your repository or organization, using the key JUNO_TOKEN.

2. Configuration

To configure an action to upgrade your Satellite container, follow these steps:

  1. Create an upgrade.yml file in the .github/workflows subfolder of your repository.
  2. Paste the following code into the file:
.github/workflows/upgrade.yml
name: Upgrade Satellite Container

on:
  workflow_dispatch:

jobs:
  upgrade:
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repo
        uses: actions/checkout@v4

      - uses: actions/setup-node@v4
        with:
          node-version: 24
          registry-url: "https://registry.npmjs.org"

      - name: Install Dependencies
        run: npm ci

      - name: Build
        uses: junobuild/juno-action@full
        with:
          args: functions build

      - name: Upgrade
        uses: junobuild/juno-action@full
        with:
          args: functions upgrade
        env:
          JUNO_TOKEN: ${{ secrets.JUNO_TOKEN }}