Skip to main content
Automate your Pipecat Cloud deployment using the official Deploy to Pipecat Cloud GitHub Action. This guide shows you how to build and deploy your agent whenever you push changes to your main branch.

Prerequisites

Before setting up your workflow, ensure you have:
  • A Pipecat Cloud account with a Private API key
  • A Docker Hub account (or another container registry)
  • An image pull secret configured in Pipecat Cloud
  • A secret set configured for your agent

Configure GitHub Secrets

Add the following secrets to your repository (Settings → Secrets and variables → Actions):
  • DOCKERHUB_USERNAME: Your Docker Hub username
  • DOCKERHUB_TOKEN: Your Docker Hub access token
  • PCC_API_KEY: Your Pipecat Cloud Private API key
For Docker Hub, use a personal access token rather than your password.

Basic Workflow Configuration

Create .github/workflows/deploy.yml in your repository: 
name: Deploy to Pipecat Cloud

on:
  push:
    branches: ["main"]

jobs:
  deploy:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Build and Deploy to Pipecat Cloud
        uses: daily-co/pipecat-cloud-deploy-action@v1
        with:
          api-key: ${{ secrets.PCC_API_KEY }}
          agent-name: ${{ github.event.repository.name }}
          build: true
          image: ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}
          registry-username: ${{ secrets.DOCKERHUB_USERNAME }}
          registry-password: ${{ secrets.DOCKERHUB_TOKEN }}
          secret-set: my-secret-set
          image-credentials: my-image-pull-secret
          min-agents: 0
          max-agents: 10
This workflow will:
  1. Trigger on every push to the main branch
  2. Build your Docker image for linux/arm64 (the action sets this automatically)
  3. Push the image to Docker Hub with a tag defaulting to the commit SHA
  4. Deploy the new image to Pipecat Cloud and wait for readiness
Avoid reusing the same image tag for multiple builds. The action defaults to tagging with ${{ github.sha }} so each deploy uses a unique tag. If you override tag, use a value that changes per build (e.g. date or SHA) so Pipecat Cloud does not serve cached, outdated images.

Image Tagging

By default the action tags the image with the git commit SHA. To use a custom tag: 
- name: Build and Deploy to Pipecat Cloud
  uses: daily-co/pipecat-cloud-deploy-action@v1
  with:
    api-key: ${{ secrets.PCC_API_KEY }}
    agent-name: ${{ github.event.repository.name }}
    build: true
    image: ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}
    tag: ${{ github.ref_name }}-${{ github.sha }}
    registry-username: ${{ secrets.DOCKERHUB_USERNAME }}
    registry-password: ${{ secrets.DOCKERHUB_TOKEN }}
    secret-set: my-secret-set

Monorepo Configuration

If your agent lives in a subdirectory (e.g. server/, as with Pipecat CLI–generated code), set the build context and optionally restrict the workflow to that path: 
name: Deploy to Pipecat Cloud

on:
  push:
    branches: ["main"]
    paths:
      - "server/**"

jobs:
  deploy:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Build and Deploy to Pipecat Cloud
        uses: daily-co/pipecat-cloud-deploy-action@v1
        with:
          api-key: ${{ secrets.PCC_API_KEY }}
          agent-name: ${{ github.event.repository.name }}
          build: true
          image: ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}
          docker-context: ./server
          dockerfile: ./server/Dockerfile
          registry-username: ${{ secrets.DOCKERHUB_USERNAME }}
          registry-password: ${{ secrets.DOCKERHUB_TOKEN }}
          secret-set: my-secret-set
          image-credentials: my-image-pull-secret
The paths filter ensures the workflow runs only when files under server/ change.

Platform and Build Behavior

Pipecat Cloud requires images built for linux/arm64. When build is enabled, the action automatically passes --platform linux/arm64 to Docker and sets up QEMU emulation on x64 runners, so no extra steps are needed.

Customizing Deployment

Configure the deployment via the action inputs:
  • image-credentials: Name of the image pull secret set in Pipecat Cloud (for private registries)
  • secret-set: Name of the secret set used for runtime environment variables
  • region: Deployment region (uses your organization default if omitted)
  • min-agents: Minimum agents to keep warm (0–50)
  • max-agents: Maximum concurrent agents (1–50)
  • agent-profile: Agent profile name, if used
  • wait-for-ready: Whether to poll until the deployment is ready (default: true)
  • wait-timeout: Max seconds to wait for readiness (default: 90)
Tune min-agents and max-agents based on your traffic. See the Capacity Planning guide for guidance.

Deploying a Pre-built Image

If you build the image in another job or CI system, deploy by setting build: false and passing a fully tagged image: 
- name: Deploy to Pipecat Cloud
  uses: daily-co/pipecat-cloud-deploy-action@v1
  with:
    api-key: ${{ secrets.PCC_API_KEY }}
    agent-name: ${{ github.event.repository.name }}
    image: ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:v1.2.3
    secret-set: my-secret-set
    image-credentials: my-image-pull-secret

Next Steps

Secrets Management

Learn how to securely manage image pull secrets and environment variables.

Scaling Configuration

Configure auto-scaling to handle varying traffic loads.