Deployments
Galleon handles the full deployment lifecycle — generating infrastructure code, running CI/CD in your GitHub account, and provisioning resources in your AWS account. Everything runs in systems you control.
How a deployment works
When you click Deploy in the Galleon UI:
- Galleon generates infrastructure code — Terraform configuration and a GitHub Actions workflow, tailored to your detected framework and tier.
- Code is committed to your repo — Galleon opens a commit on
mainwith the generated files. You can review the diff before or after. - GitHub Actions runs the workflow — The workflow builds your application, runs
terraform apply, and provisions infrastructure in your AWS account using OIDC federation. No long-lived credentials anywhere. - You watch it happen — The Galleon UI streams live logs from the GitHub Actions run as each step executes.
Once the initial deploy succeeds, every subsequent push to main runs the same workflow automatically. No "Deploy" button after the first time.
What gets committed to your repo
Galleon writes the following files into your repository:
- Terraform files (
main.tf,variables.tf,outputs.tf) — Define your AWS infrastructure based on your stack and tier. - GitHub Actions workflow (
.github/workflows/galleon-deploy-{app-name}.yml) — The CI/CD pipeline that builds, provisions, and deploys on every push. - Dockerfile — For container-based deployments, generated to fit your framework.
You own these files. You can read them, edit them, audit them, or fork them. They persist in your repo whether you keep using Galleon or not — if you cancel, your infrastructure keeps running because it's defined in code that you own and runs from a workflow that you control.
What happens when a deployment fails
When a deployment fails, Galleon automatically:
- Reads the GitHub Actions logs for the failed run
- Identifies the root cause using AI failure analysis tuned for AWS deployment failures
- Surfaces the diagnosis in the UI — the specific log lines, the likely cause, and the recommended fix
- Opens a pull request with the fix, when the issue is in your infrastructure or configuration (wrong port, missing env var, IAM permission, memory limit, etc.)
For application-code failures (unhandled exceptions, dependency errors, broken tests), Galleon surfaces the diagnosis but doesn't write your code — you get the specific log lines and the suggested fix, and you take it from there.
See AI Failure Analysis for the full list of failure patterns Galleon recognises and how the diagnosis is generated.
Watching a deployment
The Galleon UI streams live output from the GitHub Actions workflow as it runs. You see each step — build, Terraform plan, Terraform apply, health checks — in real time, without switching to GitHub.
The Runs page shows all past deployments for your applications. Filter by status, conclusion, or execution type. Click into any run to see its full log output and metadata.
Execution types
Galleon supports two execution types:
- deploy — Provisions new infrastructure or updates existing infrastructure. The standard deployment flow.
- destroy — Tears down all infrastructure provisioned by a previous deployment, via
terraform destroy. See Infrastructure Teardown for safety controls.
Status reference
Every execution has a status and, when complete, a conclusion.
Status:
| Status | Meaning |
|---|---|
queued | Workflow is queued in GitHub Actions |
in_progress | Workflow is actively running |
waiting | Workflow is waiting for approval or a dependency |
completed | Workflow has finished — check conclusion |
Conclusion (set when status is completed):
| Conclusion | Meaning |
|---|---|
success | Deployment completed successfully |
failure | Deployment failed — failure analysis runs automatically |
cancelled | Deployment was cancelled before completion |
Why deployments work this way
A few design decisions worth flagging:
- Code lives in your repo, not ours. The Terraform and workflow files Galleon generates are committed to your GitHub repository. You can review them, modify them, or use them without Galleon.
- CI/CD runs in your GitHub account. Builds and deploys execute via GitHub Actions in your organisation, with logs you fully own.
- AWS access uses OIDC federation, not stored credentials. Galleon never holds long-lived AWS keys for your account. The IAM role created during AWS setup is assumed by GitHub Actions at deploy time and scoped to only the services Galleon manages.
- The same pipeline runs every time. There's no privileged "Galleon-only" deploy path. Your first deploy and your hundredth deploy run through the same Terraform and the same workflow, which means deployments are reproducible and auditable.
Next steps
- Deployment Tiers — Backend and frontend deployment shapes
- AI Failure Analysis — How Galleon diagnoses and fixes deployment failures
- Infrastructure Teardown — How to destroy provisioned infrastructure