# 4. Trigger the workflows

After setting up your environments and variables, you can deploy sfops using this workflow:

## Deploy to All Environments

### Release and Deploy to Environments in ORGS

**Workflow:** release-please\
**How to trigger:**

1. Go to Actions → "release-please" from the left sidebar
2. Click "Run workflow" for manual trigger
3. Or it runs automatically on pushes to main branch

This workflow:

* Creates releases using release-please (when changes are detected)
* For each environment in `ORGS` array:
  * Builds sfops and sfops-lite Docker images from base sfp-pro images
  * Uses `BASE_REGISTRY`, `BASE_REPO`, `BASE_IMAGE_NAME`, and `BASE_LITE_IMAGE_NAME` variables to pull the base images
  * Tags images with version number (e.g., `31.2.0`) and `latest`
  * Pushes built images to ghcr.io
  * Syncs sfops-gh-actions and sfops-dashboard to the environment

{% hint style="info" %}
**Important for Forked Repositories:** If you have forked sfp-pro and are using custom image names, ensure you set both:

* `BASE_IMAGE_NAME`: For the main sfops image (defaults to `sfp-pro`)
* `BASE_LITE_IMAGE_NAME`: For the lite sfops image (defaults to `sfp-pro-lite`)

These variables are crucial for clients who have forked sfp-pro with different image names.
{% endhint %}

**Note:** Add all your environments (production, test, alpha, etc.) to the `ORGS` array variable in your repository settings.

## Troubleshooting Docker Builds

If your Docker build fails with errors like:

* `403 Forbidden` or `not found` for base images:
  * Ensure `BASE_REGISTRY_USERNAME` and `BASE_REGISTRY_TOKEN` secrets are set correctly
  * Verify the base image exists at the specified registry
  * Check that your PAT has `read:packages` permission for the base registry
* `denied: permission_denied: write_package` when pushing:
  * This happens when `GITHUB_TOKEN` doesn't have access to push to existing packages
  * **Solution 1 (Recommended):** Set `DOCKER_PUSH_TOKEN` secret with a PAT that has `write:packages` permission
  * **Solution 2:** Grant the repository write access to the package:
    1. Go to: `https://github.com/orgs/YOUR_ORG/packages/container/PACKAGE_NAME/settings`
    2. Under **"Manage Actions access"** section, click **"Add Repository"**
    3. Add your `sfops` repository with **Write** role
    4. Repeat for both `sfops` and `sfops-lite` packages
* Authentication errors when pushing:
  * Ensure `DOCKER_PUSH_TOKEN` secret is set with a valid PAT
  * Verify your PAT has `write:packages` permission
  * If using SSO, ensure the PAT is authorized for your organization

{% hint style="info" %}
**Base Image Configuration:**

* Production uses: `sfp-pro:latest` (or your custom base via BASE\_IMAGE\_NAME)
* Test/Alpha uses: `sfp-pro-rc:development` (or your custom RC base via BASE\_IMAGE\_NAME\_RC)
  {% endhint %}

{% hint style="warning" %}
These variables will be automatically set up during the set up of sfops in your repository by the FLXBL team. This guide is only applicable when you are setting up a self managed instance of sfops
{% endhint %}