# Deploying Workflows
Source: https://docs.chain.link/cre/guides/operations/deploying-workflows
Last Updated: 2026-04-30

> For the complete documentation index, see [llms.txt](/llms.txt).

> **NOTE: Early Access required**
>
> Workflow deployment is currently in Early Access. Run `cre account access` or visit <a href="https://app.chain.link/cre/request-access" target="_blank" rel="noopener noreferrer">app.chain.link/cre/request-access</a> to submit a request. See [Requesting Deploy Access](/cre/account/deploy-access) for details.

**While you wait:** Continue building and simulating workflows using [`cre workflow simulate`](/cre/guides/operations/simulating-workflows).

When you deploy a workflow, you take your locally tested code and register it with the onchain Workflow Registry contract. This makes your workflow "live" so it can activate and respond to triggers across a [Decentralized Oracle Network (DON)](/cre/key-terms#decentralized-oracle-network-don).

## Prerequisites

Before you can deploy a workflow, you must have:

- **Early Access approval**: Workflow deployment is currently in Early Access. Run `cre account access` to check your status or submit a request. See [Requesting Deploy Access](/cre/account/deploy-access).
- **[Authenticated](/cre/reference/cli/authentication)**: Logged in via `cre login` or using an [API key](/cre/reference/cli/authentication#api-key-authentication) (`CRE_API_KEY`). To verify, run `cre whoami`.
- **[Linked your key](/cre/reference/cli/account#cre-account-link-key)**: Linked your EOA or multi-sig wallet to your account by running `cre account link-key`.
- **A funded wallet**: The account you are deploying from must be funded with ETH on Ethereum Mainnet to pay the gas fees for the onchain registration transaction to the Workflow Registry contract.

## The deployment process

The `cre workflow deploy` command handles the entire end-to-end process for you:

1. **Compiles** your workflow to a WASM binary.
2. **Uploads** the compiled binary and any associated configuration files (like your config file or `secrets.yaml`) to the CRE Storage Service.
3. **Registers** the workflow onchain by submitting a transaction to the Workflow Registry contract on **Ethereum Mainnet**. Your wallet must have ETH for gas fees, and your `project.yaml` must include an RPC configuration for `ethereum-mainnet` (e.g., `https://ethereum-rpc.publicnode.com`). This transaction contains the metadata for your workflow, including its name, owner, and the URL of its artifacts in the storage service.

> **CAUTION: Early Access: Disclaimer**
>
> Chainlink Runtime Environment (CRE) deployment is in the "Early Access" stage of development, which means that CRE currently has functionality which is under development and may be changed in later versions. By using CRE, you expressly acknowledge and agree to accept the Chainlink <a href="https://chain.link/terms" target="_blank" rel="noopener noreferrer">Terms of Service</a>, which provides important information and disclosures.

### Step 1: Ensure your configuration is correct

Before deploying, ensure your `workflow.yaml` file is correctly configured. The `workflow-name` is required under the `user-workflow` section for your target environment.

If you are deploying from a multi-sig wallet, specify your multi-sig address in the `workflow-owner-address` field. If you are deploying from a standard EOA, you can leave this field unchanged—the owner will be automatically derived from the `CRE_ETH_PRIVATE_KEY` in your `.env` file.

For more details on configuration, see the [Project Configuration](/cre/reference/project-configuration) reference.

### Step 2: Run the deploy command

**From your project root directory**, run the `deploy` command with the path to your workflow folder.

```bash
cre workflow deploy <workflow-folder-path> [flags]
```

Example command to target the `production-settings` environment:

```bash
cre workflow deploy my-workflow --target production-settings
```

**Available flags:**

| Flag             | Description                                                                             |
| ---------------- | --------------------------------------------------------------------------------------- |
| `--target`       | Sets the target environment from your configuration files (e.g., `production-settings`) |
| `--output`       | The output file for the compiled WASM binary (default: `"./binary.wasm.br.b64"`)        |
| `--wasm`         | Path to a pre-built WASM binary (skips compilation). Useful in CI/CD pipelines          |
| `--config`       | Override the config file path from `workflow.yaml`                                      |
| `--no-config`    | Deploy without a config file                                                            |
| `--unsigned`     | Return the raw transaction instead of broadcasting it to the network                    |
| `--yes`          | Skip confirmation prompts and proceed with the operation                                |
| `--project-root` | Path to the project root directory                                                      |
| `--env`          | Path to your `.env` file (default: `".env"`)                                            |
| `--verbose`      | Enable verbose logging to print `DEBUG` level logs                                      |

### Step 3: Monitor the output

The CLI will provide detailed logs of the deployment process, including the compilation, upload to the CRE Storage Service, and the final onchain transaction.

```bash
> cre workflow deploy my-workflow --target production-settings

Deploying Workflow :     my-workflow
Target :                 production-settings
Owner Address :          <your-owner-address>

Compiling workflow...
Workflow compiled successfully

Verifying ownership...
Workflow owner link status: owner=<your-owner-address>, linked=true
Key ownership verified

Uploading files...
✔ Loaded binary from: ./binary.wasm.br.b64
✔ Uploaded binary to: https://storage.cre.example.com/artifacts/<workflow-id>/binary.wasm
✔ Loaded config from: ./config.json
✔ Uploaded config to: https://storage.cre.example.com/artifacts/<workflow-id>/config

Preparing deployment transaction...
Preparing transaction for workflowID: <your-workflow-id>
Transaction details:
  Chain Name:   ethereum-mainnet
  To:           0x4Ac54353FA4Fa961AfcC5ec4B118596d3305E7e5
  Function:     UpsertWorkflow
  Inputs:
    [0]:        my-workflow
    [1]:        my-workflow
    [2]:        <your-workflow-id>
    [3]:        0
    [4]:        zone-a
    [5]:        https://storage.cre.example.com/artifacts/<workflow-id>/binary.wasm
    [6]:        https://storage.cre.example.com/artifacts/<workflow-id>/config
    [7]:        0x
    [8]:        false
  Data:         b377bfc50000000000000000000000000000000000...
Estimated Cost:
  Gas Price:      0.00100001 gwei
  Total Cost:     0.00000079 ETH
? Do you want to execute this transaction?:
  ▸ Yes
    No

Transaction confirmed
View on explorer: https://etherscan.io/tx/0x58599f6...d916b

✓ Workflow deployed successfully

Details:
   Registry:         onchain:ethereum-mainnet
   Contract address: 0x4Ac54353FA4Fa961AfcC5ec4B118596d3305E7e5
   Transaction hash: 0x58599f6...d916b
   Workflow Name:    my-workflow
   Workflow ID:      <your-workflow-id>
   Binary URL:       https://storage.cre.example.com/artifacts/<workflow-id>/binary.wasm
   Config URL:       https://storage.cre.example.com/artifacts/<workflow-id>/config
```

## Verifying your deployment

After a successful deployment, you can verify that your workflow was registered correctly in two ways:

1. **CRE UI**: View your deployed workflow in the [CRE platform](https://app.chain.link/cre/discover). Navigate to the **Workflows** section to see your workflow's status, ID, and execution history.

2. **Block Explorer**: Check the Workflow Registry contract on a block explorer. The CLI output will provide the transaction hash for the registration. The `WorkflowRegistry` contract is deployed on **Ethereum Mainnet** at the address <a href="https://etherscan.io/address/0x4ac54353fa4fa961afcc5ec4b118596d3305e7e5#code" target="_blank" rel="noopener noreferrer">`0x4Ac54353FA4Fa961AfcC5ec4B118596d3305E7e5`</a>.

## CI/CD pipeline integration

The `cre workflow build` and `cre workflow deploy` commands can be run as independent steps, making it straightforward to integrate CRE deployments into CI/CD pipelines.

The separation gives you two key benefits:

- **Build once, deploy many times** — Compile your workflow to a WASM binary in a build step, then promote that exact binary to staging and production without recompiling. This ensures the artifact you tested is the artifact you deploy.
- **Verify before deploying** — Use `cre workflow hash` after building to record and verify content hashes before submitting a deployment transaction.

### Example: GitHub Actions

The following example shows a two-job pipeline: a `build` job that compiles and uploads the WASM artifact, and a `deploy` job that downloads and deploys that exact binary.

```yaml
# .github/workflows/deploy.yml
name: Deploy Workflow

on:
  push:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install CRE CLI
        run: curl -sSL https://github.com/smartcontractkit/cre-cli/releases/latest/download/install.sh | sh

      - name: Build workflow
        run: cre workflow build ./my-workflow --output ./my-workflow/binary.wasm --non-interactive
        env:
          CRE_API_KEY: ${{ secrets.CRE_API_KEY }}

      - name: Display content hashes
        run: cre workflow hash ./my-workflow --wasm ./my-workflow/binary.wasm --target production-settings --non-interactive
        env:
          CRE_API_KEY: ${{ secrets.CRE_API_KEY }}
          CRE_ETH_PRIVATE_KEY: ${{ secrets.CRE_ETH_PRIVATE_KEY }}

      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: workflow-binary
          path: ./my-workflow/binary.wasm

  deploy:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install CRE CLI
        run: curl -sSL https://github.com/smartcontractkit/cre-cli/releases/latest/download/install.sh | sh

      - name: Download artifact
        uses: actions/download-artifact@v4
        with:
          name: workflow-binary
          path: ./my-workflow

      - name: Deploy workflow
        run: cre workflow deploy ./my-workflow --wasm ./my-workflow/binary.wasm --target production-settings --yes --non-interactive
        env:
          CRE_API_KEY: ${{ secrets.CRE_API_KEY }}
          CRE_ETH_PRIVATE_KEY: ${{ secrets.CRE_ETH_PRIVATE_KEY }}
          INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }}
```

> **NOTE: API key authentication**
>
> Use `CRE_API_KEY` for non-interactive authentication in CI/CD pipelines instead of `cre login`, and pass `--non-interactive` so commands fail instead of prompting. Create an API key from the CRE platform under **Organization → APIs**. See [Authentication](/cre/reference/cli/authentication#api-key-authentication) for setup instructions.

> **NOTE: RPC URLs in CI/CD**
>
> Use `${VAR_NAME}` syntax in your `project.yaml` RPC URLs to inject secrets from your CI/CD environment. See [Environment variable interpolation in RPC URLs](/cre/reference/project-configuration#environment-variable-interpolation-in-rpc-urls) for details.

## Using multi-sig wallets

The `deploy` command supports multi-sig wallets through the `--unsigned` flag. When using this flag, the CLI generates raw transaction data that you can submit through your multi-sig wallet interface instead of sending the transaction directly.

For complete setup instructions, configuration requirements, and step-by-step guidance, see [Using Multi-sig Wallets](/cre/guides/operations/using-multisig-wallets).

## Next steps

- [Activating & Pausing Workflows](/cre/guides/operations/activating-pausing-workflows): Learn how to control workflow execution
- [Monitoring Workflows](/cre/guides/operations/monitoring-workflows): Track your workflow's execution and performance
- [Updating Deployed Workflows](/cre/guides/operations/updating-deployed-workflows): Deploy new versions of your workflow