Pantheon deployments from your GitHub repo only
Pantheon is a great Drupal and WordPress hosting. It has a nice UI for deployments. However, doing deployments from UI can have some issues.
Problems we solve:
- Only one person on the team can do deployments to Test / Prod environment in Pantheon
- Deployments need manual steps so that they can be error-prone
- There is no easy way to see what code is currently in Production unless you log in to Pantheon and check it there.
The solution to these could be full deployment automation. Here is how you can accomplish it with Github and Github Actions.
Github to have two branches. Main and Production. Main is where all development happens. On every merge to this branch, we sync the code to Pantheon’s repo and run automated deployment to the Dev environment.

Once code is ready for testing you can create a pull request to GitHub’s production branch. This is when we pull database/files from production and deploy to Pantheon’s Test environment.

Once we merge to Production branch we do a deployment to Live Pantheon’s environment.

Now you always know what code on Pantheon’s Live environment as it mirrors your Production branch.
To implement this idea we will need three GitHub pipelines:
- Deploy-dev (sync main branch to master in Pantheon and run the release)
- Pull-request-production (deploy to Test Pantheon env when pull request created)
- Deploy-production (deploy to Pantheon
GitHub actions
name: Deploy to Pantheon dev environment | |
on: | |
push: | |
branches: | |
- main | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v1 | |
- uses: shimataro/ssh-key-action@v2 | |
with: | |
key: ${{ secrets.PANTHEON_SSH_KEY }} | |
config: ${{ secrets.SSH_CONFIG }} | |
known_hosts: ${{ secrets.KNOWN_HOSTS }} | |
- name: Install Terminus | |
uses: pantheon-systems/terminus-github-actions@main | |
with: | |
pantheon-machine-token: ${{ secrets.PANTHEON_MACHINE_TOKEN }} | |
- name: deployer | |
env: | |
pantheon_repo: '${{ secrets.PANTHEON_REPO }}' | |
pantheon_site_name: '${{ secrets.PANTHEON_SITE_NAME }}' | |
run: | | |
git remote add pantheon $pantheon_repo | |
git push pantheon HEAD:master --force |
name: Trigger deployment to Test on pull request to Production branch. | |
on: | |
pull_request: | |
branches: | |
- production | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install Terminus | |
uses: pantheon-systems/terminus-github-actions@main | |
with: | |
pantheon-machine-token: ${{ secrets.PANTHEON_MACHINE_TOKEN }} | |
- name: deployer | |
env: | |
pantheon_repo: '${{ secrets.PANTHEON_REPO }}' | |
pantheon_site_name: '${{ secrets.PANTHEON_SITE_NAME }}' | |
run: | | |
terminus env:deploy $pantheon_site_name.test --note="Test deployment: ${{ github.event.pull_request.title }}" | |
terminus env:clone-content --cc --updatedb $pantheon_site_name.live test --yes |
name: Deploy to prod after merge to production branch | |
on: | |
push: | |
branches: | |
- production | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v1 | |
- uses: shimataro/ssh-key-action@v2 | |
with: | |
key: ${{ secrets.PANTHEON_SSH_KEY }} | |
config: ${{ secrets.SSH_CONFIG }} | |
known_hosts: ${{ secrets.KNOWN_HOSTS }} | |
- name: Install Terminus | |
uses: pantheon-systems/terminus-github-actions@main | |
with: | |
pantheon-machine-token: ${{ secrets.PANTHEON_MACHINE_TOKEN }} | |
- name: deployer | |
env: | |
pantheon_site_name: '${{ secrets.PANTHEON_SITE_NAME }}' | |
run: | | |
commit_message=$(git log -1 --pretty=%B) | |
terminus env:deploy $pantheon_site_name.live --note="Prod deployment: $commit_message" | |
terminus env:clear-cache $pantheon_site_name.live |
Introduce Diffy visual regression testing
Once you deploy to the Test environment, you can run visual regression testing automatically, and your results are posted back to the pull request.
For this, you need to specify the Github repo in your project settings

Install Diffy’s check to your GitHub repo.
Modify your pull-request-production pipeline.
name: Trigger deployment to Test on pull request to Production branch. | |
on: | |
pull_request: | |
branches: | |
- production | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install Terminus | |
uses: pantheon-systems/terminus-github-actions@main | |
with: | |
pantheon-machine-token: ${{ secrets.PANTHEON_MACHINE_TOKEN }} | |
- name: deployer | |
env: | |
pantheon_repo: '${{ secrets.PANTHEON_REPO }}' | |
pantheon_site_name: '${{ secrets.PANTHEON_SITE_NAME }}' | |
run: | | |
terminus env:deploy $pantheon_site_name.test --note="Test deployment: ${{ github.event.pull_request.title }}" | |
terminus env:clone-content --cc --updatedb $pantheon_site_name.live test --yes | |
- name: Trigger Diffy testing | |
env: | |
diffy_api_key: '${{ secrets.DIFFY_API_KEY }}' | |
diffy_project_id: '${{ secrets.DIFFY_PROJECT_ID }}' | |
run: | | |
# Download Diffy-CLI. | |
wget https://github.com/diffywebsite/diffy-cli/releases/latest/download/diffy.phar | |
# Authenticate. | |
php diffy.phar auth:login $diffy_api_key | |
# Compare with commit sha so Diffy's github check posts the results. | |
php diffy.phar project:compare $diffy_project_id production staging --commit-sha="${{ github.event.pull_request.head.sha }}" |
As a result, you get the following check in your GitHub pull requests
