Skip to main content
rig deploy is the one command that takes a project on your machine and runs it as a live app in a Rigbox workspace. It reads a rig.yaml in the project directory, resolves a target workspace, syncs your code, and brings the service up behind a public subdomain. It is the single, consolidated deploy verb — it replaced the older rig app deploy and rig workspace deploy commands.
That’s the whole workflow for most projects. The rest of this guide explains what happens under the hood and how to control it.

How rig deploy resolves a workspace

rig deploy never makes you name a workspace by hand on every run. It resolves the target in this order:
  1. --workspace <name|id> — an explicit flag always wins.
  2. .rig.lock — a gitignored, per-project lock file that records the last workspace this project deployed to. If it exists, the redeploy reuses that same workspace.
  3. Spawn a fresh workspace — if neither of the above applies, rig deploy creates and starts a new workspace, then writes it into .rig.lock so the next deploy reuses it. Pass --name <name> to choose the workspace name.
.rig.lock is per-project and should stay gitignored. It records where this project last deployed, so redeploys are idempotent and never spawn duplicate workspaces. Delete it (or pass --name) to start fresh against a new workspace.

The rig.yaml contract

rig.yaml is the source of truth for a deploy. CLI and UI edits to params are transient overlays — the next rig deploy re-applies whatever rig.yaml says.

Single-app shape

Multi-app shape

For a project that runs several services together, use a top-level workspace: block and an apps: map. Each app declares a path: to its directory plus its own inline spec.
dependsOn: [api] injects RIGBOX_API_URL (the UPPER_SNAKE of the sibling app name) into the dependent app’s environment, pointing at the sibling over loopback. Boot order follows the dependency graph — api comes up before web. Here only the front door (web) is public; api stays private and is reachable only from web over the loopback URL.
Keep public surface minimal: mark only the user-facing app public and leave internal services at the default private. Dependents reach them via the injected RIGBOX_<NAME>_URL, not the internet.

The health contract

The platform gates every deploy on a health check. This is non-negotiable:
  1. Your process must bind 0.0.0.0:<port> — never 127.0.0.1 or localhost, where <port> matches port:.
  2. It must serve GET <health.path> → 2xx quickly. Use a generous timeoutSeconds: 30 for fast apps, 60–90 when install: does a heavy build (a Next.js or Rails build, for example).
If health never goes green within timeoutSeconds, the deploy is marked failed and rolled back — your previously running version stays up.

Deploy modes

rig deploy picks its mode from rig.yaml. There is no --reproducible flag — the presence of a Dockerfile (or prebuilt image) in build: is the only signal.

Standard deploy

With no build: block (or a build: that is just a shell command), rig deploy:
  1. Rsyncs the app directory into the workspace.
  2. Runs install: on the VM.
  3. (Re)starts the service.
This is the default and fits most apps with fast installs.

Reproducible deploy

A Dockerfile in rig.yaml makes the deploy reproducible automatically — no flag.
When build: declares a dockerfile (or a prebuilt image), rig deploy builds a content-addressed image that freezes the environment, boots the workspace from that exact image digest, and then rsyncs your app code on top.
The Dockerfile must be FROM rigbox-base. The platform asserts that its agent and systemd are present and rejects any other base at build time, so you keep the platform’s opinions while layering your own dependencies on top.
The CLI uploads the local project directory as the build context, so no git repo is required. Install dependencies to system paths (e.g. pip --break-system-packages) so the rsynced code finds them. Keep your app’s own source out of the image — it arrives by rsync.

build: has three shapes

The hybrid model: build once, rsync the rest

The reproducible path is hybrid — the slow, stable environment is built once and frozen into an image; fast-changing app code rides over it via rsync. The image is cached keyed by the build inputs — the install/build command, the Dockerfile contents, the base image, the git source, and dependency lockfiles — not your app code. So:
Editing the Dockerfile or a lockfile changes a build input, so the next deploy rebuilds the image. Editing only app code reuses the cached image and just rsyncs the change — no rebuild, no re-install.
Every reproducible deploy also auto-records a release (an image digest + run-config), so you can roll back later. See Releases & Rollback.

When to use which

  • install: (no Dockerfile) — simple apps with fast installs. The default.
  • build: { dockerfile } — heavier or slower environments you want frozen and byte-identical across deploys. rig deploy builds and mounts the image for you, and only rebuilds when the build inputs change.

Env, secrets, credentials, params, and visibility

These are all declared in rig.yaml and applied on every deploy.
  • env — plain environment variables baked into the unit.
  • secrets[{ name, optional? }]. The value is read from your local environment at deploy time and injected into the VM (it is never stored in rig.yaml). Set optional: true to skip cleanly when unset.
  • credentials[{ generate: true }]. The server mints a random value on first deploy, injected as CRED_<UPPER_KEY>, stable across redeploys.
  • params — server-validated config that is live-editable with rig app param set <key>=<value>. Every param the app reads must set envVar; select params require options: [{ value, label }].
  • visibilityprivate (default, gateway auth-gates every request), public, or { emails: [...] } (owner + allow-list). Declare it in rig.yaml so redeploys preserve it. See the Visibility guide.

Blue-green deploys and promotion

For zero-downtime rollouts, stage a change, verify it, then swap production over atomically — either a whole-workspace clone (rig deploy --bluegreen preview) or an in-VM sibling (rig deploy --bluegreen <suffix>), each cut over with --promote. See Blue-green deploys & promotion for both flows, the service-host-vs-live-environment boundary, and rollback.

Deploy via the API

rig deploy orchestrates several REST calls. The image build step maps to the builds endpoint, and the resulting digest is recorded as a release. For endpoints without a dedicated command, rig api sends a raw authenticated request:
See Releases & Rollback for the release lifecycle and the rig build command.

Next steps