rig deploy is the one command that takes a project on your machine and runs it as a live app in a Rigbox workspace. It reads a rig.yaml in the project directory, resolves a target workspace, syncs your code, and brings the service up behind a public subdomain.
It is the single, consolidated deploy verb — it replaced the older rig app deploy and rig workspace deploy commands.
How rig deploy resolves a workspace
rig deploy never makes you name a workspace by hand on every run. It resolves the target in this order:
--workspace <name|id>— an explicit flag always wins..rig.lock— a gitignored, per-project lock file that records the last workspace this project deployed to. If it exists, the redeploy reuses that same workspace.- Spawn a fresh workspace — if neither of the above applies,
rig deploycreates and starts a new workspace, then writes it into.rig.lockso the next deploy reuses it. Pass--name <name>to choose the workspace name.
.rig.lock is per-project and should stay gitignored. It records where this project last deployed, so redeploys are idempotent and never spawn duplicate workspaces. Delete it (or pass --name) to start fresh against a new workspace.The rig.yaml contract
rig.yaml is the source of truth for a deploy. CLI and UI edits to params are transient overlays — the next rig deploy re-applies whatever rig.yaml says.
Single-app shape
Multi-app shape
For a project that runs several services together, use a top-levelworkspace: block and an apps: map. Each app declares a path: to its directory plus its own inline spec.
dependsOn: [api] injects RIGBOX_API_URL (the UPPER_SNAKE of the sibling app name) into the dependent app’s environment, pointing at the sibling over loopback. Boot order follows the dependency graph — api comes up before web. Here only the front door (web) is public; api stays private and is reachable only from web over the loopback URL.
The health contract
The platform gates every deploy on a health check. This is non-negotiable:- Your process must bind
0.0.0.0:<port>— never127.0.0.1orlocalhost, where<port>matchesport:. - It must serve
GET <health.path>→ 2xx quickly. Use a generoustimeoutSeconds: 30 for fast apps, 60–90 wheninstall:does a heavy build (a Next.js or Rails build, for example).
timeoutSeconds, the deploy is marked failed and rolled back — your previously running version stays up.
Deploy modes
rig deploy picks its mode from rig.yaml. There is no --reproducible flag — the presence of a Dockerfile (or prebuilt image) in build: is the only signal.
Standard deploy
With nobuild: block (or a build: that is just a shell command), rig deploy:
- Rsyncs the app directory into the workspace.
- Runs
install:on the VM. - (Re)starts the service.
Reproducible deploy
A Dockerfile in rig.yaml makes the deploy reproducible automatically — no flag.
When build: declares a dockerfile (or a prebuilt image), rig deploy builds a content-addressed image that freezes the environment, boots the workspace from that exact image digest, and then rsyncs your app code on top.
FROM rigbox-base. The platform asserts that its agent and systemd are present and rejects any other base at build time, so you keep the platform’s opinions while layering your own dependencies on top.
The CLI uploads the local project directory as the build context, so no git repo is required. Install dependencies to system paths (e.g. pip
--break-system-packages) so the rsynced code finds them. Keep your app’s own source out of the image — it arrives by rsync.build: has three shapes
The hybrid model: build once, rsync the rest
The reproducible path is hybrid — the slow, stable environment is built once and frozen into an image; fast-changing app code rides over it via rsync. The image is cached keyed by the build inputs — the install/build command, the Dockerfile contents, the base image, the git source, and dependency lockfiles — not your app code. So:Every reproducible deploy also auto-records a release (an image digest + run-config), so you can roll back later. See Releases & Rollback.
When to use which
install:(no Dockerfile) — simple apps with fast installs. The default.build: { dockerfile }— heavier or slower environments you want frozen and byte-identical across deploys.rig deploybuilds and mounts the image for you, and only rebuilds when the build inputs change.
Env, secrets, credentials, params, and visibility
These are all declared inrig.yaml and applied on every deploy.
env— plain environment variables baked into the unit.secrets—[{ name, optional? }]. The value is read from your local environment at deploy time and injected into the VM (it is never stored inrig.yaml). Setoptional: trueto skip cleanly when unset.credentials—[{ generate: true }]. The server mints a random value on first deploy, injected asCRED_<UPPER_KEY>, stable across redeploys.params— server-validated config that is live-editable withrig app param set <key>=<value>. Every param the app reads must setenvVar;selectparams requireoptions: [{ value, label }].visibility—private(default, gateway auth-gates every request),public, or{ emails: [...] }(owner + allow-list). Declare it inrig.yamlso redeploys preserve it. See the Visibility guide.
Blue-green deploys and promotion
For zero-downtime rollouts, stage a change, verify it, then swap production over atomically — either a whole-workspace clone (rig deploy --bluegreen preview) or an in-VM sibling (rig deploy --bluegreen <suffix>), each cut over with --promote. See Blue-green deploys & promotion for both flows, the service-host-vs-live-environment boundary, and rollback.
Deploy via the API
rig deploy orchestrates several REST calls. The image build step maps to the builds endpoint, and the resulting digest is recorded as a release. For endpoints without a dedicated command, rig api sends a raw authenticated request:
rig build command.
Next steps
- Persistent Volumes — durable storage that survives redeploys and stop→start.
- Releases & Rollback — pin and roll back image digests.
- Visibility — private, public, and email-allow-listed apps.
- Expose and Route — how apps map to subdomains.
- The Rigbox CLI — the full command surface.