Deploying to the Onchain Registry

The public onchain registry is the Workflow Registry contract on Ethereum Mainnet. Deploying to it records your workflow onchain — your linked wallet address becomes the workflow owner and every lifecycle operation (deploy, activate, pause, update, delete) submits a transaction to that contract.

For a lower-friction alternative that requires no wallet or gas for registry management, see Deploying to the Private Registry.

Prerequisites

Before deploying to the onchain registry, ensure you have:

  • Early Access approval: Run cre account access to check your status or submit a request. See Requesting Deploy Access.
  • Authenticated: Logged in via cre login or using an API key (CRE_API_KEY). To verify, run cre whoami.
  • Linked your key: Linked your EOA or multi-sig wallet to your CRE organization by running cre account link-key. See Linking Wallet Keys for instructions.
  • A funded wallet: The account you are deploying from must hold ETH on Ethereum Mainnet to pay gas for the registration transaction.
  • CRE_ETH_PRIVATE_KEY in your .env: Your wallet's private key, used by the CLI to sign registry transactions.
  • An Ethereum Mainnet RPC URL in project.yaml: Required for the CLI to submit transactions. Example: https://ethereum-rpc.publicnode.com.
  • A workflow project: An existing project created with cre init. See Part 1: Project Setup for the TypeScript guide or Go guide.

The deployment process

The cre workflow deploy command handles the entire end-to-end process:

  1. Compiles your workflow to a WASM binary.
  2. Uploads the compiled binary and any associated configuration files to the CRE Storage Service.
  3. Registers the workflow onchain by submitting a transaction to the Workflow Registry contract on Ethereum Mainnet. Your wallet must have ETH for gas fees, and your project.yaml must include an RPC configuration for ethereum-mainnet. The transaction contains the workflow's name, owner, and artifact URLs.

Step 1: Ensure your configuration is correct

Before deploying, ensure your workflow.yaml file is correctly configured. The workflow-name field is required under the user-workflow section for your target environment.

When you run cre init, the wizard prompts you to select a deployment registry after entering your workflow name. Selecting onchain:ethereum-mainnet writes deployment-registry: "onchain:ethereum-mainnet" into the generated workflow.yaml automatically. If you chose the onchain registry during init, your config is already set.

If you initialized without selecting a registry, or are adding a new target, add deployment-registry: "onchain:ethereum-mainnet" explicitly. The field is optional — when omitted the CLI defaults to onchain — but setting it is recommended to make the intent clear.

# workflow.yaml
production-settings:
  user-workflow:
    workflow-name: "my-workflow-production"
    deployment-registry: "onchain:ethereum-mainnet"
  workflow-artifacts:
    workflow-path: "./main.ts" # Go: "."
    config-path: "./config.production.json"
    secrets-path: ""

If you are deploying from a multi-sig wallet, specify your multi-sig address in the workflow-owner-address field. If deploying from a standard EOA, leave this field out — the owner is automatically derived from CRE_ETH_PRIVATE_KEY in your .env file.

For more details on configuration, see the Project Configuration reference.

Step 2: Run the deploy command

From your project root directory, run the deploy command with the path to your workflow folder:

cre workflow deploy <workflow-folder-path> [flags]

Example command targeting the production-settings environment:

cre workflow deploy my-workflow --target production-settings

Available flags:

FlagDescription
--targetSets the target environment from your configuration files (e.g., production-settings)
--outputThe output file for the compiled WASM binary (default: "./binary.wasm.br.b64")
--wasmPath to a pre-built WASM binary (skips compilation). Useful in CI/CD pipelines
--configOverride the config file path from workflow.yaml
--no-configDeploy without a config file
--unsignedReturn the raw transaction instead of broadcasting it (for multi-sig wallets)
--yesSkip confirmation prompts and proceed with the operation
--project-rootPath to the project root directory
--envPath to your .env file (default: ".env")
--verboseEnable verbose logging to print DEBUG level logs

Step 3: Monitor the output

The CLI provides detailed logs of the compilation, upload, and the onchain registration transaction:

> cre workflow deploy my-workflow --target production-settings

Deploying Workflow :     my-workflow
Target :                 production-settings
Owner Address :          <your-owner-address>

Compiling workflow...
Workflow compiled successfully

Verifying ownership...
Workflow owner link status: owner=<your-owner-address>, linked=true
Key ownership verified

Uploading files...
✔ Loaded binary from: ./binary.wasm.br.b64
✔ Uploaded binary to: https://storage.cre.example.com/artifacts/<workflow-id>/binary.wasm
✔ Loaded config from: ./config.json
✔ Uploaded config to: https://storage.cre.example.com/artifacts/<workflow-id>/config

Preparing deployment transaction...
Preparing transaction for workflowID: <your-workflow-id>
Transaction details:
  Chain Name:   ethereum-mainnet
  To:           0x4Ac54353FA4Fa961AfcC5ec4B118596d3305E7e5
  Function:     UpsertWorkflow
  Inputs:
    [0]:        my-workflow
    [1]:        my-workflow
    [2]:        <your-workflow-id>
    [3]:        0
    [4]:        zone-a
    [5]:        https://storage.cre.example.com/artifacts/<workflow-id>/binary.wasm
    [6]:        https://storage.cre.example.com/artifacts/<workflow-id>/config
    [7]:        0x
    [8]:        false
  Data:         b377bfc50000000000000000000000000000000000...
Estimated Cost:
  Gas Price:      0.00100001 gwei
  Total Cost:     0.00000079 ETH
? Do you want to execute this transaction?:
  ▸ Yes
    No

Transaction confirmed
View on explorer: https://etherscan.io/tx/0x58599f6...d916b

✓ Workflow deployed successfully

Details:
   Registry:         onchain:ethereum-mainnet
   Contract address: 0x4Ac54353FA4Fa961AfcC5ec4B118596d3305E7e5
   Transaction hash: 0x58599f6...d916b
   Workflow Name:    my-workflow
   Workflow ID:      <your-workflow-id>
   Binary URL:       https://storage.cre.example.com/artifacts/<workflow-id>/binary.wasm
   Config URL:       https://storage.cre.example.com/artifacts/<workflow-id>/config

Verifying your deployment

After a successful deployment, verify your workflow was registered correctly:

  1. CLI: Run cre workflow list to see every workflow registered to your organization and its current status.

  2. CRE UI: View your deployed workflow in the CRE platform. Navigate to the Workflows section to see the workflow's status, ID, and execution history.

  3. Block Explorer: The CLI output includes the transaction hash. The WorkflowRegistry contract is deployed on Ethereum Mainnet at 0x4Ac54353FA4Fa961AfcC5ec4B118596d3305E7e5.

CI/CD pipeline integration

The cre workflow build and cre workflow deploy commands can run as independent steps, making it straightforward to integrate CRE deployments into CI/CD pipelines.

The separation gives you two key benefits:

  • Build once, deploy many times — Compile your workflow to a WASM binary in a build step, then promote that exact binary to staging and production without recompiling. This ensures the artifact you tested is the artifact you deploy.
  • Verify before deploying — Use cre workflow hash after building to record and verify content hashes before submitting a deployment transaction.

Example: GitHub Actions

The following example shows a two-job pipeline: a build job that compiles and uploads the WASM artifact, and a deploy job that downloads and deploys that exact binary.

# .github/workflows/deploy.yml
name: Deploy Workflow

on:
  push:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install CRE CLI
        run: curl -sSL https://github.com/smartcontractkit/cre-cli/releases/latest/download/install.sh | sh

      - name: Build workflow
        run: cre workflow build ./my-workflow --output ./my-workflow/binary.wasm --non-interactive
        env:
          CRE_API_KEY: ${{ secrets.CRE_API_KEY }}

      - name: Display content hashes
        run: cre workflow hash ./my-workflow --wasm ./my-workflow/binary.wasm --target production-settings --non-interactive
        env:
          CRE_API_KEY: ${{ secrets.CRE_API_KEY }}
          CRE_ETH_PRIVATE_KEY: ${{ secrets.CRE_ETH_PRIVATE_KEY }}

      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: workflow-binary
          path: ./my-workflow/binary.wasm

  deploy:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install CRE CLI
        run: curl -sSL https://github.com/smartcontractkit/cre-cli/releases/latest/download/install.sh | sh

      - name: Download artifact
        uses: actions/download-artifact@v4
        with:
          name: workflow-binary
          path: ./my-workflow

      - name: Deploy workflow
        run: cre workflow deploy ./my-workflow --wasm ./my-workflow/binary.wasm --target production-settings --yes --non-interactive
        env:
          CRE_API_KEY: ${{ secrets.CRE_API_KEY }}
          CRE_ETH_PRIVATE_KEY: ${{ secrets.CRE_ETH_PRIVATE_KEY }}
          INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }}

Using multi-sig wallets

The deploy command supports multi-sig wallets through the --unsigned flag. When using this flag, the CLI generates raw transaction data that you can submit through your multi-sig wallet interface instead of sending the transaction directly.

For complete setup instructions, configuration requirements, and step-by-step guidance, see Using Multi-sig Wallets.

Next steps

Get the latest Chainlink content straight to your inbox.