Skip to main content

Configuring Workflow Actions

The backend of Harness IDP workflows consists of a library of steps and actions that define the workflow logic.

Workflow Actions in IDP are integration points with third-party tools that take inputs from workflows and execute specific tasks based on user input. Workflows include built-in actions for fetching content, registering services in the catalog, and creating/publishing Git repositories.

Defining Workflow Actions

You can configure the backend using the spec.steps field in your YAML configuration. These steps serve as core execution units, triggering actions and orchestrating pipelines. Input details from the frontend are passed to the backend, enabling task execution.

YAML Syntax

steps:
- id: step_id
name: Step Name
action: action_name
input:
key: value
output:
key: value

YAML Breakdown

  • id – A unique identifier for the step, used to reference it in later steps.
  • name – A human-readable label for the step.
  • action – Specifies the workflow action to execute (e.g., trigger:harness-custom-pipeline, publish:github).
  • input – Defines the parameters required by the action. These vary depending on the action used.

Example (for trigger:harness-custom-pipeline):

input:
url: "https://app.harness.io/ng/account/..."
inputset:
project_name: ${{ parameters.project_name }}
github_repo: ${{ parameters.github_repo }}

Here, url specifies the Harness pipeline, and inputset are the parameters provided by the user, to be used as an input for the pipeline mentioned in the URL.

  • output – Stores results from the action, which can be used in later steps.

Example (for storing a generated file path):

output:
filePath: '{{ steps.generate.outputs.file }}'

This allows other steps to reference the generated filePath.

Supported Actions

You can find a list of all registered Workflow actions under:

  1. Click on the three dots in the top right corner of the Workflows page. Select Installed Actions.
  2. You'll be able to see all the supported actions here.

Let's dive deeper into each supported action.

1. trigger:harness-custom-pipeline

This action triggers a Harness pipeline using a provided URL and user-defined input variables. It supports various pipeline configurations, including:

##Example
...
steps:
- id: trigger
name: Creating your React app
action: trigger:harness-custom-pipeline
input:
url: "https://app.harness.io/ng/account/..."
inputset:
project_name: ${{ parameters.project_name }}
github_repo: ${{ parameters.github_repo }}
apikey: ${{ parameters.token }}
hidePipelineURLLog: true
output:
text:
- title: Pipeline Execution
content: "Execution URL: `${{ steps.trigger.output.url }}`"

Inputs

Here's a list of inputs required to use the action:

NameTitleDescriptionType
url (Mandatory)Pipeline URLURL of the pipeline you want to executestring
inputset (Mandatory)Pipeline InputsetRequired input set for the pipeline to executeobject
apikeyHarness x-api-keyHarness Token to Authenticate Pipeline Executionstring
apiKeySecretHarness secretHarness secret to which contains x-api-keystring
hidePipelineURLLogHide Pipeline URLParameter to hide pipeline url from the execution logsboolean
showOutputVariablesShow Output VariablesParameter to show output variables exported from a pipeline from the execution logsboolean

Let's dive into these inputs in detail:

  1. url: Pipeline execution URL

Note: For pipelines using Git Experience make sure your URL includes branch and repoName e.g., https://app.harness.io/ng/account/accountID/module/idp/orgs/orgID/projects/projectID/pipelines/pipelineID?repoName=repo-name&branch=branch

  1. inputset: Key-value pairs of pipeline variables

In the YAML example above, under inputset, values such as project_name and github_repo are placeholders for pipeline variable names. You can use the reference format <+pipeline.variables.VARIABLE_NAME> directly within the inputset key-value pairs. For example, instead of simply specifying the variable name, you can reference the pipeline variable like this:

...
inputset:
pipeline.variables.project_name: ${{ parameters.project_name }}
pipeline.variables.github_repo: ${{ parameters.github_repo }}
...
...

To obtain these references, simply copy the variable path from the Harness Pipeline Studio UI. Please make sure to remove <+ & > from the expression copied from UI.

Support for Stage Variables and Pipeline Templates

In addition to pipeline variables, you can also reference stage variables within the inputset. Here’s how each type of variable can be referenced:

  • Stage variable reference: pipeline.stages.STAGE_IDENTIFIER.variables.VARIABLE_NAME

If you need to reference lower-level variables (such as stage, step group, and step variables) from outside their original scope, you must include the relative path to that variable. For instance, if you want to reference a stage variable from a different stage, you should use the format, pipeline.stages.originalStageID.variables.variableName

Instead of the simpler stage.variables.variableName. This fully qualified path ensures the correct variable is referenced across stages, step groups, or steps.

inputset:
pipeline.variables.project_name: ${{ parameters.project_name }}
pipeline.stages.originalStageID.variables.github_repo: ${{ parameters.github_repo }}

To obtain these references, simply copy the variable path from the Harness Pipeline Studio UI and remove the special characters <+ and >.

Note: This is the only way to reference stage variables and pipelines using templates with variables under inputset. Without the fully qualified path, the input will not be valid.

Variables under inputsetWhat's Supported
Variable name (variable_name)Supported with Pipelines Variables for IDP stage, custom stage and Codebase Disabled build stage along Pipelines not containing any templates.
Variable name with Fully Qualified Path (pipeline.variables.variable_name)Supported with Pipelines Variables for all supported stages and Pipelines containing any templates.
  1. apikey: User Session Token

Learn more about this authentication mode in detail here.

  • The user's session token is used to trigger the Harness Pipeline.
  • The user must have execute permissions for the underlying pipeline(s) to ensure successful execution.

You can trigger a pipeline in Harness IDP Workflows using the user session token mode by specifying the token setup in your parameters.properties section of the Workflow YAML.

1. Defining the token setup:

This is defined under the parameter.properties spec to extract the user session token. This token is then used to execute the pipeline.

warning

The token property used to fetch the Harness Auth Token is hidden on the Review Step using ui:widget: password. However, for this to function correctly in a multi-page workflow, the token property must be included under the first page.

parameters:
- title: <PAGE-1 TITLE>
properties:
property-1:
title: title-1
type: string
property-2:
title: title-2
token:
title: Harness Token
type: string
ui:widget: password
ui:field: HarnessAuthToken
- title: <PAGE-2 TITLE>
properties:
property-1:
title: title-1
type: string
property-2:
title: title-2
- title: <PAGE-n TITLE>
```YAML
token:
title: Harness Token
type: string
ui:widget: password
ui:field: HarnessAuthToken

2. Referencing the token in the steps spec of the Workflow YAML:

You'll need to reference the token within the steps section using the following format:

apikey: ${{ parameters.token }}
  1. apiKeySecret: Harness API Key Secret

Learn more about this authentication mode in detail here.

  • A pre-configured Harness API Key is used to trigger the Harness Pipeline.
  • The user does not need direct access to the underlying pipeline(s); however, the API key must have the execute permissions for the underlying pipeline(s).

You can also trigger a pipeline in an IDP Workflow using a pre-configured Harness API Key. Here's how you can set this up:

Referencing the secret in the steps spec:

apiKeySecret: ${{ secretId }}

Here, secretId refers to the identifier of the secret which stores the Harness API Key. You can retrieve this secretId from the Harness Secret Manager.

  1. hidePipelineURLLog: Boolean to hide logs (optional)

  2. showOutputVariables: Boolean to display pipeline output variables (optional)

Outputs

  1. Title : Name of the Pipeline.
  2. url : Execution URL of the Pipeline e.g.: https://app.harness.io/ng/account/********************/module/idp-admin/orgs/default/projects/communityeng/pipelines/uniteddemo/executions/**********/pipeline?storeType=INLINE

Once you create the workflow with this Workflow action, you can see the pipeline URL running in the background and executing the flow.

You can now optionally remove the pipeline URL from the workflow execution logs, for this you need to use the boolean property hidePipelineURLLog and set the value as true.

## Example
steps:
- id: trigger
name: Creating your react app
action: trigger:harness-custom-pipeline
input:
url: "Pipeline URL"
hidePipelineURLLog: true
inputset:
project_name: ${{ parameters.project_name }}
apikey: ${{ parameters.token }}
  1. You can as well configure the output to display the pipeline output variables, by setting the showOutputVariables: true under inputsand adding output as shown in the example below:
...
## Example
steps:
- id: trigger
...
inputset:
project_name: ${{ parameters.project_name }}
apikey: ${{ parameters.token }}
showOutputVariables: true
output:
text:
- title: Output Variable
content: |
Output Variable **test2** is `${{ steps.trigger.output.test2 }}`
- title: Another Output Variable
content: |
Output Variable **test1** with fqnPath is `${{ steps.trigger.output['pipeline.stages.testci.spec.execution.steps.Run_1.output.outputVariables.test1'] }}`
...
info

Only user defined output variables are allowed, but you can as well use the system generated variables by assigning them as a new variable under shell script step as displayed below. For e.g. we have mentioned the system generated output as jira_id and under Optional Configuration added a test-var which becomes a user defined output variable and could be displayed as output in the IDP workflows.

There are two ways in which you can add the output variable to the template syntax.

  1. You can directly mention the output variable name ${{ steps.trigger.output.test2 }}, here test2 is the output variable name we created in the pipeline.

  2. You can copy the JEXL expression of the output variable and remove the JEXL constructs, ${{ steps.trigger.output['pipeline.stages.testci.spec.execution.steps.Run_1.output.outputVariables.test1'] }}, here the part pipeline.stages.testci.spec.execution.steps.Run_1.output.outputVariables.test1 comes from <+pipeline.stages.testci.spec.execution.steps.Run_1.output.outputVariables.test2> copied from execution logs.

Example

...
## Example
steps:
- id: trigger
name: Creating your react app
action: trigger:harness-custom-pipeline
input:
url: "https://app.harness.io/ng/account/..."
inputset:
project_name: ${{ parameters.project_name }}
github_repo: ${{ parameters.github_repo }}
pipeline.variables.cloud_provider: ${{ parameters.provider }}
db: ${{ parameters.db }}
cache: ${{ parameters.cache }}
apikey: ${{ parameters.token }}
showOutputVariables: true
output:
text:
- title: Output Variable
content: |
Output Variable **test2** is `${{ steps.trigger.output.test2 }}`
- title: Another Output Variable
content: |
Output Variable **test1** with fqnPath is `${{ steps.trigger.output['pipeline.stages.testci.spec.execution.steps.Run_1.output.outputVariables.test1'] }}`
...

2. trigger:trigger-pipeline-with-webhook

This Workflow action could be used to trigger a pipeline execution based on the input-set identifier and a webhook name. Usually a single deployment pipeline has different input-set as per the environment it's going to be deployed and developers can just specify the input-set ID aligning with the environment name to trigger the deployment pipeline.

Developers need to mention the input set identifier instead of the name in the workflows input, usually identifier are names devoid of any special characters and spaces, e.g., input set-test name would have an identifier as inputsettest. It is suggested to provide all the available input-set as enums in the template to avoid any ambiguity by developers.

Here's an example workflow based on this source.

Inputs

Here's a list on inputs used for this action:

NameTitleType
url (Mandatory)Pipeline URLstring
inputSetName (Mandatory)Input Set Namestring
triggerName (Mandatory)Trigger Namestring
apiKeyHarness API Keystring

Outputs

NameTitle
API URLWebhook URL used for execution
Pipeline DetailsRedirects to the Harness Pipeline Editor
Execution URLRecent executions of the pipeline

Example

steps:
- id: trigger
name: Triggering pipeline via webhook
action: trigger:trigger-pipeline-with-webhook
input:
url: "YOUR_PIPELINE_URL"
inputSetName: ${{ parameters.inputSetName }}
triggerName: ${{ parameters.triggerName }}
apikey: ${{ parameters.token }}

3. harness:create-secret

This action is used to create a secret in Harness.

Inputs

Here's a list of inputs required to use the action:

NameTitleDescriptionType
projectId (Mandatory)Project IdentifierProject Identifier where secret will be createdstring
orgId (Mandatory)Organization IdentifierOrganization Identifier where secret will be createdstring
secretValue (Mandatory)Secret ValueSecret Valuestring
apikeyHarness x-api-keyHarness Token to Authenticate Secret Creationstring

Output

Here's what we get as an output from the action:

NameTitleType
secretIdSecret Identifier createdstring

4. harness:delete-secret

This action is used to delete a secret from Harness.

Inputs

Here's a list of inputs required to use the action:

NameTitleDescriptionType
projectId (Mandatory)Project IdentifierProject Identifier where secret will be createdstring
orgId (Mandatory)Organization IdentifierOrganization Identifier where secret will be createdstring
secretId (Mandatory)Secret IdentifierSecret identifier which is to be deletedstring
apikeyHarness x-api-keyHarness Token to Authenticate Secret Creationstring

5. debug:log

This action is used to write a message into the log or list all the files in your workspace.

Inputs

Here's a list of inputs required to use the action:

NameTitleType
messageMessage to outputstring
listWorkspaceList all files in the workspace, if trueboolean
extraExtra infounknown

Example YAML

Write a debug message:

steps:
- action: debug:log
id: write-debug-line
name: Write "Hello Harness!" log line
input:
message: Hello Harness!

List the workspace directory:

steps:
- action: debug:log
id: write-workspace-directory
name: List the workspace directory
input:
listWorkspace: true

7. debug:wait

This action is used to add a waiting period for certain time.

Inputs

Here's a list of inputs required to use this action:

NameTitleType
minutesWaiting period in minutesnumber
secondsWaiting period in secondsnumber
millisecondsWaiting period in millisecondsnumber

Example YAML

steps:
- action: debug:wait
id: wait-1min
name: Waiting for 1 minutes
input:
minutes: 1

Use Cases

1. Hiding Logs

To prevent displaying pipeline URLs in workflow execution logs, use hidePipelineURLLog: true.

steps:
- id: trigger
name: Create React App
action: trigger:harness-custom-pipeline
input:
url: "Pipeline URL"
hidePipelineURLLog: true
inputset:
project_name: ${{ parameters.project_name }}
apikey: ${{ parameters.token }}

2. Using Parameters as Conditions

You can conditionally execute steps based on parameters.

steps:
- id: deploy
name: Deploy App
action: trigger:harness-custom-pipeline
input:
url: "YOUR_PIPELINE_URL"
inputset:
project_name: ${{ parameters.project_name }}
if: "${{ parameters.environment == 'production' }}"

Workflow Actions Usage Limitations

Workflow ActionsPipelines and Stages
trigger:harness-custom-pipelineSupports only IDP Stage along with the Deploy Stage, Custom Stage(Available with Harness CD License or Free Tier usage), Pipelines using Pipeline Templates and codebase disabled Build Stage(Only Available with Harness CI License) with Run step
trigger:trigger-pipeline-with-webhookSupports all the pipelines with a custom webhook based trigger