# Deploying and Activating Solutions

> Deploy a solution package to a target folder and activate it in Orchestrator.

After uploading a solution package to Solutions, you can deploy it to a target folder and activate it to make it operational.

:::tip Trusting custom certificates
For Orchestrator instances signed by a private Certificate Authority (such as UiPath Automation Suite), both `deploy` and `deploy-activate` also accept `--ca-cert` and `--pinnedpubkey` parameters. See [Trusting custom certificates](https://docs.uipath.com/cicd-integrations/standalone/2025.10/user-guide/trusting-custom-certificates) for scenarios and examples.
:::

## Deployment workflow

Deploying a solution is a two-step process:

1. Deploy: Create a deployment configuration and associate the package with a target folder.
2. Activate: Make the deployment live and operational.

This separation allows you to prepare deployments in advance and activate them during maintenance windows or after manual approval.

## Deploying a solution

The `deploy` command creates a deployment of a solution package in a specific environment.

### Command syntax

```bash
uipcli solution deploy <package-name> [options]
```

#### Parameters

| Parameter | Description | Required |
|-----------|-------------|----------|
| `<package-name>` | Name of the uploaded package | Yes |
| `-v` or `--version` | Package version to deploy | Yes |
| `-d` or `--deploymentName` | Name for this deployment | Yes |
| `-f` or `--deploymentFolderName` | Target folder name in Orchestrator | Yes |
| `-U` | Orchestrator URL | Yes |
| `-T` | Tenant name | Yes |
| `-A` | Organization name | Yes |
| `-I` | External App ID | Yes |
| `-S` | External App secret | Yes |
| `--applicationScope` | Optional scopes (defaults applied) | No |
| `--deploymentParentFolder` | The Orchestrator folder where the deployment folder will be created. If not specified, the deployment folder will be created in tenant folder. When specified, deployment will be under respective folder. When set to "__exampleuser@org.com__'s workspace", the deployment will be under personal workspace for specified user. | No |
| `--configPath` | Local path to solution configuration file; needed in scenarios with overwriting bindings. See Downloading Solution Packages and Configs for details on obtaining configuration files. | No |
| `--traceLevel` | Logging level | No |
| `--ca-cert` | Trusted root CA file(s) (PEM, DER, or PKCS#7) for the Orchestrator/Identity TLS certificate. Repeat or comma-separate. See [Trusting custom certificates](https://docs.uipath.com/cicd-integrations/standalone/2025.10/user-guide/trusting-custom-certificates). | No |
| `--pinnedpubkey` | Pin the leaf public key (`sha256//<base64>`). See [Trusting custom certificates](https://docs.uipath.com/cicd-integrations/standalone/2025.10/user-guide/trusting-custom-certificates). | No |

:::note **Default Application Scopes for Solutions**
When using external application authentication without specifying the `--applicationScope` parameter, the CLI automatically applies these default Solution scopes:

`Solutions.Packages Solutions.Deployments OR.Execution`

**Important:** All three scopes are required for all Solution-related CLI commands. These scopes are grouped together to provide comprehensive coverage for all available Solution commands and must be configured collectively rather than individually per command.
:::

:::important
If a deployment with the same name already exists at any level within the tenant in Orchestrator, this operation upgrades the existing deployment instead of creating a new one. If the existing deployment is in Failed state, the upgrade does not proceed; resolve or uninstall the failed deployment before retrying.
:::

:::important
Solutions deployed at the tenant level do not automatically assign a user to the resulting folder. To assign an account, ensure the appropriate configuration is set in Orchestrator (Tenant > Folders).
:::

### Authentication

See [Authentication and scopes](https://docs.uipath.com/cicd-integrations/standalone/2025.10/user-guide/solutions-authentication-and-scopes) for required scopes and External App setup.

### Example

```bash
uipcli solution deploy MySolution \
  -v 1.2.3 \
  -d MySolution-Prod-v1.2.3 \
  -f Production \
  -U https://cloud.uipath.com/ \
  -T DefaultTenant \
  -A myorg \
  -I 12345678-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
  -S **** \
  --applicationScope "AutomationSolutions Solutions.Deployments Solutions.Deployments.Read Solutions.Deployments.Write Solutions.Packages Solutions.Packages.Read Solutions.Packages.Write" \
  --traceLevel Information
```

### Deployment naming conventions

Choose meaningful deployment names that include:

- Solution name
- Environment identifier
- Version or date

#### Examples
```
MySolution-Dev-v1.2.3
MySolution-Test-2025-01-15
MySolution-Prod-Release-1.2.3
InvoiceProcessing-Production-v2.0.0
```

This makes it easier to track and manage deployments across environments.

### What happens during deployment

When you run the deploy command:

1. The package is validated in Solutions.
2. A deployment configuration is created.
3. The deployment is associated with the target folder.
4. Environment-specific bindings are initialized.
5. The deployment is prepared but not yet active.

The Solution does not start executing processes until you activate it.

## Activating a deployment

The `deploy-activate` command makes a deployment live and operational.

### Command syntax

```bash
uipcli solution deploy-activate <deployment-name> [options]
```

#### Parameters

| Parameter | Description | Required |
|-----------|-------------|----------|
| `<deployment-name>` | Name of the deployment to activate | Yes |
| `-U` | Orchestrator URL | Yes |
| `-T` | Tenant name | Yes |
| `-A` | Organization name | Yes |
| `-I` | External App ID | Yes |
| `-S` | External App secret | Yes |
| `--applicationScope` | Required scopes | Yes |
| `--traceLevel` | Logging level | No |
| `--ca-cert` | Trusted root CA file(s) (PEM, DER, or PKCS#7) for the Orchestrator/Identity TLS certificate. Repeat or comma-separate. See [Trusting custom certificates](https://docs.uipath.com/cicd-integrations/standalone/2025.10/user-guide/trusting-custom-certificates). | No |
| `--pinnedpubkey` | Pin the leaf public key (`sha256//<base64>`). See [Trusting custom certificates](https://docs.uipath.com/cicd-integrations/standalone/2025.10/user-guide/trusting-custom-certificates). | No |

### Authentication

See [Authentication and scopes](https://docs.uipath.com/cicd-integrations/standalone/2025.10/user-guide/solutions-authentication-and-scopes) for required scopes and External App setup.

### Example

```bash
uipcli solution deploy-activate MySolution-Prod-v1.2.3 \
  -U https://cloud.uipath.com/ \
  -T DefaultTenant \
  -A myorg \
  -I 12345678-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
  -S **** \
  --applicationScope "AutomationSolutions Solutions.Deployments Solutions.Deployments.Read Solutions.Deployments.Write Solutions.Packages Solutions.Packages.Read Solutions.Packages.Write" \
  --traceLevel Information
```

### What happens during activation

When you activate a deployment:

1. The deployment becomes the active version in the target folder.
2. Triggers are activated.
3. Any previously active deployment in the same folder is deactivated.

## CI/CD pipeline integration

### Complete deployment workflow

```yaml
steps:
  # 1. Pack the Solution
  - name: Pack Solution
    run: |
      uipcli solution pack ./MySolution \
        --output ./packages \
        --version "1.0.${{ github.run_number }}"

  # 2. Upload to Solutions Management
  - name: Upload Package
    run: |
      uipcli solution upload-package ./packages/MySolution.1.0.${{ github.run_number }}.zip \
        -U ${{ secrets.ORCHESTRATOR_URL }} \
        -T ${{ secrets.ORCHESTRATOR_TENANT }} \
        -A ${{ secrets.ORG_NAME }} \
        -I ${{ secrets.EXTERNAL_APP_ID }} \
        -S ${{ secrets.EXTERNAL_APP_SECRET }} \
        --applicationScope "AutomationSolutions Solutions.Packages Solutions.Packages.Write"

  # 3. Deploy to target environment
  - name: Deploy Solution
    run: |
      uipcli solution deploy MySolution \
        -v "1.0.${{ github.run_number }}" \
        -d "MySolution-Prod-v1.0.${{ github.run_number }}" \
        -f Production \
        -U ${{ secrets.ORCHESTRATOR_URL }} \
        -T ${{ secrets.ORCHESTRATOR_TENANT }} \
        -A ${{ secrets.ORG_NAME }} \
        -I ${{ secrets.EXTERNAL_APP_ID }} \
        -S ${{ secrets.EXTERNAL_APP_SECRET }} \
        --applicationScope "AutomationSolutions Solutions.Deployments Solutions.Deployments.Read Solutions.Deployments.Write Solutions.Packages Solutions.Packages.Read Solutions.Packages.Write"

  # 4. Activate the deployment
  - name: Activate Deployment
    run: |
      uipcli solution deploy-activate "MySolution-Prod-v1.0.${{ github.run_number }}" \
        -U ${{ secrets.ORCHESTRATOR_URL }} \
        -T ${{ secrets.ORCHESTRATOR_TENANT }} \
        -A ${{ secrets.ORG_NAME }} \
        -I ${{ secrets.EXTERNAL_APP_ID }} \
        -S ${{ secrets.EXTERNAL_APP_SECRET }} \
        --applicationScope "AutomationSolutions Solutions.Deployments Solutions.Deployments.Read Solutions.Deployments.Write Solutions.Packages Solutions.Packages.Read Solutions.Packages.Write"
```

### Gated deployments with manual approval

You can separate deploy and activate steps to implement approval workflows:

```yaml
# Stage 1: Deploy (automated)
- stage: DeployToProduction
  jobs:
  - job: Deploy
    steps:
    - script: |
        uipcli solution deploy MySolution -v $(version) -d MySolution-Prod-$(version) -f Production ...
      displayName: 'Prepare Production Deployment'

# Stage 2: Activate (requires approval)
- stage: ActivateProduction
  dependsOn: DeployToProduction
  # Manual approval gate configured in Azure DevOps
  jobs:
  - deployment: Activate
    environment: 'Production'
    steps:
    - script: |
        uipcli solution deploy-activate MySolution-Prod-$(version) ...
      displayName: 'Activate Production Deployment'
```

## Multi-environment promotion

Deploy the same version to multiple environments sequentially:

```bash
# Deploy to Dev
uipcli solution deploy MySolution -v 1.2.3 -d MySolution-Dev-1.2.3 -f Dev ...
uipcli solution deploy-activate MySolution-Dev-1.2.3 ...

# Deploy to Test
uipcli solution deploy MySolution -v 1.2.3 -d MySolution-Test-1.2.3 -f Test ...
uipcli solution deploy-activate MySolution-Test-1.2.3 ...

# Deploy to Production (after approval)
uipcli solution deploy MySolution -v 1.2.3 -d MySolution-Prod-1.2.3 -f Production ...
uipcli solution deploy-activate MySolution-Prod-1.2.3 ...
```

## Rollback strategy

To roll back to a previous version:

1. Deploy the previous version with a new deployment name.
2. Activate the previous version deployment.
3. Optionally uninstall the newer deployment.

```bash
# Roll back to v1.2.2
uipcli solution deploy MySolution -v 1.2.2 -d MySolution-Prod-Rollback-1.2.2 -f Production ...
uipcli solution deploy-activate MySolution-Prod-Rollback-1.2.2 ...
```

## Next steps

After deploying and activating Solutions, you can:

1. Monitor execution in Orchestrator.
2. [Uninstall deployments](https://docs.uipath.com/cicd-integrations/standalone/2025.10/user-guide/uninstalling-deployments) when no longer needed.
3. Deploy new versions following the same workflow.
