Skip to main content

Providers

Rush Delivery keeps provider behavior behind explicit adapters. Local use works with providers off; CI can opt into adapters by passing provider names and credentials.

Source Providers

sourceMode=local_copy copies the caller-provided repo directory into a Dagger-owned workspace. Use it for local development, offline runs, and unpushed changes. It requires --repo.

sourceMode=git clones or fetches the source from provider-neutral coordinates. This is the recommended CI path and does not require --repo:

  • sourceRepositoryUrl
  • sourceRef
  • gitSha
  • prBaseSha when validating pull requests
  • sourceAuthTokenEnv when private source access is required

The token value is read from the deploy environment file, not printed in logs.

Toolchain Image Providers

toolchainImageProvider=off builds toolchain containers inside the current Dagger run.

toolchainImageProvider=github uses GitHub Container Registry as an OCI image store for content-addressed toolchain images. Image references are derived from normalized runtime specs and provider metadata.

Policies:

  • toolchainImagePolicy=lazy keeps trusted workflow behavior unchanged: pull an existing image, or build and publish a missing one.
  • toolchainImagePolicy=pull-or-build pulls an existing image, or builds it locally on miss without publishing. Use this for pull-request validation.

Rush Cache Providers

rushCacheProvider=off keeps Rush install behavior local to the current Dagger engine.

rushCacheProvider=github stores a compressed Rush install cache archive in a GHCR image. Cache keys are derived from configured metadata, key file contents, cache paths, and the Rush workflow toolchain identity.

Policies:

  • rushCachePolicy=lazy keeps trusted workflow behavior unchanged: restore an existing cache, or publish a missing cache after a successful install.
  • rushCachePolicy=pull-or-build restores an existing cache, or installs Rush normally on miss without publishing a new cache. Use this for pull-request validation.

Deploy Providers

Deploy providers are target-level concerns. A target runtime decides what environment variables, file mounts, static env values, workspace paths, and tooling it needs through deploy target metadata.

The framework only passes allowlisted data into each target runtime.

Deploy-only files should be passed through runtimeFiles and mounted from target metadata. This keeps credentials out of source acquisition, Rush cache, package artifacts, toolchain image hashes, logs, and generated manifests.

CI Provider Responsibilities

A CI provider should provide:

  • Dagger CLI availability.
  • Source coordinates for Git source mode.
  • A deploy environment file with provider credentials and project settings.
  • A runtime files directory for deploy-only credential or config files when targets need file mounts.
  • Optional Docker socket for targets that build container images.
  • Permissions for any selected provider adapters.

For GitHub PR validation, packages: read is enough when both provider policies are pull-or-build. Trusted release workflows that use lazy need packages: write so misses can be published.

The CI provider should not compute deploy plans, package artifacts, update deploy tags, or encode target-specific behavior.

The GitHub Action wrapper in this repository is the first CI adapter. It prepares GitHub-specific defaults and then calls the same Dagger workflow or validate entrypoints as raw CLI usage.