Skip to main content
Version: v0.3.2

GitHub Action

Rush Delivery can be used as a GitHub Action or as a raw Dagger module. The GitHub Action is a thin adapter over the same workflow Dagger function, so the release behavior stays identical between both modes.

Provider authentication stays in the caller workflow. Pass any generated files to Rush Delivery through runtime-file-map, and pass deploy environment values through deploy-env.

steps:
  - id: auth
    name: Authenticate to Google Cloud
    if: inputs.force_targets_json != '["webapp"]'
    uses: google-github-actions/auth@v3
    with:
      workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
      service_account: ${{ vars.GCP_SERVICE_ACCOUNT }}

  - name: Rush Delivery
    uses: BootstrapLaboratory/rush-delivery@v0.3.2
    with:
      force-targets-json: ${{ inputs.force_targets_json || '[]' }}
      deploy-tag-prefix: ${{ env.DEPLOY_TAG_PREFIX }}
      artifact-prefix: ${{ env.DEPLOY_ARTIFACT_PREFIX }}
      environment: prod
      dry-run: "false"
      toolchain-image-provider: ${{ env.TOOLCHAIN_IMAGE_PROVIDER }}
      toolchain-image-policy: ${{ env.TOOLCHAIN_IMAGE_POLICY }}
      rush-cache-provider: ${{ env.RUSH_CACHE_PROVIDER }}
      rush-cache-policy: ${{ env.RUSH_CACHE_POLICY }}
      runtime-file-map: |
        ${{ steps.auth.outputs.credentials_file_path }}=>gcp-credentials.json
      deploy-env: |
        GCP_PROJECT_ID=${{ vars.GCP_PROJECT_ID }}
        GCP_ARTIFACT_REGISTRY_REPOSITORY=${{ vars.GCP_ARTIFACT_REGISTRY_REPOSITORY }}
        CLOUD_RUN_SERVICE=${{ vars.CLOUD_RUN_SERVICE }}
        CLOUD_RUN_RUNTIME_SERVICE_ACCOUNT=${{ vars.CLOUD_RUN_RUNTIME_SERVICE_ACCOUNT }}
        CLOUD_RUN_CORS_ORIGIN=${{ vars.CLOUD_RUN_CORS_ORIGIN }}
        CLOUD_RUN_REGION=${{ env.CLOUD_RUN_REGION }}
        CLOUDFLARE_API_TOKEN=${{ secrets.CLOUDFLARE_API_TOKEN }}
        CLOUDFLARE_ACCOUNT_ID=${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
        CLOUDFLARE_PAGES_PROJECT_NAME=${{ vars.CLOUDFLARE_PAGES_PROJECT_NAME }}
        WEBAPP_VITE_GRAPHQL_HTTP=${{ vars.WEBAPP_VITE_GRAPHQL_HTTP }}
        WEBAPP_VITE_GRAPHQL_WS=${{ vars.WEBAPP_VITE_GRAPHQL_WS }}
        WEBAPP_URL=https://${{ vars.CLOUDFLARE_PAGES_PROJECT_NAME }}.pages.dev

The action appends GITHUB_ACTOR, GITHUB_REPOSITORY, GITHUB_API_URL, and GITHUB_TOKEN to the generated deploy env file by default. Set include-github-env: "false" if you want to provide those values yourself.

Runtime Files

runtime-file-map is a multiline list of SOURCE=>DEST entries. SOURCE is a file path on the GitHub runner, and DEST is a safe relative path inside the runtime files bundle passed to Dagger.

Empty SOURCE values are skipped. This supports conditional provider auth steps where an output is intentionally blank for some target selections.

runtime-file-map: |
  ${{ steps.auth.outputs.credentials_file_path }}=>gcp-credentials.json
  ${{ steps.signing.outputs.key_path }}=>signing/key.json

Deploy target metadata can mount those files with:

runtime:
  env:
    GOOGLE_APPLICATION_CREDENTIALS: /runtime-files/gcp-credentials.json
  file_mounts:
    - source: gcp-credentials.json

Raw Dagger Mode

The action mode does not replace raw Dagger usage. Local runs, other CI providers, and lower-level debugging can still call the module directly:

dagger -m github.com/BootstrapLaboratory/rush-delivery@v0.3.2 call workflow \
  --git-sha="$GITHUB_SHA" \
  --source-mode=git \
  --source-repository-url="$SOURCE_REPOSITORY_URL" \
  --source-ref="$SOURCE_REF" \
  --source-auth-token-env=GITHUB_TOKEN