Skip to main content
Version: v0.6.6

GitHub Actions

Rush Delivery is a Dagger module for Rush-based release workflows. It owns the release path from source acquisition through detect, validate, build, package, and deploy while keeping project-specific behavior in metadata.

Use the GitHub Action for normal GitHub CI. It prepares the Dagger CLI, deploy env file, runtime files bundle, Git source coordinates, and source auth token plumbing for you.

Pin Rush Delivery to a released tag and advance that tag intentionally when you want new behavior.

Pull Request Validation

Use entrypoint: validate for PR CI. The action resolves the pull request source through Git source mode, so the workflow does not need to check out the repository for normal validation. Give PRs read-only package access and use the validate defaults so provider artifacts can be reused without publishing from PR runs.

name: ci-validate

on:
  pull_request:

permissions:
  contents: read
  packages: read

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: BootstrapLaboratory/rush-delivery@v0.6.6
        with:
          entrypoint: validate
          toolchain-image-provider: github
          rush-cache-provider: github

If package target build metadata allows env through pass_env or map_env, add those source values to deploy-env in the validation step as well.

If .dagger/release/npm.yaml exists, the same validation step also verifies Rush change files so package releases cannot reach main without versioning metadata.

Release Workflow

Use the default workflow entrypoint for release CI.

permissions:
  contents: write
  id-token: write
  packages: write

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - id: auth
        name: Authenticate to Google Cloud
        uses: google-github-actions/auth@v3
        with:
          workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
          service_account: ${{ vars.GCP_SERVICE_ACCOUNT }}

      - name: Rush Delivery
        uses: BootstrapLaboratory/rush-delivery@v0.6.6
        with:
          dry-run: "false"
          force-targets-json: ${{ inputs.force_targets_json || '[]' }}
          environment: prod
          deploy-tag-prefix: deploy/prod
          artifact-prefix: deploy-target
          toolchain-image-provider: github
          toolchain-image-policy: lazy
          rush-cache-provider: github
          rush-cache-policy: lazy
          deploy-env: |
            GCP_PROJECT_ID=${{ vars.GCP_PROJECT_ID }}
            GCP_ARTIFACT_REGISTRY_REPOSITORY=${{ vars.GCP_ARTIFACT_REGISTRY_REPOSITORY }}
            GITHUB_ACTOR=${{ github.actor }}
            GITHUB_REPOSITORY=${{ github.repository }}
            GITHUB_TOKEN=${{ github.token }}
          runtime-file-map: |
            ${{ steps.auth.outputs.credentials_file_path }}=>gcp-credentials.json

Next, see CI Using Command Line if you want to call the module directly from a custom CI script.

Package Release

Use entrypoint: release-packages for npm package release/versioning. Keep npm credentials in release-env; deploy credentials stay in deploy-env.

NPM provenance is disabled by default; opt in from .dagger/release/npm.yaml only when the Dagger release runtime is configured for supported npm provenance.

permissions:
  contents: write
  packages: write

steps:
  - uses: BootstrapLaboratory/rush-delivery@v0.6.6
    with:
      entrypoint: release-packages
      dry-run: "false"
      toolchain-image-provider: github
      rush-cache-provider: github
      release-env: |
        NPM_TOKEN=${{ secrets.NPM_TOKEN }}

For the broader docs map, start from the Introduction.