Automate Transformations Management with Rudder CLI and GitHub Actions
Leverage GitHub Actions for automated validation, testing, and deployment of your RudderStack transformations.
Spec Version:
3 minute read
This guide explains how to validate and manage your Rudder CLI projects directly via GitHub workflows.
By leveraging the Rudder CLI Project Manager Action, you can:
A GitHub repository containing your Tracking Plan YAML files
Generate a workspace-level Service Access Token in the RudderStack dashboard with the following permissions to manage Data Catalog and Tracking Plans:
| Resource | Permissions |
|---|---|
| Tracking Plans | Create & Delete, Edit |
| Data Catalog | Edit |
Any action authenticated by a Personal Access Token will break if the user generating the token is removed from the organization or there is a breaking change to their permissions.
Token permissions for legacy RBAC system
If you are on the legacy Permissions Management (RBAC) system, your workspace-level Service Access Token should have minimum Admin permissions.
See Generate a workspace-level Service Access Token for steps to create the token.

Follow the steps in the below sections in the exact order to set up the GitHub Actions workflow.
RUDDERSTACK_ACCESS_TOKEN (use this exact name so it matches the workflow below)RudderStack recommends storing this token in GitHub Secrets and referencing it in your workflow using
${{ secrets.RUDDERSTACK_ACCESS_TOKEN }}.Do not expose the token directly in your workflow files.
Create the following workflow in your .github/workflows/ directory:
name: Manage Rudder CLI projects
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate Project Files
uses: rudderlabs/rudder-cli-action@v1.4.0
env:
RUDDERSTACK_ACCESS_TOKEN: ${{ secrets.RUDDERSTACK_ACCESS_TOKEN }}
with:
location: "<path_to_root_project_folder>/"
mode: "validate"
apply:
runs-on: ubuntu-latest
needs: validate
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: Apply Project Files
uses: rudderlabs/rudder-cli-action@v1.4.0
env:
RUDDERSTACK_ACCESS_TOKEN: ${{ secrets.RUDDERSTACK_ACCESS_TOKEN }}
with:
location: "<path_to_root_project_folder>/" #Required
mode: "apply" #Required
Note that:
- The previous Action
rudderlabs/rudder-tracking-plan-action@v1.0.0is now deprecated.- You can update the CLI action version by modifying the
usesparameter in the workflow file — see the Rudder CLI Project Manager Action releases for the latest version.
Some of the key inputs are described below:
| Input | Description | Default value |
|---|---|---|
locationRequired | Path to the folder containing the Rudder CLI project files. | - |
modeRequired | Operation mode — acceptable values are validate, dry-run, and apply.See Modes for more information. | - |
cli_version | Version of the Rudder CLI tool to use. | v0.10.0 |
RUDDERSTACK_ACCESS_TOKENRequired | The access token for the RudderStack workspace. | - |
The mode parameter defines the operation mode of the GitHub Action. You can specify either of the following values:
| Value | Notes |
|---|---|
validate |
|
dry-run |
|
apply | Applies the relevant changes to your RudderStack workspace. |
This section explains the GitHub Actions workflow:
main branch. It uses the apply mode (mode: apply) to push the relevant changes.Leverage GitHub Actions for automated validation, testing, and deployment of your RudderStack transformations.