{"id":28646782,"url":"https://github.com/harisekhon/github-actions","last_synced_at":"2025-06-13T02:06:56.738Z","repository":{"id":37754605,"uuid":"448884609","full_name":"HariSekhon/GitHub-Actions","owner":"HariSekhon","description":"GitHub Actions Reusable Workflows and Master Template","archived":false,"fork":false,"pushed_at":"2024-09-04T15:18:10.000Z","size":967,"stargazers_count":38,"open_issues_count":0,"forks_count":12,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-09-05T21:23:21.483Z","etag":null,"topics":["checkov","ci-cd","ci-cd-pipeline","cicd","github","github-actions","github-actions-ci","hacktoberfest","jenkins","jenkinsfile","library","semgrep","tfsec","tfsec-checks","validation","validation-library","validations"],"latest_commit_sha":null,"homepage":"https://www.linkedin.com/in/HariSekhon","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HariSekhon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-17T12:27:41.000Z","updated_at":"2024-09-04T15:18:14.000Z","dependencies_parsed_at":"2024-02-09T03:30:36.737Z","dependency_job_id":"8a02046f-1c15-458a-af43-f875a78abf89","html_url":"https://github.com/HariSekhon/GitHub-Actions","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/HariSekhon/GitHub-Actions","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HariSekhon%2FGitHub-Actions","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HariSekhon%2FGitHub-Actions/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HariSekhon%2FGitHub-Actions/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HariSekhon%2FGitHub-Actions/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HariSekhon","download_url":"https://codeload.github.com/HariSekhon/GitHub-Actions/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HariSekhon%2FGitHub-Actions/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259565561,"owners_count":22877347,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["checkov","ci-cd","ci-cd-pipeline","cicd","github","github-actions","github-actions-ci","hacktoberfest","jenkins","jenkinsfile","library","semgrep","tfsec","tfsec-checks","validation","validation-library","validations"],"created_at":"2025-06-13T02:06:54.422Z","updated_at":"2025-06-13T02:06:56.699Z","avatar_url":"https://github.com/HariSekhon.png","language":"Shell","readme":"# GitHub Actions\n\n[![GitHub stars](https://img.shields.io/github/stars/HariSekhon/GitHub-Actions?logo=github)](https://github.com/HariSekhon/GitHub-Actions/stargazers)\n[![GitHub forks](https://img.shields.io/github/forks/HariSekhon/GitHub-Actions?logo=github)](https://github.com/HariSekhon/GitHub-Actions/network)\n[![LineCount](https://sloc.xyz/github/HariSekhon/GitHub-Actions/?badge-bg-color=2081C2)](https://github.com/boyter/scc/)\n[![Cocomo](https://sloc.xyz/github/HariSekhon/GitHub-Actions/?badge-bg-color=2081C2\u0026category=cocomo)](https://github.com/boyter/scc/)\n[![License](https://img.shields.io/github/license/HariSekhon/GitHub-Actions)](https://github.com/HariSekhon/GitHub-Actions/blob/master/LICENSE)\n[![My LinkedIn](https://img.shields.io/badge/LinkedIn%20Profile-HariSekhon-blue?logo=data:image/svg%2bxml;base64,PHN2ZyByb2xlPSJpbWciIGZpbGw9IiNmZmZmZmYiIHZpZXdCb3g9IjAgMCAyNCAyNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj48dGl0bGU+TGlua2VkSW48L3RpdGxlPjxwYXRoIGQ9Ik0yMC40NDcgMjAuNDUyaC0zLjU1NHYtNS41NjljMC0xLjMyOC0uMDI3LTMuMDM3LTEuODUyLTMuMDM3LTEuODUzIDAtMi4xMzYgMS40NDUtMi4xMzYgMi45Mzl2NS42NjdIOS4zNTFWOWgzLjQxNHYxLjU2MWguMDQ2Yy40NzctLjkgMS42MzctMS44NSAzLjM3LTEuODUgMy42MDEgMCA0LjI2NyAyLjM3IDQuMjY3IDUuNDU1djYuMjg2ek01LjMzNyA3LjQzM2MtMS4xNDQgMC0yLjA2My0uOTI2LTIuMDYzLTIuMDY1IDAtMS4xMzguOTItMi4wNjMgMi4wNjMtMi4wNjMgMS4xNCAwIDIuMDY0LjkyNSAyLjA2NCAyLjA2MyAwIDEuMTM5LS45MjUgMi4wNjUtMi4wNjQgMi4wNjV6bTEuNzgyIDEzLjAxOUgzLjU1NVY5aDMuNTY0djExLjQ1MnpNMjIuMjI1IDBIMS43NzFDLjc5MiAwIDAgLjc3NCAwIDEuNzI5djIwLjU0MkMwIDIzLjIyNy43OTIgMjQgMS43NzEgMjRoMjAuNDUxQzIzLjIgMjQgMjQgMjMuMjI3IDI0IDIyLjI3MVYxLjcyOUMyNCAuNzc0IDIzLjIgMCAyMi4yMjIgMGguMDAzeiIvPjwvc3ZnPgo=)](https://www.linkedin.com/in/HariSekhon/)\n[![GitHub Last Commit](https://img.shields.io/github/last-commit/HariSekhon/GitHub-Actions?logo=github)](https://github.com/HariSekhon/GitHub-Actions/commits/master)\n\n[![CI Builds Overview](https://img.shields.io/badge/CI%20Builds-Overview%20Page-blue?logo=circleci)](https://harisekhon.github.io/CI-CD/)\n[![YAML](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/yaml.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/yaml.yaml)\n[![Markdown Lint](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/markdown.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/markdown.yaml)\n[![Validation](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/validate.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/validate.yaml)\n[![Grype](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/grype.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/grype.yaml)\n[![Kics](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/kics.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/kics.yaml)\n[![SonarCloud](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/sonarcloud.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/sonarcloud.yaml)\n[![Semgrep](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/semgrep.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/semgrep.yaml)\n[![Semgrep Cloud](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/semgrep-cloud.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/semgrep-cloud.yaml)\n[![URL Links](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/url_links.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/url_links.yaml)\n[![Trivy](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/trivy.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/trivy.yaml)\n\n[![Repo on GitHub](https://img.shields.io/badge/repo-GitHub-2088FF?logo=github)](https://github.com/HariSekhon/GitHub-Actions)\n[![Repo on GitLab](https://img.shields.io/badge/repo-GitLab-FCA121?logo=gitlab)](https://gitlab.com/HariSekhon/GitHub-Actions)\n[![Repo on Azure DevOps](https://img.shields.io/badge/repo-Azure%20DevOps-0078D7?logo=azure%20devops)](https://dev.azure.com/harisekhon/GitHub/_git/GitHub-Actions)\n[![Repo on BitBucket](https://img.shields.io/badge/repo-BitBucket-0052CC?logo=bitbucket)](https://bitbucket.org/HariSekhon/GitHub-Actions)\n\nGitHub Actions master template \u0026 GitHub Actions Reusable Workflows library.\n\n- [main.yaml](https://github.com/HariSekhon/GitHub-Actions/blob/master/main.yaml) - GitHub Actions master workflow template\n- [.github/workflows/](https://github.com/HariSekhon/GitHub-Actions/tree/master/.github/workflows) - GitHub Actions Reusable Workflows Library\n\nSee [Documentation](https://docs.github.com/en/actions/using-workflows/reusing-workflows#calling-a-reusable-workflow) for how to call these workflows directly from your own GitHub Actions workflow.\n\nFork this repo to have full control over all updates via Pull Requests.\nCreate environment branches to stage updates across dev / staging / production.\n\nForked from [HariSekhon/Templates](https://github.com/HariSekhon/Templates), for which this is now a submodule.\n\nTo see GitHub Contexts available, including undocumented fields, see [HariSekhon/GitHub-Actions-Contexts](https://github.com/HariSekhon/GitHub-Actions-Contexts).\n\n## Examples\n\nIn your GitHub repo, import these workflows by adding small yaml files to the `.github/workflows/` directory.\n\nThese are slightly simplified for clarify, see the [.github/workflows/README.md](.github/workflows/README.md) for a\nfew more details like only running when relevant files have changed.\n\n\u003c!-- INDEX_START --\u003e\n\n- [Lint YAML](#lint-yaml)\n- [Lint JSON](#lint-json)\n- [Lint XML](#lint-xml)\n- [Lint Bash / Shell Scripts](#lint-bash--shell-scripts)\n- [Lint Python](#lint-python)\n  - [PyLint](#pylint)\n  - [Flake8](#flake8)\n- [Lint README / Markdown documentation](#lint-readme--markdown-documentation)\n- [Lint GitHub CODEOWNERS](#lint-github-codeowners)\n- [Security - Scan for Secrets and issues](#security---scan-for-secrets-and-issues)\n  - [SonarCloud](#sonarcloud)\n  - [Semgrep Local](#semgrep-local)\n  - [Semgrep Cloud](#semgrep-cloud)\n  - [Trivy Filesystem Scan](#trivy-filesystem-scan)\n  - [Trivy Docker Image Scan](#trivy-docker-image-scan)\n  - [Grype Filesystem Scan](#grype-filesystem-scan)\n- [Analyze your Terraform code security \u0026 best practices](#analyze-your-terraform-code-security--best-practices)\n  - [tfsec](#tfsec)\n  - [tflint](#tflint)\n  - [Checkov](#checkov)\n- [Terraform Plan \u0026 Apply](#terraform-plan--apply)\n- [Lint Ansible Playbooks](#lint-ansible-playbooks)\n- [Lint Packer HCL](#lint-packer-hcl)\n- [Lint Redhat Kickstart](#lint-redhat-kickstart)\n- [Lint Debian Preseed](#lint-debian-preseed)\n- [Lint Ubuntu AutoInstaller Cloud Init](#lint-ubuntu-autoinstaller-cloud-init)\n- [Lint Jenkinsfiles](#lint-jenkinsfiles)\n- [Lint Groovy](#lint-groovy)\n- [Lint Javascript](#lint-javascript)\n- [Docker Build and push to DockerHub](#docker-build-and-push-to-dockerhub)\n- [Docker Build and push to AWS ECR](#docker-build-and-push-to-aws-ecr)\n- [Docker Build and push to multiple registries](#docker-build-and-push-to-multiple-registries)\n- [Check for Broken URL Links](#check-for-broken-url-links)\n- [Auto-Merge Production hotfixes back to Staging](#auto-merge-production-hotfixes-back-to-staging)\n- [Mirror Repos to GitLab for DR Backups](#mirror-repos-to-gitlab-for-dr-backups)\n- [AWS CodeArtifact - Publish a Python Package](#aws-codeartifact---publish-a-python-package)\n- [Kubernetes - Pluto - Check for Outdated APIs](#kubernetes---pluto---check-for-outdated-apis)\n- [Kubernetes - Polaris - Security \u0026 Best Practices Check](#kubernetes---polaris---security--best-practices-check)\n- [Production](#production)\n  - [Option 1 - Hashref](#option-1---hashref)\n  - [Option 2 - Public Fork (fully automated)](#option-2---public-fork-fully-automated)\n  - [Option 3 - Private Copy (manual)](#option-3---private-copy-manual)\n- [Star History](#star-history)\n- [More Core Repos](#more-core-repos)\n  - [Knowledge](#knowledge)\n  - [DevOps Code](#devops-code)\n  - [Containerization](#containerization)\n  - [CI/CD](#cicd)\n  - [DBA - SQL](#dba---sql)\n  - [DevOps Reloaded](#devops-reloaded)\n  - [Templates](#templates)\n  - [Misc](#misc)\n\n\u003c!-- INDEX_END --\u003e\n\n## Lint YAML\n\nFinds all YAML in your repo and lints it.\n\n[![YAML](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/yaml.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/yaml.yaml)\n\nCopy this into `.github/workflows/yaml.yaml`:\n\n```yaml\non: [push]\njobs:\n  check_yaml:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/yaml.yaml@master\n ```\n\n## Lint JSON\n\nFinds all JSON in your repo and lints it.\n\n[![JSON](https://github.com/HariSekhon/Templates/actions/workflows/json.yaml/badge.svg)](https://github.com/HariSekhon/Templates/actions/workflows/json.yaml)\n\nCopy this into `.github/workflows/json.yaml`:\n\n```yaml\non: [push]\njobs:\n  check_json:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/json.yaml@master\n```\n\n## Lint XML\n\nFinds all XML in your repo and lints it.\n\n[![XML](https://github.com/HariSekhon/Templates/actions/workflows/xml.yaml/badge.svg)](https://github.com/HariSekhon/Templates/actions/workflows/xml.yaml)\n\nCopy this into `.github/workflows/xml.yaml`:\n\n```yaml\non: [push]\njobs:\n  check_xml:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/xml.yaml@master\n ```\n\n## Lint Bash / Shell Scripts\n\nFinds all `*.sh` scripts in your repo and lints them.\n\n[![Shellcheck](https://github.com/HariSekhon/DevOps-Bash-tools/actions/workflows/shellcheck.yaml/badge.svg)](https://github.com/HariSekhon/DevOps-Bash-tools/actions/workflows/shellcheck.yaml)\n\nCopy this into `.github/workflows/shellcheck.yaml`:\n\n```yaml\non: [push]\njobs:\n  shellcheck:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/shellcheck.yaml@master\n ```\n\n## Lint Python\n\n### PyLint\n\nFinds all `*.py` code in your repo and lints it.\n\n[![PyLint](https://github.com/HariSekhon/pylib/actions/workflows/pylint.yaml/badge.svg)](https://github.com/HariSekhon/pylib/actions/workflows/pylint.yaml)\n\nCopy this into `.github/workflows/pylint.yaml`:\n\n```yaml\non: [push]\njobs:\n  pylint:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/pylint.yaml@master\n ```\n\n### Flake8\n\nFinds all `*.py` code in your repo and lints it.\n\n[![Flake8](https://github.com/HariSekhon/pylib/actions/workflows/flake8.yaml/badge.svg)](https://github.com/HariSekhon/pylib/actions/workflows/flake8.yaml)\n\nCopy this into `.github/workflows/flake8.yaml`:\n\n```yaml\non: [push]\njobs:\n  flake8:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/flake8.yaml@master\n ```\n\n## Lint README / Markdown documentation\n\nFinds all markdown files in your repo and lints them.\n\n[![Markdown](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/markdown.yaml/badge.svg)](https://github.com/HariSekhon/Templates/actions/workflows/markdown.yaml)\n\nCopy this into `.github/workflows/markdown.yaml`:\n\n```yaml\non: [push]\njobs:\n  check_markdown:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/markdown.yaml@master\n ```\n\n## Lint GitHub CODEOWNERS\n\nLints the GitHub `CODEOWNERS` / `.github/CODEOWNERS` files.\n\n[![Codeowners](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/codeowners.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/codeowners.yaml)\n\nCopy this into `.github/workflows/codeowners.yaml`:\n\n```yaml\non: [push]\njobs:\n  check_codeowners:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/codeowners.yaml@master\n ```\n\n## Security - Scan for Secrets and issues\n\n### SonarCloud\n\n[![SonarCloud](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/sonarcloud.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/sonarcloud.yaml)\n\n```yaml\non: [push]\njobs:\n  SonarCloud:\n    name: SonarCloud\n    uses: HariSekhon/GitHub-Actions/.github/workflows/sonarcloud.yaml@master\n    secrets:\n      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}\n```\n\nAlerts for the above badge appears in the SonarCloud dashboard at:\n\n\u003chttps://sonarcloud.io/\u003e\n\nThe badge will go red only if failing to run and publish to SonarCloud, whether there are any alerts of not.\nYou must check the dashboard.\n\n### Semgrep Local\n\n[![Semgrep](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/semgrep.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/semgrep.yaml)\n\nCreate `.github/workflows/semgrep.yaml` containing:\n\n```yaml\non: [push]\njobs:\n  semgrep:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/semgrep.yaml@master\n```\n\nAlerts for the above badge appear under the GitHub repo's `Security` tab -\u003e `Code scanning alerts`.\n\nThe badge will go red if there are any alerts.\n\n### Semgrep Cloud\n\n[![Semgrep Cloud](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/semgrep-cloud.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/semgrep-cloud.yaml)\n\nCreate `.github/workflows/semgrep-cloud.yaml` containing:\n\n```yaml\non: [push]\njobs:\n  semgrep:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/semgrep-cloud.yaml@master\n    secrets:\n      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}\n```\n\nAlerts for the above badge appears in the Semgrep dashboard at:\n\n\u003chttps://semgrep.dev\u003e\n\nThe badge will go red only if failing to run and publish to Semgrep Cloud, whether there are any alerts of not.\nYou must check the dashboard.\n\n### Trivy Filesystem Scan\n\n[![Trivy Filesystem Scan](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/trivy.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/trivy.yaml)\n\nAlerts for the above badge appear under the GitHub repo's `Security` tab -\u003e `Code scanning alerts`.\n\n```yaml\non: [push]\njobs:\n  trivy:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/trivy.yaml@master\n```\n\n### Trivy Docker Image Scan\n\n[![Trivy Docker Image Scan](https://github.com/HariSekhon/DevOps-Bash-tools/actions/workflows/trivy_image.yaml/badge.svg)](https://github.com/HariSekhon/DevOps-Bash-tools/actions/workflows/trivy_image.yaml)\n\nAlerts for the above badge appear under the GitHub repo's `Security` tab -\u003e `Code scanning alerts`.\n\n```text\non: [push]\njobs:\n  trivy:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/trivy_image.yaml@master\n    with:\n      docker_image: harisekhon/bash-tools\n      severity: ''\n```\n\n### Grype Filesystem Scan\n\n[![Grype](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/grype.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/grype.yaml)\n\nAlerts for the above badge appear under the GitHub repo's `Security` tab -\u003e `Code scanning alerts`.\n\n```yaml\non: [push]\njobs:\n  grype:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/grype.yaml@master\n```\n\n## Analyze your Terraform code security \u0026 best practices\n\n### tfsec\n\n[![tfsec](https://github.com/HariSekhon/Terraform/actions/workflows/tfsec.yaml/badge.svg)](https://github.com/HariSekhon/Terraform/actions/workflows/tfsec.yaml)\n\nAlerts appear under `Security` -\u003e `Code scanning alerts`.\n\nCreate `.github/workflows/tfsec.yaml` containing:\n\n```yaml\non: [push]\njobs:\n  tfsec:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/tfsec.yaml@master\n```\n\n### tflint\n\n[![tflint](https://github.com/HariSekhon/Terraform/actions/workflows/tflint.yaml/badge.svg)](https://github.com/HariSekhon/Terraform/actions/workflows/tflint.yaml)\n\nCreate `.github/workflows/tflint.yaml` containing:\n\n```yaml\non: [push]\njobs:\n  tfsec:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/tflint.yaml@master\n```\n\n### Checkov\n\n[![checkov](https://github.com/HariSekhon/Terraform/actions/workflows/checkov.yaml/badge.svg)](https://github.com/HariSekhon/Terraform/actions/workflows/checkov.yaml)\n\nAlerts appear under `Security` -\u003e `Code scanning alerts`.\n\nCreate `.github/workflows/checkov.yaml` containing:\n\n```yaml\non: [push]\njobs:\n  checkov:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/checkov.yaml@master\n```\n\n## Terraform Plan \u0026 Apply\n\nPlans - updates Pull Requests with the results of validation, format check and full Change Plan outputs\n\nApply - applies when merged to default branch, eg. `master` or `main`\n\n```yaml\non: [push, pull_request]\njobs:\n  terraform:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/terraform.yaml@master\n    with:\n      dir: path/to/terraform/code\n    secrets:\n      ...\n```\n\nFor more sophisticated examples including approvals, secrets, branch and path selection etc. see my\n[Terraform repo](https://github.com/HariSekhon/Terraform)'s templates for\n[terraform-plan.yaml](https://github.com/HariSekhon/Terraform/blob/master/.github/workflows/terraform-plan.yaml.template) and\n[terraform-apply.yaml](https://github.com/HariSekhon/Terraform/blob/master/.github/workflows/terraform-apply.yaml.template)\n\n## Lint Ansible Playbooks\n\nFinds all Ansible `playbook.y*ml` in your repo and lints them.\n\n[![Ansible](https://github.com/HariSekhon/Ansible/actions/workflows/ansible-playbook-syntax.yaml/badge.svg)](https://github.com/HariSekhon/Ansible/actions/workflows/ansible-playbook-syntax.yaml)\n\nCopy this into `.github/workflows/ansible-playbook-syntax.yaml`:\n\n```yaml\non: [push]\njobs:\n  check_ansible_playbook_syntax:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/ansible-playbook-syntax.yaml@master\n ```\n\n## Lint Packer HCL\n\nFinds all `*.pkr.hcl` Packer code in your repo and lints them.\n\n[![Packer](https://github.com/HariSekhon/Packer/actions/workflows/packer.yaml/badge.svg)](https://github.com/HariSekhon/Packer/actions/workflows/packer.yaml)\n\nCopy this into `.github/workflows/packer.yaml`:\n\n```yaml\non: [push]\njobs:\n  check_packer_hcl:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/packer.yaml@master\n ```\n\n## Lint Redhat Kickstart\n\nLints Redhat Kickstart automated installer files.\n\n[![Kickstart](https://github.com/HariSekhon/Packer/actions/workflows/kickstart.yaml/badge.svg)](https://github.com/HariSekhon/Packer/actions/workflows/kickstart.yaml)\n\nCopy this into `.github/workflows/kickstart.yaml`:\n\n```yaml\non: [push]\njobs:\n  check_kickstart:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/kickstart.yaml@master\n    with:\n      files: installers/anaconda-ks.cfg\n ```\n\n## Lint Debian Preseed\n\nLints Debian Preseed automated installer files.\n\n[![Preseed](https://github.com/HariSekhon/Packer/actions/workflows/preseed.yaml/badge.svg)](https://github.com/HariSekhon/Packer/actions/workflows/preseed.yaml)\n\nCopy this into `.github/workflows/preseed.yaml`:\n\n```yaml\non: [push]\njobs:\n  check_preseed:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/preseed.yaml@master\n    with:\n      files: installers/preseed.cfg\n ```\n\n## Lint Ubuntu AutoInstaller Cloud Init\n\nLints Ubuntu AutoInstaller Cloud Init automated installer files.\n\n[![AutoInstaller](https://github.com/HariSekhon/Packer/actions/workflows/autoinstall-user-data.yaml/badge.svg)](https://github.com/HariSekhon/Packer/actions/workflows/autoinstall-user-data.yaml)\n\nCopy this into `.github/workflows/autoinstall-user-data.yaml`:\n\n```yaml\non: [push]\njobs:\n  check_cloudinit:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/autoinstall-user-data.yaml@master\n    with:\n      files: installers/autoinstall-user-data\n ```\n\n## Lint Jenkinsfiles\n\nFinds all files named `Jenkinsfile` in the repo and lints them using a live Jenkins in docker.\n\n[![Jenkinsfile](https://github.com/HariSekhon/Jenkins/actions/workflows/jenkinsfile.yaml/badge.svg)](https://github.com/HariSekhon/Jenkins/actions/workflows/jenkinsfile.yaml)\n\nCreate `.github/workflows/jenkinsfile.yaml`:\n\n```yaml\non: [push]\njobs:\n  jenkinsfile:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/jenkinsfile.yaml@master\n```\n\n## Lint Groovy\n\nFinds all Groovy files named `*.groovy` in the repo and lints them using `groovyc`.\n\nThis is a basic check but good for a Jenkins Groovy Shared Library.\n\n[![Groovy](https://github.com/HariSekhon/Jenkins/actions/workflows/groovyc.yaml/badge.svg)](https://github.com/HariSekhon/Jenkins/actions/workflows/groovyc.yaml)\n\nCreate `.github/workflows/groovyc.yaml`:\n\n```yaml\non: [push]\njobs:\n  check_groovyc:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/groovyc.yaml@master\n```\n\n## Lint Javascript\n\nFinds all Javascript files named `*.js` in the repo and lints them using `eslint`.\n\n[![EsLint](https://github.com/HariSekhon/TamperMonkey/actions/workflows/eslint.yaml/badge.svg)](https://github.com/HariSekhon/TamperMonkey/actions/workflows/eslint.yaml)\n\nCreate `.github/workflows/eslint.yaml`:\n\n```yaml\non: [push]\njobs:\n  check_eslint:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/eslint.yaml@master\n```\n\n## Docker Build and push to DockerHub\n\n[![Docker Build DevOps Bash Tools (Ubuntu)](https://github.com/HariSekhon/Dockerfiles/actions/workflows/docker_build_devops_bash_tools_ubuntu.yaml/badge.svg)](https://github.com/HariSekhon/Dockerfiles/actions/workflows/docker_build_devops_bash_tools_ubuntu.yaml)\n\nCreate `.github/workflows/dockerhub_build.yaml`:\n\n```yaml\non: [push]\njobs:\n  docker_build:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/dockerhub_build.yaml@master\n    with:\n      repo: user/repo  # your DockerHub user/repo\n      tags: latest v1.1\n    secrets:\n      DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}\n      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}\n```\n\n## Docker Build and push to AWS ECR\n\nCreate `.github/workflows/docker_build_aws_ecr.yaml`:\n\n```yaml\non: [push]\njobs:\n  docker_build:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/docker_build_aws_ecr.yaml@master\n    with:\n      repo: MY_ECR_REPO\n    secrets:\n      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}\n      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}\n      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}\n```\n\nCreates several useful tags, supports multi-stage build caching, see [README](https://github.com/HariSekhon/GitHub-Actions/blob/master/.github/workflows/README.md) for details.\n\n## Docker Build and push to multiple registries\n\nSupports building + pushing to any combination of the following, just add the relevant secrets, see [docker_build.yaml](https://github.com/HariSekhon/GitHub-Actions/blob/master/.github/workflows/docker_build.yaml) for details:\n\n- ACR  - Azure Container Registry\n- ECR  - AWS Elastic Container Registry\n- GCR  - Google Container Registry\n- GAR  - Google Artifact Registry\n- GHCR - GitHub Container Registry\n- GitLab Registry\n- Quay.io Registry\n- DockerHub\n\nCreate `.github/workflows/docker_build.yaml`:\n\n```yaml\non: [push]\njobs:\n  docker_build:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/docker_build.yaml@master\n    with:\n      repo_tags: |\n        harisekhon/bash-tools:latest\n        ghcr.io/harisekhon/bash-tools:latest\n      context: devops-bash-tools-ubuntu  # path to dir containing the source and Dockerfile\n    # GHCR uses the local github.token, for other registries, add secrets, see docker_build.yaml for details\n    secrets:\n      DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}\n      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}\n```\n\n## Check for Broken URL Links\n\n[![URL Links](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/url_links.yaml/badge.svg)](https://github.com/HariSekhon/GitHub-Actions/actions/workflows/url_links.yaml)\n\nCreate `.github/workflows/url_links.yaml`:\n\n```yaml\non: [push]\njobs:\n  url_links:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/url_links.yaml@master\n```\n\nSee [README](https://github.com/HariSekhon/GitHub-Actions/blob/master/.github/workflows/README.md) for details on ignoring inaccessible / partially constructed links or those containing variables\n\n## Auto-Merge Production hotfixes back to Staging\n\nMerges via a Pull Request for full auditing.\n\nCreate `.github/workflows/merge_production_to_staging.yaml`:\n\n```yaml\non: [push]\njobs:\n  merge:\n    if: github.ref_name == 'production'\n    uses: HariSekhon/GitHub-Actions/.github/workflows/merge-branch.yaml@master\n    with:\n      head: production  # from\n      base: staging     # to\n```\n\n## Mirror Repos to GitLab for DR Backups\n\nMirrors all/given GitHub repos to GitLab - including all branches and tags, and GitHub repo description\n\n```yaml\non:\n  schedule:\n    # mirror to GitLab hourly\n    - cron: '0 0 * * *'\n\njobs:\n  gitlab_mirror:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/gitlab-mirror.yaml@master\n    with:\n      #organization: my-org    # optional: mirror your company's repos instead of your personal repos\n      #repos: repo1 repo2 ...  # list of repos to mirror, space separated, rather than all repos\n    secrets:\n      GH_TOKEN: ${{ secrets.GH_TOKEN }}\n      GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }}\n```\n\n## AWS CodeArtifact - Publish a Python Package\n\n```yaml\non:\n  tags:\n    - v*\n\njobs:\n  aws_codeartifact_python_publish:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/codeartifact_python_publish.yaml@master\n    with:\n      domain: mycompany     # your AWS CodeArtifact service domain name\n      repo: mycompany-core  # your CodeArtifact repo name\n      #command: make publish_package  # default. Can be any command using CODEARTIFACT_AUTH_TOKEN and CODEARTIFACT_REPO_URL\n    secrets:\n      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}\n      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}\n      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}\n```\n\n## Kubernetes - Pluto - Check for Outdated APIs\n\nChecks all Kubernetes YAML files for outdated API objects using Pluto.\n\n[![Pluto](https://github.com/HariSekhon/Kubernetes-configs/actions/workflows/pluto.yaml/badge.svg)](https://github.com/HariSekhon/Kubernetes-configs/actions/workflows/pluto.yaml)\n\nCreate `.github/workflows/pluto.yaml`:\n\n```yaml\non: [push]\njobs:\n  pluto:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/pluto.yaml@master\n```\n\n## Kubernetes - Polaris - Security \u0026 Best Practices Check\n\nChecks all Kubernetes YAML files for security issues and best practices.\n\nPolaris currently fails on very advanced patches such as found in my\n[Kubernetes-configs](https://github.com/HariSekhon/Kubernetes-configs) repo.\n\n[![Polaris](https://github.com/HariSekhon/Kubernetes-configs/actions/workflows/polaris.yaml/badge.svg)](https://github.com/HariSekhon/Kubernetes-configs/actions/workflows/polaris.yaml)\n\nCreate `.github/workflows/polaris.yaml`:\n\n```yaml\non: [push]\njobs:\n  polaris:\n    uses: HariSekhon/GitHub-Actions/.github/workflows/polaris.yaml@master\n```\n\n## Production\n\n### Option 1 - Hashref\n\nImport the reusable workflows from this repo as shown above, replacing `@master` with `@\u003chashref\u003e` to fix to an immutable version (tags are not immutable). This is [GitHub Actions Security Best Practice](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions).\n\n### Option 2 - Public Fork (fully automated)\n\nFork this repo for more control and visibility over all updates.\n\nEnable the [fork-sync](https://github.com/HariSekhon/GitHub-Actions/blob/master/.github/workflows/fork-sync.yaml) github actions workflow in your fork to keep the master branch sync'd every few hours.\n\nYou can then create tags or environment branches in your forked repo to stage updates across dev/staging/production.\n\nIf using environment branches enable the [fork-update-pr](https://github.com/HariSekhon/GitHub-Actions/blob/master/.github/workflows/fork-update-pr.yaml) github actions workflow to automatically raise GitHub Pull Requests from master to your environment branches to audit, authorize \u0026 control updates.\n\n### Option 3 - Private Copy (manual)\n\nCopy `.github/workflows` to a private repo. Not recommended as it's the most manual legacy approach.\n\nYou will be responsible for committing and reconciling any divergences in your local copies.\n\n## Star History\n\n[![Star History Chart](https://api.star-history.com/svg?repos=HariSekhon/GitHub-Actions\u0026type=Date)](https://star-history.com/#HariSekhon/GitHub-Actions\u0026Date)\n\n## More Core Repos\n\n\u003c!-- OTHER_REPOS_START --\u003e\n\n### Knowledge\n\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=Knowledge-Base\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/Knowledge-Base)\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=Diagrams-as-Code\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/Diagrams-as-Code)\n\n### DevOps Code\n\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=DevOps-Bash-tools\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/DevOps-Bash-tools)\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=DevOps-Python-tools\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/DevOps-Python-tools)\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=DevOps-Perl-tools\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/DevOps-Perl-tools)\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=DevOps-Golang-tools\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/DevOps-Golang-tools)\n\n\u003c!--\n[![Gist Card](https://github-readme-stats.vercel.app/api/gist?id=f8f551332440f1ca8897ff010e363e03)](https://gist.github.com/HariSekhon/f8f551332440f1ca8897ff010e363e03)\n--\u003e\n\n### Containerization\n\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=Kubernetes-configs\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/Kubernetes-configs)\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=Dockerfiles\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/Dockerfiles)\n\n### CI/CD\n\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=GitHub-Actions\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/GitHub-Actions)\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=Jenkins\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/Jenkins)\n\n### DBA - SQL\n\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=SQL-scripts\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/SQL-scripts)\n\n### DevOps Reloaded\n\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=Nagios-Plugins\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/Nagios-Plugins)\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=HAProxy-configs\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/HAProxy-configs)\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=Terraform\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/Terraform)\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=Packer-templates\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/Packer-templates)\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=Nagios-Plugin-Kafka\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/Nagios-Plugin-Kafka)\n\n### Templates\n\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=Templates\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/Templates)\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=Template-repo\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/Template-repo)\n\n### Misc\n\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=Spotify-tools\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/Spotify-tools)\n[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=HariSekhon\u0026repo=Spotify-playlists\u0026theme=ambient_gradient\u0026description_lines_count=3)](https://github.com/HariSekhon/Spotify-playlists)\n\nThe rest of my original source repos are\n[here](https://github.com/HariSekhon?tab=repositories\u0026q=\u0026type=source\u0026language=\u0026sort=stargazers).\n\nPre-built Docker images are available on my [DockerHub](https://hub.docker.com/u/harisekhon/).\n\n\u003c!-- 1x1 pixel counter to record hits --\u003e\n![](https://hit.yhype.me/github/profile?user_id=2211051)\n\n\u003c!-- OTHER_REPOS_END --\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharisekhon%2Fgithub-actions","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fharisekhon%2Fgithub-actions","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharisekhon%2Fgithub-actions/lists"}