{"id":29917629,"url":"https://github.com/jawaracloud/composite-workflows","last_synced_at":"2026-06-20T04:31:26.583Z","repository":{"id":306875696,"uuid":"1026941463","full_name":"jawaracloud/composite-workflows","owner":"jawaracloud","description":"This repository contains a collection of GitHub Action Workflows Composite for various purposes. Feel free to explore and use these scripts as needed.","archived":false,"fork":false,"pushed_at":"2026-02-19T22:19:09.000Z","size":40,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-20T01:18:06.810Z","etag":null,"topics":["ci-cd","cicd","devops","github","github-actions"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jawaracloud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security-scan/README.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-07-27T00:39:29.000Z","updated_at":"2026-02-19T22:19:13.000Z","dependencies_parsed_at":"2025-07-28T07:31:09.976Z","dependency_job_id":"4ae15c4f-c947-46e7-be49-6e9088bdaf68","html_url":"https://github.com/jawaracloud/composite-workflows","commit_stats":null,"previous_names":["jawaracloud/composite-workflows"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jawaracloud/composite-workflows","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jawaracloud%2Fcomposite-workflows","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jawaracloud%2Fcomposite-workflows/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jawaracloud%2Fcomposite-workflows/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jawaracloud%2Fcomposite-workflows/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jawaracloud","download_url":"https://codeload.github.com/jawaracloud/composite-workflows/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jawaracloud%2Fcomposite-workflows/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34557551,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-20T02:00:06.407Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci-cd","cicd","devops","github","github-actions"],"created_at":"2025-08-02T05:13:43.858Z","updated_at":"2026-06-20T04:31:26.579Z","avatar_url":"https://github.com/jawaracloud.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitHub Actions Composite Workflows\n\nA curated collection of production-ready, reusable GitHub Actions composite workflows designed with **Developer Experience (DevEx)** at the core — because internal tools deserve the same UX obsession as your consumer product.\n\nEvery workflow is:\n- **Plug-and-play**: Sensible, safe defaults — works from the first `with:` block\n- **Configurable**: Progressive disclosure — simple things are simple, complex things are possible\n- **Transparent**: Rich `::notice::`, `::warning::`, and `::error::` annotations in the GitHub Actions UI\n- **Safe**: Dry-run modes, opt-in destructive operations, and automatic rollback where relevant\n- **Debuggable**: `debug: 'true'` enables `set -x` in any workflow\n\n---\n\n## Available Workflows\n\n| Workflow | Purpose | When to use |\n|---|---|---|\n| [**build-push-image**](./build-push-image) | Multi-arch image build (Buildah) + push to any registry | You need to build a container image |\n| [**deploy-docker**](./deploy-docker) | SSH → `docker compose` rolling deploy + health check + rollback | You deploy to VMs/bare metal |\n| [**k8s-deploy**](./k8s-deploy) | `kubectl apply` manifests + rollout verification | You deploy raw manifests to Kubernetes |\n| [**helm-deploy**](./helm-deploy) | Helm upgrade + atomic rollback | You use Helm charts |\n| [**terraform**](./terraform) | Terraform plan / apply / destroy with workspace support | You manage infrastructure with Terraform |\n| [**security-scan**](./security-scan) | Trivy scan — container images and IaC | You want to scan **images or configs** |\n| [**osv-scanner**](./osv-scanner) | OSV-Scanner — source code dependency scan | You want to scan **lockfiles or SBOMs** |\n| [**semver-bump**](./semver-bump) | Conventional-commit version bumping | You need automated versioning |\n| [**slack-notify**](./slack-notify) | Color-coded Slack notifications via webhook | You want deploy/build notifications |\n\n---\n\n## Which security scanner should I use?\n\n| | `security-scan` (Trivy) | `osv-scanner` |\n|---|---|---|\n| **Scans** | Container images, filesystems, IaC configs | Lockfiles, directories, SBOMs |\n| **Language** | Any (scans the image layer) | Go, Node, Python, Rust, Java, etc. |\n| **Best for** | Post-build image scanning | Pre-build CI dependency gate |\n| **SARIF support** | ✅ | ✅ |\n\nUse **both** for defense-in-depth coverage.\n\n---\n\n## Universal Debug Mode\n\nEvery workflow supports `debug: 'true'` to enable `set -x` shell tracing across all steps:\n\n```yaml\n- uses: jawaracloud/composite-workflows/k8s-deploy@main\n  with:\n    kube_config: ${{ secrets.KUBE_CONFIG }}\n    deployment_name: api\n    debug: 'true'   # ← see exactly what's running\n```\n\n---\n\n## Shared DevEx Design Principles\n\n**Safe defaults everywhere:**\n- `auto_approve: false` in `terraform` — plan without applying\n- `commit_and_push: false` in `semver-bump` — calculate version without touching git\n- `dry_run: false` in k8s/helm/semver — always opt-in to real changes\n\n**Checkout toggle to avoid double-checkout:**\n```yaml\n- uses: actions/checkout@v4\n\n- uses: jawaracloud/composite-workflows/terraform@main\n  with:\n    checkout: 'false'  # already done above\n```\n\n**`image_tag` override to decouple from `VERSIONS` file:**\n```yaml\n# build-push-image and deploy-docker both accept:\nimage_tag: ${{ steps.build.outputs.image_tag }}\n```\n\n---\n\n## Complete CI/CD Pipeline Example\n\n```yaml\nname: CI/CD Pipeline\non:\n  push:\n    branches: [main]\n\njobs:\n  build:\n    runs-on: ubuntu-latest\n    permissions:\n      id-token: write\n      contents: read\n    outputs:\n      image_tag: ${{ steps.build.outputs.image_tag }}\n    steps:\n      - uses: actions/checkout@v4\n\n      - name: Bump version\n        id: bump\n        uses: jawaracloud/composite-workflows/semver-bump@main\n        with:\n          push_tag: 'true'\n          commit_and_push: 'true'\n          checkout: 'false'\n\n      - name: Build \u0026 push image\n        id: build\n        uses: jawaracloud/composite-workflows/build-push-image@main\n        with:\n          img_name: api\n          ecr_registry: ${{ secrets.ECR_REGISTRY }}\n          aws_region: ap-southeast-1\n          aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}\n          checkout: 'false'\n\n      - name: Scan image\n        uses: jawaracloud/composite-workflows/security-scan@main\n        with:\n          scan_type: image\n          image_ref: ${{ steps.build.outputs.image_tag }}\n\n  deploy:\n    needs: build\n    runs-on: ubuntu-latest\n    steps:\n      - name: Deploy to Kubernetes\n        id: deploy\n        uses: jawaracloud/composite-workflows/k8s-deploy@main\n        with:\n          kube_config: ${{ secrets.KUBE_CONFIG }}\n          namespace: production\n          deployment_name: api\n          container_name: api\n          image_tag: ${{ needs.build.outputs.image_tag }}\n\n      - name: Notify Slack\n        if: always()\n        uses: jawaracloud/composite-workflows/slack-notify@main\n        with:\n          webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}\n          status: ${{ job.status }}\n          message: 'Deploy ${{ job.status }} — ${{ needs.build.outputs.image_tag }}'\n          commit_sha: ${{ github.sha }}\n          repo: ${{ github.repository }}\n          workflow_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n```\n\n---\n\n## Required Secrets Reference\n\n| Workflow | Secrets needed |\n|---|---|\n| `build-push-image` | `ECR_REGISTRY`, `AWS_ROLE_ARN` |\n| `deploy-docker` | `SSH_KEY`, `SSH_HOST`, `ECR_REGISTRY` |\n| `k8s-deploy` | `KUBE_CONFIG` |\n| `helm-deploy` | `KUBE_CONFIG` |\n| `terraform` | Cloud provider credentials (OIDC recommended) |\n| `slack-notify` | `SLACK_WEBHOOK_URL` |\n\n---\n\n## Contributing\n\nEach workflow lives in its own directory:\n```\n\u003cworkflow-name\u003e/\n├── action.yaml   # composite action definition\n└── README.md     # full documentation with quick start + examples\n```\n\nTo add a workflow: create a directory, add `action.yaml` and `README.md` following the existing patterns, then update this README.\n\n---\n\nMIT License — Maintained by **Jawara Cloud**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjawaracloud%2Fcomposite-workflows","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjawaracloud%2Fcomposite-workflows","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjawaracloud%2Fcomposite-workflows/lists"}