{"id":49416323,"url":"https://github.com/parthalon025/ci-workflows","last_synced_at":"2026-04-29T03:08:48.204Z","repository":{"id":346055734,"uuid":"1188199827","full_name":"parthalon025/ci-workflows","owner":"parthalon025","description":"Reusable GitHub Actions workflows — CI templates, cross-repo health monitoring, drift detection, and automated deployment.","archived":false,"fork":false,"pushed_at":"2026-04-03T05:33:03.000Z","size":49,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-03T13:27:21.298Z","etag":null,"topics":["automation","ci-cd","devops","github-actions","reusable-workflows","shell"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/parthalon025.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-21T18:47:26.000Z","updated_at":"2026-04-03T05:33:06.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/parthalon025/ci-workflows","commit_stats":null,"previous_names":["parthalon025/ci-workflows"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/parthalon025/ci-workflows","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/parthalon025%2Fci-workflows","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/parthalon025%2Fci-workflows/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/parthalon025%2Fci-workflows/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/parthalon025%2Fci-workflows/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/parthalon025","download_url":"https://codeload.github.com/parthalon025/ci-workflows/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/parthalon025%2Fci-workflows/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32408504,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T02:37:21.628Z","status":"ssl_error","status_checked_at":"2026-04-29T02:36:50.947Z","response_time":110,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","ci-cd","devops","github-actions","reusable-workflows","shell"],"created_at":"2026-04-29T03:08:47.391Z","updated_at":"2026-04-29T03:08:48.196Z","avatar_url":"https://github.com/parthalon025.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ci-workflows\n\n## What\n\nCentralized, reusable GitHub Actions workflows that provide standardized CI/CD across 24+ repositories. One repo to rule them all — change a workflow here, every consumer gets the update on their next CI run.\n\n## Background\n\nManaging CI/CD across 30+ repos led to configuration drift, redundant tooling (MegaLinter + Codety + SonarCloud doing the same job), and repos with zero CI. Inspired by DO-178C's Development Assurance Levels (aerospace software certification), this project applies **tiered criticality** — not all code deserves the same rigor.\n\nThree tiers:\n\n| Tier | What it covers | Pipeline |\n|------|---------------|----------|\n| **1: Production** | Running services, public packages | Lint + Test + Security + CodeQL + Nightly Deep Scan + AI Review + Release |\n| **2: Active Dev** | Repos with tests, under development | Lint + Test + Security + Release |\n| **3: Minimal** | Config-only, low-activity repos | Security scan + Dependabot |\n\n## Why\n\n- **One update, 24 repos.** Reusable workflows mean workflow logic lives here, not copy-pasted into every repo.\n- **Tiered rigor saves CI minutes** while giving production code the scrutiny it deserves.\n- **Supply chain security.** All third-party actions are SHA-pinned after the `tj-actions/changed-files` attack compromised 200+ repos in 2025.\n- **Observable.** Cross-repo CI health dashboard with Telegram alerts. Nightly drift detection catches configuration divergence.\n\n## Info\n\n### Reusable Workflows (12)\n\n| Workflow | Purpose |\n|----------|---------|\n| `reusable-lint-python` | ruff check + format + pip-audit |\n| `reusable-lint-node` | npm lint + format:check |\n| `reusable-test-python` | pytest with coverage, markers, codecov |\n| `reusable-test-node` | npm test with optional build step |\n| `reusable-test-custom` | Arbitrary test command (shell, bats, make) |\n| `reusable-security` | Gitleaks full-history secret scan |\n| `reusable-codeql` | GitHub CodeQL SAST analysis |\n| `reusable-release` | Release Please automated versioning |\n| `reusable-nightly` | Deep scan: dep audit + full tests + secrets + CodeQL |\n| `reusable-claude-review` | AI code review via Claude Code Action |\n| `reusable-deploy` | Tailscale SSH deploy with manual approval gate |\n\n### Consumer Usage\n\nConsumer repos call workflows with thin caller files (~15 lines):\n\n```yaml\n# .github/workflows/ci.yml in any consumer repo\njobs:\n  lint:\n    uses: parthalon025/ci-workflows/.github/workflows/reusable-lint-python.yml@v1\n    secrets: inherit\n  test:\n    needs: lint\n    uses: parthalon025/ci-workflows/.github/workflows/reusable-test-python.yml@v1\n    secrets: inherit\n```\n\n### Deployment\n\n`ci-sweep.sh` stamps the correct caller template into consumer repos:\n\n```bash\nscripts/ci-sweep.sh --repo my-project          # deploy based on TIER-ASSIGNMENTS.md\nscripts/ci-sweep.sh --repo my-project --dry-run # preview changes\nscripts/ci-sweep.sh --all                       # sweep all 24 repos\nscripts/ci-sweep.sh --verify-only --all         # check for drift\nscripts/ci-sweep.sh --secrets --all             # bootstrap GitHub secrets\n```\n\n### Versioning\n\n- `@v1` — floating tag, latest stable. All consumers pin here.\n- `@v1.x.y` — immutable point releases for auditability.\n- Self-test CI must pass before any tag is created.\n\n## So What\n\nThis system replaces ad-hoc, inconsistent CI across 30+ repos with a single source of truth. The result:\n\n- **Zero-CI repos eliminated.** Every active repo now has at least security scanning.\n- **Heavy tooling removed.** MegaLinter, Codety, and SonarCloud replaced with lightweight, fully-controlled ruff/eslint + CodeQL.\n- **Aerospace-grade discipline at indie scale.** Tiered criticality, configuration control (drift detection), and self-testing CI infrastructure — patterns from DO-178C and SpaceX's SITL/HITL/VITL pyramid, adapted for a solo developer.\n\n## Next Steps\n\n- **Add a repo:** Edit `docs/TIER-ASSIGNMENTS.md`, run `ci-sweep.sh --repo \u003cname\u003e`\n- **Promote a repo:** Change tier in `TIER-ASSIGNMENTS.md`, re-run `ci-sweep.sh`\n- **Troubleshoot:** See `docs/RUNBOOK.md` for break-glass rollback, secret rotation, and CI health investigation\n- **Design doc:** Full architecture and research at `docs/plans/2026-03-21-cicd-devops-pipeline-design.md` (in the Documents workspace)\n\n---\n\nBuilt with research from NASA JPL Power of Ten, DO-178C DAL framework, SpaceX SITL/HITL/VITL testing pyramid, and Google/Meta/Stripe CI infrastructure patterns.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fparthalon025%2Fci-workflows","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fparthalon025%2Fci-workflows","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fparthalon025%2Fci-workflows/lists"}