https://github.com/ckotzbauer/actions-toolkit
Reusable Actions and Workflows for my personal projects
https://github.com/ckotzbauer/actions-toolkit
actions github-actions workflow
Last synced: 3 months ago
JSON representation
Reusable Actions and Workflows for my personal projects
- Host: GitHub
- URL: https://github.com/ckotzbauer/actions-toolkit
- Owner: ckotzbauer
- License: mit
- Created: 2021-12-18T14:05:53.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2026-03-26T18:53:01.000Z (3 months ago)
- Last Synced: 2026-03-27T07:53:08.029Z (3 months ago)
- Topics: actions, github-actions, workflow
- Homepage:
- Size: 2.01 MB
- Stars: 2
- Watchers: 1
- Forks: 2
- Open Issues: 11
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Actions-Toolkit
> Reusable Actions and Workflows for my personal projects.
All actions and reusable workflows are designed with transparency and security in mind and can be combined as needed. There are actions for different software ecosystems and languages.
## Versioning
The same immutable git-tag is used for all actions and workflows when they are released. There are no floating-tags for this repository available. The versions are semver based. Third-party actions used internally are referenced with git-sha to prevent unexpected updates and ensure the build-system is reproducible.
## Workflows
| Name | Description |
| ------------------------------------------------------------------------ | ----------- |
| [Build and test](.github/workflows/toolkit-build-test.yml) | Builds and tests a project with different technologies and tools. |
| [Lint](.github/workflows/toolkit-lint.yml) | Lints and checks a project with different technologies and tools. |
| [Release OCI](.github/workflows/toolkit-release-oci.yml) | Releases a OCI-Image project with optional Signing (Cosign), SBOM, SLSA provenance generation, Changelog and a GitHub release. |
| [Release GoReleaser](.github/workflows/toolkit-release-goreleaser.yml) | Releases a GoReleaser project with a OCI-Image, optional signing (Cosign), SBOM, SLSA provenance generation, Changelog and a GitHub release. |
| [Release Node.js](.github/workflows/toolkit-release-nodejs.yml) | Releases a Node.js project with an optional OCI-Image, NPM-Package, OCI-Signing (Cosign), SBOM, SLSA provenance generation, Changelog and a GitHub release. |
| [Code Review](.github/workflows/toolkit-review.yml) | AI-powered code review for pull requests using Claude via OpenRouter. |
| [Scan Snyk](.github/workflows/toolkit-scan-snyk.yml) | Scans a project with Snyk. |
| [SLSA-Provenance](slsa-provenance/README.md) | Generates a provenance-file from artifacts (SLSA Level 1). It can be optionally signed and attested with Cosign (SLSA Level 2). |
## Actions
| Name | Description |
| ------------------------------------------------------------------------ | ----------- |
| [Docker](docker/README.md) | Creates a OCI-Image with multi-arch support. It can be signed with Cosign optionally. |
| [Grype](grype/README.md) | Scans a target for vulnerabilities with grype. |
| [Push-Release](push-release/README.md) | Commits and pushes possible changes and creates a GitHub-Release. |
| [SBOM](sbom/README.md) | Creates SBOMs from OCI-Images. They can be optionally signed and attested with Cosign. |
| [Setup-Syft](setup-syft/README.md) | Installs the syft binary. |
## Contributing
Please refer to the [Contribution guildelines](https://github.com/ckotzbauer/.github/blob/main/CONTRIBUTING.md).
## Code of conduct
Please refer to the [Conduct guildelines](https://github.com/ckotzbauer/.github/blob/main/CODE_OF_CONDUCT.md).
## Security
Please refer to the [Security process](https://github.com/ckotzbauer/.github/blob/main/SECURITY.md).