Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ckotzbauer/actions-toolkit

Reusable Actions and Workflows for my personal projects
https://github.com/ckotzbauer/actions-toolkit

actions github-actions workflow

Last synced: about 1 month ago
JSON representation

Reusable Actions and Workflows for my personal projects

Awesome Lists containing this project

README 

        

# Actions-Toolkit



> Reusable Actions and Workflows for my personal projects.



All actions and reusable workflows are designed with transparency and security in mind and can be combined as needed. There are actions for different software ecosystems and languages.



## Versioning



The same immutable git-tag is used for all actions and workflows when they are released. There are no floating-tags for this repository available. The versions are semver based. Third-party actions used internally are referenced with git-sha to prevent unexpected updates and ensure the build-system is reproducible.



## Workflows



| Name                                                                     | Description |

| ------------------------------------------------------------------------ | ----------- |

| [Build and test](.github/workflows/toolkit-build-test.yml)   | Builds and tests a project with different technologies and tools. |

| [Create default labels](.github/workflows/toolkit-create-default-labels.yml)          | Creates a specified set of labels from a config-file. |

| [Label issues](.github/workflows/toolkit-label-issues.yml)          | Labels issues and PRs by comment-commands. |

| [Lint](.github/workflows/toolkit-lint.yml)   | Lints and checks a project with different technologies and tools. |

| [Release OCI](.github/workflows/toolkit-release-oci.yml)                 | Releases a OCI-Image project with optional Signing (Cosign), SBOM, SLSA provenance generation, Changelog and a GitHub release. |

| [Release GoReleaser](.github/workflows/toolkit-release-goreleaser.yml)   | Releases a GoReleaser project with a OCI-Image, optional signing (Cosign), SBOM, SLSA provenance generation, Changelog and a GitHub release. |

| [Release Node.js](.github/workflows/toolkit-release-nodejs.yml)          | Releases a Node.js project with an optional OCI-Image, NPM-Package, OCI-Signing (Cosign), SBOM, SLSA provenance generation, Changelog and a GitHub release. |

| [Scan Snyk](.github/workflows/toolkit-scan-snyk.yml)          | Scans a project with Snyk. |

| [Size Label](.github/workflows/toolkit-size-label.yml)          | Assignes Size-Labels to PRs. |

| [Stale](.github/workflows/toolkit-stale.yml)          | Closes stale issues and PRs. |

| [SLSA-Provenance](slsa-provenance/README.md) | Generates a provenance-file from artifacts (SLSA Level 1). It can be optionally signed and attested with Cosign (SLSA Level 2). |



## Actions



| Name                                                                     | Description |

| ------------------------------------------------------------------------ | ----------- |

| [Docker](docker/README.md)   | Creates a OCI-Image with multi-arch support. It can be signed with Cosign optionally. |

| [Grype](grype/README.md)   | Scans a target for vulnerabilities with grype. |

| [Push-Release](push-release/README.md)   | Commits and pushes possible changes and creates a GitHub-Release. |

| [SBOM](sbom/README.md)   | Creates SBOMs from OCI-Images. They can be optionally signed and attested with Cosign. |

| [Setup-Syft](setup-syft/README.md)   | Installs the syft binary. |



## Contributing



Please refer to the [Contribution guildelines](https://github.com/ckotzbauer/.github/blob/main/CONTRIBUTING.md).



## Code of conduct



Please refer to the [Conduct guildelines](https://github.com/ckotzbauer/.github/blob/main/CODE_OF_CONDUCT.md).



## Security



Please refer to the [Security process](https://github.com/ckotzbauer/.github/blob/main/SECURITY.md).