An open API service indexing awesome lists of open source software.

https://github.com/dnlopes/reusable.workflows

A set of reusable GitHub Workflows
https://github.com/dnlopes/reusable.workflows

exclude-from-reconciliation github-actions managed-by-terraform workflows

Last synced: 3 months ago
JSON representation

A set of reusable GitHub Workflows

Awesome Lists containing this project

README

          

# Reusable GitHub Workflows

Standardized CI/CD pipelines for your repositories. Drop-in workflows for Golang, Python, Terraform/OpenTofu, Docker, and security scanning.

## Features

- **Multi-language CI** - Pre-built pipelines for Go, Python, Terraform/OpenTofu
- **Docker integration** - Build and push to AWS ECR with OIDC authentication
- **Security scanning** - Trivy vulnerability scanning with PR comments
- **Quality gates** - Pre-commit hooks, semantic PR validation, code coverage
- **Automated releases** - Semantic versioning with conventional commits
- **Monorepo support** - Run workflows in subdirectories via inputs

## Quick Start

Add a workflow file to your repository:

```yaml
# .github/workflows/ci.yml
name: CI
on: [pull_request]

jobs:
golang:
uses: dnlopes/github-workflows/.github/workflows/golang.yaml@v1
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
```

## Available Workflows

| Workflow | Purpose | Required Secrets |
|----------|---------|------------------|
| `golang.yaml` | Build, test, lint, coverage | `CODECOV_TOKEN` (optional) |
| `python.yaml` | Unit tests, coverage | `CODECOV_TOKEN` (optional) |
| `terraform.yaml` | Validate, plan, apply, destroy | AWS OIDC credentials |
| `docker-build-push.yaml` | Build and push to ECR | AWS OIDC credentials |
| `trivy-scan.yaml` | Security vulnerability scanning | None |
| `semantic-pr.yaml` | Enforce semantic PR titles | None |
| `pre-commit-hooks.yaml` | Run pre-commit hooks | None |

## Usage Examples

### Golang Project

```yaml
jobs:
ci:
uses: dnlopes/github-workflows/.github/workflows/golang.yaml@v1
with:
goVersion: "1.22"
golangProjectDir: "."
buildCommand: "make build"
testCommand: "make test"
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
```

### Python Project

```yaml
jobs:
ci:
uses: dnlopes/github-workflows/.github/workflows/python.yaml@v1
with:
pythonVersion: "3.12"
setupCommand: "pip install -e .[dev]"
testCommand: "pytest --cov"
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
```

### Terraform Plan

```yaml
jobs:
plan:
uses: dnlopes/github-workflows/.github/workflows/terraform.yaml@v1
with:
action: plan
workspace: production
tfVarsFile: environments/prod.tfvars
awsRegion: us-east-1
awsRoleArn: arn:aws:iam::123456789:role/terraform
```

### Security Scanning

```yaml
jobs:
security:
uses: dnlopes/github-workflows/.github/workflows/trivy-scan.yaml@v1
with:
scanDirectory: "."
```

### Semantic PR Validation

```yaml
jobs:
validate:
uses: dnlopes/github-workflows/.github/workflows/semantic-pr.yaml@v1
```

## Version Pinning

Reference workflows using semantic versioning:

- `@v1` - Major version (recommended, receives minor/patch updates)
- `@v1.2` - Minor version (receives patch updates only)
- `@v1.2.3` - Exact version (pinned, no automatic updates)

## Prerequisites

- **All workflows**: GitHub Actions enabled in your repository
- **Coverage workflows**: `CODECOV_TOKEN` secret configured
- **AWS workflows**: OIDC trust relationship between GitHub and AWS
- **Terraform**: IAM role ARN and tfvars file in repository

## Documentation

- [Architecture](docs/architecture.md) - System design and components
- [Domain](docs/domain.md) - Terminology and business rules
- [Patterns](docs/patterns.md) - Code conventions and examples
- [Development](docs/development.md) - Contributing guidelines

## License

MIT