Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/fwesleycosta/reusable-actions

Repository where all pipelines will be stored for reuse in other projects
https://github.com/fwesleycosta/reusable-actions

docker sonarqube terraform trivy

Last synced: about 8 hours ago
JSON representation

Repository where all pipelines will be stored for reuse in other projects

Host: GitHub
URL: https://github.com/fwesleycosta/reusable-actions
Owner: FWesleycosta
License: mit
Created: 2024-08-19T22:57:32.000Z (about 1 month ago)
Default Branch: main
Last Pushed: 2024-08-26T17:55:55.000Z (about 1 month ago)
Last Synced: 2024-09-27T13:21:26.894Z (about 8 hours ago)
Topics: docker, sonarqube, terraform, trivy
Homepage:
Size: 58.6 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        # Reusable GitHub Actions Workflows

[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://GitHub.com/Naereen/StrapDown.js/graphs/commit-activity)

[![MIT License](https://img.shields.io/badge/License-MIT-blue.svg)](https://lbesson.mit-license.org/)

[![Terraform](https://img.shields.io/badge/Terraform-v1.7.5+-623CE4?logo=terraform)](https://img.shields.io/badge/Terraform-v1.0.0+-623CE4?logo=terraform)

[![GitHub Actions](https://img.shields.io/badge/GitHub%20Actions-v2+-2088FF?logo=github)](https://img.shields.io/badge/GitHub%20Actions-v2+-2088FF?logo=github)

[![Trivy](https://img.shields.io/badge/Trivy-v0.19.2+-35495E?logo=trivy)](https://img.shields.io/badge/Trivy-v0.19.2+-35495E?logo=trivy)

This repository contains a collection of reusable GitHub Actions workflows for automating CI/CD processes with Docker, ECR, Terraform, and security scanning with Trivy.

## Workflows

### Build and Push

File: `build-push-scan.yml`

This workflow is responsible for building, pushing, and scanning a Docker image. It checks if the ECR repository exists, logs in, builds the image, pushes it to ECR, and saves the image name as an artifact.

### ECR Repository Management

File: `create-repository-elastic-container-registry.yml`

This workflow manages ECR repositories using Terraform. It initializes Terraform, configures AWS credentials, plans, and applies changes to the ECR repository.

### Terraform Deploy

File: `terraform-deploy.yml`

This workflow is used for deploying infrastructure using Terraform. It downloads the Docker image name, configures AWS credentials, initializes and applies the Terraform plan, and sends notifications to Slack.

### Trivy Scan

File: `trivy.yml`

This workflow scans Docker images for vulnerabilities using Trivy. It downloads the Docker image name, configures AWS credentials, logs into ECR, and runs the scan with Trivy.

### SonarQube Scan

File: `sonarqube.yml`

This workflow scans code quality using SonarQube. It configures the SonarQube scanner, runs the scan, and sends the results to SonarQube.

### Create Pull Request

File: `create-pull-request.yml`

This workflow creates a pull request using the GitHub API. It configures the pull request title, body, and branch name.

## Usage

To use the workflows, add the following code to your main workflow:

```yaml

jobs:

  build-push-scan:

    uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]

    secrets:

      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}

      AWS_REGION: ${{ secrets.AWS_REGION }}

      ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}

  create-repository-elastic-container-registry:

    uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]

    secrets:

      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}

      AWS_REGION: ${{ secrets.AWS_REGION }}

      ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}

      WORKING_DIRECTORY: ${{ secrets.WORKING_DIRECTORY }}

      DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}

      TF_BACKEND_KEY: ${{ secrets.TF_BACKEND_KEY }}

      TF_BACKEND_REGION: ${{ secrets.TF_BACKEND_REGION }}

      TF_BACKEND_BUCKET: ${{ secrets.TF_BACKEND_BUCKET }}

  terraform-deploy:

    uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]

    with:

      environment: 'Development' <- Change to 'Production' for production

    secrets:

      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_PRD }}

      AWS_REGION: ${{ secrets.AWS_REGION }}

      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_PRD }}

      ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}

      DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}

      WORKING_DIRECTORY: ${{ secrets.WORKING_DIRECTORY }}

      TF_BACKEND_KEY: ${{ secrets.TF_BACKEND_KEY }}

      TF_BACKEND_REGION: ${{ secrets.TF_BACKEND_REGION }}

      TF_BACKEND_BUCKET: ${{ secrets.PROD_TF_BACKEND_BUCKET }}

      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }}

  trivy-scan:

    uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]

    secrets:

      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}

      AWS_REGION: ${{ secrets.AWS_REGION }}

  sonarqube-scan:

    uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]

    secrets:

      SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}

      SONAR_HOST_URL: ${{ secrets.SONARQUBE_URL }}

  create-pull-request:

    uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]

    secrets:

      with:

        destination_branch: 'main'