https://github.com/isweluiz/github-actions-reusable-workflows
https://github.com/isweluiz/github-actions-reusable-workflows
Last synced: 25 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/isweluiz/github-actions-reusable-workflows
- Owner: isweluiz
- License: apache-2.0
- Created: 2023-12-21T17:42:40.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-12-21T17:42:42.000Z (over 1 year ago)
- Last Synced: 2025-03-26T23:43:18.851Z (about 1 month ago)
- Language: Makefile
- Size: 32.2 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# github-actions-workflows [](https://github.com/cloudposse/github-actions-workflows/releases/latest) [](https://slack.cloudposse.com)
[![README Header][readme_header_img]][readme_header_link]
[![Cloud Posse][logo]](https://cpco.io/homepage)
General purpose reusable Github Action workflows
---
This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps.
[
][share_email]
[
][share_googleplus]
[
][share_facebook]
[
][share_reddit]
[
][share_linkedin]
[
][share_twitter]
It's 100% Open Source and licensed under the [APACHE2](LICENSE).
## Introduction
Use provided [GitHub Actions reusable workflows](https://docs.github.com/en/actions/using-workflows/reusing-workflows)
to implement consistent release workflow for Github Actions repositories across your organization.
Avoid duplication and simplify maintain of the workflows.
## Workflows
| Name | Description |
|------|-------------|
| [CD - Deploy to EKS with ArgoCD and Helmfile](#cd---deploy-to-eks-with-argocd-and-helmfile) | Deploy Docker image to EKS with ArgoCD and Helmfile |
| [CD - Deploy to ECS with Spacelift](#cd---deploy-to-ecs-with-spacelift) | Deploy Docker image to ECS with Spacelift |
| [CD - Deploy to EKS with Helmfile](#cd---deploy-to-eks-with-helmfile) | Deploy Docker image to EKS with Helmfile |
| [CD - Deploy to EKS Preview envs with Helmfile](#cd---deploy-to-eks-preview-envs-with-helmfile) | Deploy Docker image to ECS Preview envs with Helmfile |
| [CD - Deploy to ECS QA/Preview envs with Spacelift](#cd---deploy-to-ecs-qapreview-envs-with-spacelift) | Deploy Docker image to ECS QA/Preview envs with Spacelift |
| [CD - Deploy to EKS Preview envs with Helmfile](#cd---deploy-to-eks-preview-envs-with-helmfile) | Deploy Docker image to ECS Preview envs with Helmfile |
| [CI - Codeowners](#ci---codeowners) | Validate CODEOWNERS and suggest changes |
| [CI - Build Docker image](#ci---build-docker-image) | Build Docker image and push it to ECR |
| [CI - Promote or build Docker image](#ci---promote-or-build-docker-image) | Promote or build Docker image and push it to ECR |
| [CI - Promote Docker image ](#ci---promote-docker-image) | Promote Docker image to specific version tag and push it to ECR |
| [CI - Verify Docker image exists](#ci---verify-docker-image-exists) | Verify Docker image exists on ECR |
| [CI - Readme](#ci---readme) | Validate README.yaml, README.md and suggest changes |
| [CI - Terraform ChatOps](#ci---terraform-chatops) | Trigger terraform tests using ChatOps |
| [CI - Terraform](#ci---terraform) | Lint, format and validate terraform code |
| [CI - Check dist Directory](#ci---check-dist-directory) | This workflow helps ensure that generated contents of the `dist` directory matches the output of the `yarn build` |
| [Controller - Draft release](#controller---draft-release) | Create or update draft release |
| [Controller - Reingtegrate hotfix branch](#controller---reingtegrate-hotfix-branch) | Create PR into `target\_branch` to reintegrate hotfix from current branch |
| [Controller - Create Release branch](#controller---create-release-branch) | Create `release/{version}` branch for the release |
| [Controller - Create hotfix release](#controller---create-hotfix-release) | Create next patch version release |
| [Controller - Labels](#controller---labels) | Label a pull request with one or more labels |
| [Controller - Monorepo Controller](#controller---monorepo-controller) | Mocked monorepo controller that outputs list of applications, lists of apps with and without changes. |
| [Controller - Release](#controller---release) | Create a github release |
| [Scheduled Context](#scheduled-context) | Scheduled update of context.tf and related docs |
| [Scheduled Readme](#scheduled-readme) | Scheduled update of readme.md |
## CD - Deploy to EKS with ArgoCD and Helmfile
Deploy Docker image to EKS with ArgoCD and Helmfile
### Usage
```yaml
name: Deploy
on:
push:
branches: [ main ]
jobs:
cd:
uses: cloudposse/github-actions-workflows/.github/workflows/cd-argocd.yml@main
with:
image: registry.hub.docker.com/library/nginx
tag: latest
repository: ${{ github.event.repository.name }}
environment: dev
secrets:
secret-outputs-passphrase: ${{ secrets.secret-outputs-passphrase }}
github-private-actions-pat: ${{ secrets.github-private-actions-pat }}
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| environment | Environment name deploy to | string | N/A | true |
| image | Docker Image to deploy | string | N/A | true |
| organization | Repository owner organization (ex. acme for repo acme/example) | string | N/A | true |
| repository | Repository name (ex. example for repo acme/example) | string | N/A | true |
| synchronously | Wait until ArgoCD successfully apply the changes | boolean | false | false |
| tag | Docker Image tag to deploy | string | N/A | true |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| github-private-actions-pat | Github PAT allow to pull private repos | true |
| secret-outputs-passphrase | Passphrase to encrypt/decrypt secret outputs with gpg. For more information [read](https://github.com/cloudposse/github-action-secret-outputs) | true |
## CD - Deploy to ECS with Spacelift
Deploy Docker image to ECS with Spacelift
### Usage
```yaml
name: Deploy
on:
push:
branches: [ main ]
jobs:
cd:
uses: cloudposse/github-actions-workflows/.github/workflows/cd-ecs.yml@main
with:
image: registry.hub.docker.com/library/nginx
tag: latest
repository: ${{ github.event.repository.name }}
environment: dev
spacelift-organization: ${{ inputs.spacelift-organization }}
secrets:
secret-outputs-passphrase: "${{ secrets.secret-outputs-passphrase }}"
github-private-actions-pat: "${{ secrets.github-private-actions-pat }}"
spacelift-api-key-id: "${{ secrets.spacelift-api-key-id }}"
spacelift-api-key-secret: "${{ secrets.spacelift-api-key-secret }}"
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| app | Application name. Used with monorepo pattern when there are several applications in the repo | string | N/A | false |
| environment | Environment name deploy to | string | N/A | true |
| image | Docker Image to deploy | string | N/A | true |
| matrix-key | Matrix key - matrix output workaround. [Read more](https://github.com/cloudposse/github-action-matrix-outputs-write#introduction) | string | N/A | false |
| matrix-step-name | Matrix step name - matrix output workaround. [Read more](https://github.com/cloudposse/github-action-matrix-outputs-write#introduction) | string | N/A | false |
| repository | Repository name (ex. example for repo acme/example) | string | N/A | true |
| spacelift-organization | Spacelift organization name | string | N/A | true |
| tag | Docker Image tag to deploy | string | N/A | true |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| github-private-actions-pat | Github PAT allow to pull private repos | true |
| secret-outputs-passphrase | Passphrase to encrypt/decrypt secret outputs with gpg. For more information [read](https://github.com/cloudposse/github-action-secret-outputs) | true |
| spacelift-api-key-id | Spacelift API Key ID | true |
| spacelift-api-key-secret | Spacelift API Key Secret | true |
## CD - Deploy to EKS with Helmfile
Deploy Docker image to EKS with Helmfile
### Usage
```yaml
name: Deploy
on:
push:
branches: [ main ]
jobs:
cd:
uses: cloudposse/github-actions-workflows/.github/workflows/cd-helmfile.yml@main
with:
image: registry.hub.docker.com/library/nginx
tag: latest
repository: ${{ github.event.repository.name }}
environment: dev
secrets:
secret-outputs-passphrase: ${{ secrets.secret-outputs-passphrase }}
github-private-actions-pat: ${{ secrets.github-private-actions-pat }}
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| environment | Environment name deploy to | string | N/A | true |
| image | Docker Image to deploy | string | N/A | true |
| repository | Repository name (ex. example for repo acme/example) | string | N/A | true |
| tag | Docker Image tag to deploy | string | N/A | true |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| github-private-actions-pat | Github PAT allow to pull private repos | true |
| secret-outputs-passphrase | Passphrase to encrypt/decrypt secret outputs with gpg. For more information [read](https://github.com/cloudposse/github-action-secret-outputs) | true |
## CD - Deploy to EKS Preview envs with Helmfile
Deploy Docker image to ECS Preview envs with Helmfile
### Usage
```yaml
name: Feature Branch
on:
pull_request:
branches: [ 'master' ]
types: [opened, synchronize, reopened, closed, labeled, unlabeled]
jobs:
cd:
uses: cloudposse/github-actions-workflows/.github/workflows/cd-preview-helmfile.yml@main
if: ${{ always() }}
with:
image: registry.hub.docker.com/library/nginx
tag: latest
repository: ${{ github.event.repository.name }}
open: ${{ github.event.pull_request.state == 'open' }}
labels: ${{ toJSON(github.event.pull_request.labels.*.name) }}
ref: ${{ github.event.pull_request.head.ref }}
exclusive: false
env-label: |
preview: deploy
secrets:
secret-outputs-passphrase: ${{ secrets.secret-outputs-passphrase }}
github-private-actions-pat: ${{ secrets.github-private-actions-pat }}
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| env-label | YAML formatted {environment}: {label} map | string | preview: deploy
| false |
| exclusive | Deactivate previous GitHub deployments | boolean | true | false |
| image | Docker Image to deploy | string | N/A | true |
| labels | Pull Request labels | string | {} | false |
| open | Pull Request open/close state. Set true if opened | boolean | N/A | true |
| organization | Repository owner organization (ex. acme for repo acme/example) | string | N/A | true |
| ref | The fully-formed ref of the branch or tag that triggered the workflow run | string | N/A | true |
| repository | Repository name (ex. example for repo acme/example) | string | N/A | true |
| synchronously | Wait until ArgoCD successfully apply the changes | boolean | false | false |
| tag | Docker Image tag to deploy | string | N/A | true |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| github-private-actions-pat | Github PAT allow to pull private repos | true |
| secret-outputs-passphrase | Passphrase to encrypt/decrypt secret outputs with gpg. For more information [read](https://github.com/cloudposse/github-action-secret-outputs) | true |
## CD - Deploy to ECS QA/Preview envs with Spacelift
Deploy Docker image to ECS QA/Preview envs with Spacelift
### Usage
```yaml
name: Feature Branch
on:
pull_request:
branches: [ 'master' ]
types: [opened, synchronize, reopened, closed, labeled, unlabeled]
jobs:
cd:
uses: cloudposse/github-actions-workflows/.github/workflows/cd-preview-ecs.yml@main
if: ${{ always() }}
with:
image: registry.hub.docker.com/library/nginx
tag: latest
repository: ${{ github.event.repository.name }}
spacelift-organization: ${{ inputs.spacelift-organization }}
open: ${{ github.event.pull_request.state == 'open' }}
labels: ${{ toJSON(github.event.pull_request.labels.*.name) }}
ref: ${{ github.event.pull_request.head.ref }}
exclusive: true
env-label: |
qa1: deploy/qa1
qa2: deploy/qa2
qa3: deploy/qa3
qa4: deploy/qa4
secrets:
secret-outputs-passphrase: ${{ secrets.secret-outputs-passphrase }}
github-private-actions-pat: ${{ secrets.github-private-actions-pat }}
spacelift-api-key-id: "${{ secrets.spacelift-api-key-id }}"
spacelift-api-key-secret: "${{ secrets.spacelift-api-key-secret }}"
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| app | Application name. Used with monorepo pattern when there are several applications in the repo | string | N/A | false |
| env-label | YAML formatted {environment}: {label} map | string | preview: deploy
| false |
| exclusive | Deactivate previous GitHub deployments | boolean | true | false |
| image | Docker Image to deploy | string | N/A | true |
| labels | Pull Request labels | string | {} | false |
| matrix-key | Matrix key - matrix output workaround. [Read more](https://github.com/cloudposse/github-action-matrix-outputs-write#introduction) | string | N/A | false |
| matrix-step-name | Matrix step name - matrix output workaround. [Read more](https://github.com/cloudposse/github-action-matrix-outputs-write#introduction) | string | N/A | false |
| open | Pull Request open/close state. Set true if opened | boolean | N/A | true |
| ref | The fully-formed ref of the branch or tag that triggered the workflow run | string | N/A | true |
| repository | Repository name (ex. example for repo acme/example) | string | N/A | true |
| spacelift-organization | Spacelift organization name | string | N/A | true |
| tag | Docker Image tag to deploy | string | N/A | true |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| github-private-actions-pat | Github PAT allow to pull private repos | true |
| secret-outputs-passphrase | Passphrase to encrypt/decrypt secret outputs with gpg. For more information [read](https://github.com/cloudposse/github-action-secret-outputs) | true |
| spacelift-api-key-id | Spacelift API Key ID | true |
| spacelift-api-key-secret | Spacelift API Key Secret | true |
## CD - Deploy to EKS Preview envs with Helmfile
Deploy Docker image to ECS Preview envs with Helmfile
### Usage
```yaml
name: Feature Branch
on:
pull_request:
branches: [ 'master' ]
types: [opened, synchronize, reopened, closed, labeled, unlabeled]
jobs:
cd:
uses: cloudposse/github-actions-workflows/.github/workflows/cd-preview-helmfile.yml@main
if: ${{ always() }}
with:
image: registry.hub.docker.com/library/nginx
tag: latest
repository: ${{ github.event.repository.name }}
open: ${{ github.event.pull_request.state == 'open' }}
labels: ${{ toJSON(github.event.pull_request.labels.*.name) }}
ref: ${{ github.event.pull_request.head.ref }}
exclusive: false
env-label: |
preview: deploy
secrets:
secret-outputs-passphrase: ${{ secrets.secret-outputs-passphrase }}
github-private-actions-pat: ${{ secrets.github-private-actions-pat }}
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| env-label | YAML formatted {environment}: {label} map | string | preview: deploy
| false |
| exclusive | Deactivate previous GitHub deployments | boolean | true | false |
| image | Docker Image to deploy | string | N/A | true |
| labels | Pull Request labels | string | {} | false |
| open | Pull Request open/close state. Set true if opened | boolean | N/A | true |
| ref | The fully-formed ref of the branch or tag that triggered the workflow run | string | N/A | true |
| repository | Repository name (ex. example for repo acme/example) | string | N/A | true |
| tag | Docker Image tag to deploy | string | N/A | true |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| github-private-actions-pat | Github PAT allow to pull private repos | true |
| secret-outputs-passphrase | Passphrase to encrypt/decrypt secret outputs with gpg. For more information [read](https://github.com/cloudposse/github-action-secret-outputs) | true |
## CI - Codeowners
Validate CODEOWNERS and suggest changes
### Usage
```yaml
name: Validate CODEOWNERS
on:
workflow_call:
jobs:
ci-codeowners:
uses: cloudposse/github-actions-workflows/.github/workflows/ci-codeowners-full.yml@main
with:
is_fork: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| is\_fork | Run workflow in fork mode (decreased permissions and features) | boolean | N/A | true |
| runs-on | Overrides job runs-on setting (json-encoded list) | string | ["ubuntu-latest"] | false |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| github\_access\_token | GitHub API token | false |
## CI - Build Docker image
Build Docker image and push it to ECR
### Usage
```yaml
name: Deploy
on:
push:
branches: [ main ]
jobs:
ci:
uses: cloudposse/github-actions-workflows/.github/workflows/ci-dockerized-app-build.yml@main
with:
organization: ${{ github.event.repository.owner.login }}
repository: ${{ github.event.repository.name }}
secrets:
ecr-region: ${{ secrets.ecr-region }}
ecr-iam-role: ${{ secrets.ecr-iam-role }}
registry: ${{ secrets.registry }}
secret-outputs-passphrase: ${{ secrets.secret-outputs-passphrase }}
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| organization | Repository owner organization (ex. acme for repo acme/example) | string | N/A | true |
| repository | Repository name (ex. example for repo acme/example) | string | N/A | true |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| ecr-iam-role | IAM Role ARN provide ECR write/read access | true |
| ecr-region | ECR AWS region | true |
| registry | ECR Docker registry | true |
| secret-outputs-passphrase | Passphrase to encrypt/decrypt secret outputs with gpg. For more information [read](https://github.com/cloudposse/github-action-secret-outputs) | true |
### Outputs
| Name | Description |
|------|-------------|
| image | Docker Image |
| tag | Docker image tag |
## CI - Promote or build Docker image
Promote or build Docker image and push it to ECR
### Usage
```yaml
name: Deploy
on:
push:
branches: [ main ]
jobs:
ci:
uses: cloudposse/github-actions-workflows/.github/workflows/ci-dockerized-app-promote-or-build.yml@main
with:
organization: ${{ github.event.repository.owner.login }}
repository: ${{ github.event.repository.name }}
force-build: false
secrets:
ecr-region: ${{ secrets.ecr-region }}
ecr-iam-role: ${{ secrets.ecr-iam-role }}
registry: ${{ secrets.registry }}
secret-outputs-passphrase: ${{ secrets.secret-outputs-passphrase }}
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| app | Application name. Used with monorepo pattern when there are several applications in the repo | string | N/A | true |
| force-build | Force build (skip promotion) | boolean | false | true |
| matrix-key | Matrix key - matrix output workaround. [Read more](https://github.com/cloudposse/github-action-matrix-outputs-write#introduction) | string | N/A | false |
| matrix-step-name | Matrix step name - matrix output workaround. [Read more](https://github.com/cloudposse/github-action-matrix-outputs-write#introduction) | string | N/A | false |
| organization | Repository owner organization (ex. acme for repo acme/example) | string | N/A | true |
| repository | Repository name (ex. example for repo acme/example) | string | N/A | true |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| ecr-iam-role | IAM Role ARN provide ECR write/read access | true |
| ecr-region | ECR AWS region | true |
| registry | ECR Docker registry | true |
| secret-outputs-passphrase | Passphrase to encrypt/decrypt secret outputs with gpg. For more information [read](https://github.com/cloudposse/github-action-secret-outputs) | true |
### Outputs
| Name | Description |
|------|-------------|
| image | Docker Image |
| tag | Docker image tag |
## CI - Promote Docker image
Promote Docker image to specific version tag and push it to ECR
### Usage
```yaml
name: Release
on:
release:
types: [published]
jobs:
ci:
uses: cloudposse/github-actions-workflows/.github/workflows/ci-dockerized-app-promote.yml@main
with:
organization: ${{ github.event.repository.owner.login }}
repository: ${{ github.event.repository.name }}
version: ${{ github.event.release.tag_name }}
secrets:
ecr-region: ${{ secrets.ecr-region }}
ecr-iam-role: ${{ secrets.ecr-iam-role }}
registry: ${{ secrets.registry }}
secret-outputs-passphrase: ${{ secrets.secret-outputs-passphrase }}
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| app | Application name. Used with monorepo pattern when there are several applications in the repo | string | N/A | false |
| matrix-key | Matrix key - matrix output workaround. [Read more](https://github.com/cloudposse/github-action-matrix-outputs-write#introduction) | string | N/A | false |
| matrix-step-name | Matrix step name - matrix output workaround. [Read more](https://github.com/cloudposse/github-action-matrix-outputs-write#introduction) | string | N/A | false |
| organization | Repository owner organization (ex. acme for repo acme/example) | string | N/A | true |
| repository | Repository name (ex. example for repo acme/example) | string | N/A | true |
| version | New version tag | string | N/A | true |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| ecr-iam-role | IAM Role ARN provide ECR write/read access | true |
| ecr-region | ECR AWS region | true |
| registry | ECR Docker registry | true |
| secret-outputs-passphrase | Passphrase to encrypt/decrypt secret outputs with gpg. For more information [read](https://github.com/cloudposse/github-action-secret-outputs) | true |
### Outputs
| Name | Description |
|------|-------------|
| image | Docker Image |
| tag | Docker image tag |
## CI - Verify Docker image exists
Verify Docker image exists on ECR
### Usage
```yaml
name: Release
on:
release:
types: [published]
jobs:
ci:
uses: cloudposse/github-actions-workflows/.github/workflows/ci-dockerized-app-verify.yml@main
with:
organization: ${{ github.event.repository.owner.login }}
repository: ${{ github.event.repository.name }}
version: ${{ github.event.release.tag_name }}
secrets:
ecr-region: ${{ secrets.ecr-region }}
ecr-iam-role: ${{ secrets.ecr-iam-role }}
registry: ${{ secrets.registry }}
secret-outputs-passphrase: ${{ secrets.secret-outputs-passphrase }}
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| app | Application name. Used with monorepo pattern when there are several applications in the repo | string | N/A | true |
| organization | Repository owner organization (ex. acme for repo acme/example) | string | N/A | true |
| repository | Repository name (ex. example for repo acme/example) | string | N/A | true |
| version | Release version tag | string | N/A | true |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| ecr-iam-role | IAM Role ARN provide ECR write/read access | true |
| ecr-region | ECR AWS region | true |
| registry | ECR Docker registry | true |
| secret-outputs-passphrase | Passphrase to encrypt/decrypt secret outputs with gpg. For more information [read](https://github.com/cloudposse/github-action-secret-outputs) | true |
### Outputs
| Name | Description |
|------|-------------|
| image | Docker Image |
| tag | Docker image tag |
## CI - Readme
Validate README.yaml, README.md and suggest changes
### Usage
```yaml
name: Validate Readme
on:
workflow_call:
permissions:
pull-requests: write
id-token: write
contents: read
jobs:
ci-readme:
uses: cloudposse/github-actions-workflows/.github/workflows/ci-readme.yml@main
with:
suggestions: true
filter-mode: diff_context
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| filter-mode | Reviewdog filter mode | string | N/A | true |
| runs-on | Overrides job runs-on setting (json-encoded list) | string | ["ubuntu-latest"] | false |
| suggestions | Enable Reviewdog suggestions (pull request only) | boolean | N/A | true |
## CI - Terraform ChatOps
Trigger terraform tests using ChatOps
### Usage
```yaml
name: Terraform ChatOps
on:
workflow_call:
permissions:
pull-requests: write
id-token: write
contents: read
jobs:
ci-terraform-chatops:
uses: cloudposse/github-actions-workflows/.github/workflows/ci-terraform-chatops.yml@main
secrets:
github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }}
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| runs-on | Overrides job runs-on setting (json-encoded list) | string | ["ubuntu-latest"] | false |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| github\_access\_token | GitHub API token | true |
## CI - Terraform
Lint, format and validate terraform code
### Usage
```yaml
name: Validate Terraform
on:
workflow_call:
permissions:
pull-requests: write
id-token: write
contents: read
jobs:
ci-terraform:
uses: cloudposse/github-actions-workflows/.github/workflows/ci-terraform.yml@main
with:
suggestions: true
filter-mode: diff_context
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| filter-mode | Reviewdog filter mode | string | N/A | true |
| runs-on | Overrides job runs-on setting (json-encoded list) | string | ["ubuntu-latest"] | false |
| suggestions | Enable Reviewdog suggestions (pull request only) | boolean | N/A | true |
## CI - Check dist Directory
This workflow helps ensure that generated contents of the `dist` directory matches the output of the `yarn build`
command. The `dist` directory has special meaning in GitHub Actions in that it that contains the runnable JS files.
In Cloud Posse's TypeScript actions, the `dist` directory is generated through a build process from the TypeScript
source files by running the `yarn build` command.
### Usage
```yaml
name: Build
on:
push:
branches: [ main ]
jobs:
check-dist:
uses: cloudposse/github-actions-workflows/.github/workflows/ci-typescript-app-check-dist.yml@main
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| commit-message | Optional input to set a commit message. If it's not set, it defaults to 'Update the contents of dist directory' | string | Update contents of the dist directory | false |
| dist-path | Optional input to set a path to the dist folder. If it's not set, it defaults to './dist' | string | ./dist | false |
| node-caching | Optional input to set up caching for the setup-node action. The input syntax corresponds to the setup-node's one. Set to an empty string if caching isn't needed | string | yarn | false |
| node-version | Optional input to set the version of Node.js used to build a project. The input syntax corresponds to the setup-node's one | string | 16.x | false |
## Controller - Draft release
Create or update draft release
### Usage
```yaml
name: Draft release
on:
push:
branches: [ main ]
jobs:
do:
uses: cloudposse/github-actions-workflows/.github/workflows/controller-draft-release.yml@main
with:
ref: ${{ github.sha }}
secrets:
github-private-actions-pat: ${{ secrets.github-private-actions-pat }}
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| ref | The release target, i.e. branch or commit it should point to | string | ${{ github.sha }} | false |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| github-private-actions-pat | Github PAT allow to create release | true |
## Controller - Reingtegrate hotfix branch
Create PR into `target_branch` to reintegrate hotfix from current branch
### Usage
```yaml
name: Release
on:
release:
types: [published]
jobs:
do:
uses: cloudposse/github-action-workflows/.github/workflows/controller-hotfix-reintegrate.yml@main
with:
ref: ${{ github.ref }}
target_branch: main
secrets:
github-private-actions-pat: ${{ secrets.github-private-actions-pat }}
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| ref | The fully-formed ref of the branch or tag that triggered the workflow run | string | N/A | true |
| target\_branch | Target branch to reintegrate hotfix | string | main | false |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| github-private-actions-pat | Github PAT allow to create a pull request | true |
## Controller - Create Release branch
Create `release/{version}` branch for the release
### Usage
```yaml
name: Main branch
on:
release:
types: [published]
jobs:
do:
uses: cloudposse/github-action-workflows/.github/workflows/controller-hotfix-release-branch.yml@main
with:
version: ${{ github.event.release.tag_name }}
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| version | Release version | string | N/A | true |
## Controller - Create hotfix release
Create next patch version release
### Usage
```yaml
on:
push:
branches: [ 'release/**' ]
jobs:
do:
uses: cloudposse/github-action-workflows/.github/workflows/controller-hotfix-release.yml@main
with:
ref: ${{ github.ref }}
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| ref | The fully-formed ref of the branch or tag that triggered the workflow run | string | N/A | true |
### Outputs
| Name | Description |
|------|-------------|
| version | Release version |
## Controller - Labels
Label a pull request with one or more labels
### Usage
```yaml
name: Label pull request
on:
workflow_call:
jobs:
label:
uses: cloudposse/github-actions-workflows/.github/workflows/controller-labels.yml@main
with:
labels: ['ready-for-review']
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| labels | The labels' name to be added. Must be separated with line breaks if there are multiple labels. | string | N/A | true |
| runs-on | Overrides job runs-on setting (json-encoded list) | string | ["ubuntu-latest"] | false |
## Controller - Monorepo Controller
Mocked monorepo controller that outputs list of applications, lists of apps with and without changes.
### Usage
```yaml
name: Monorepo
on:
push:
branches: [ main ]
jobs:
do:
uses: cloudposse/github-actions-workflows/.github/workflows/controller-monorepo.yml@main
with:
dir: ./apps
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| dir | Directory with applications | string | N/A | true |
### Outputs
| Name | Description |
|------|-------------|
| apps | Applications |
| changes | Changed applications |
| no-changes | Unchanged applications |
## Controller - Release
Create a github release
### Usage
```yaml
name: Draft release
on:
workflow_call:
jobs:
release:
uses: cloudposse/github-actions-workflows/.github/workflows/controller-release.yml@main
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| config-name | Name of the release drafter config file | string | auto-release.yml | false |
| ref | The release target, i.e. branch or commit it should point to | string | ${{ github.sha }} | false |
| runs-on | Overrides job runs-on setting (json-encoded list) | string | ["ubuntu-latest"] | false |
## Scheduled Context
Scheduled update of context.tf and related docs
### Usage
```yaml
name: scheduled-context
on:
workflow_call:
permissions:
pull-requests: write
id-token: write
contents: read
jobs:
scheduled-context:
uses: cloudposse/github-actions-workflows/.github/workflows/scheduled-context.yml@main
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| base-branch | Repo default branch | string | main | false |
| runs-on | Overrides job runs-on setting (json-encoded list) | string | ["ubuntu-latest"] | false |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| github\_access\_token | GitHub API token | true |
## Scheduled Readme
Scheduled update of readme.md
### Usage
```yaml
name: scheduled-readme
on:
workflow_call:
permissions:
pull-requests: write
id-token: write
contents: read
jobs:
scheduled-readme:
uses: cloudposse/github-actions-workflows/.github/workflows/scheduled-readme.yml@main
```
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|----------|
| base-branch | Repo default branch | string | main | false |
| runs-on | Overrides job runs-on setting (json-encoded list) | string | ["ubuntu-latest"] | false |
### Secrets
| Name | Description | Required |
|------|-------------|----------|
| github\_access\_token | GitHub API token | true |
## Share the Love
Like this project? Please give it a ★ on [our GitHub](https://github.com/cloudposse/github-actions-workflows)! (it helps us **a lot**)
Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =)
## Related Projects
Check out these related projects.
## References
For additional context, refer to some of these links.
- [github-actions-workflows](https://github.com/cloudposse/github-actions-workflows) - Reusable workflows for different types of projects
- [github-action-docker-build-push](https://github.com/cloudposse/github-action-docker-build-push) - Simple docker build action
## Help
**Got a question?** We got answers.
File a GitHub [issue](https://github.com/cloudposse/github-actions-workflows/issues), send us an [email][email] or join our [Slack Community][slack].
[![README Commercial Support][readme_commercial_support_img]][readme_commercial_support_link]
## DevOps Accelerator for Startups
We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us.
[][commercial_support]
Work directly with our team of DevOps experts via email, slack, and video conferencing.
We deliver 10x the value for a fraction of the cost of a full-time engineer. Our track record is not even funny. If you want things done right and you need it done FAST, then we're your best bet.
- **Reference Architecture.** You'll get everything you need from the ground up built using 100% infrastructure as code.
- **Release Engineering.** You'll have end-to-end CI/CD with unlimited staging environments.
- **Site Reliability Engineering.** You'll have total visibility into your apps and microservices.
- **Security Baseline.** You'll have built-in governance with accountability and audit logs for all changes.
- **GitOps.** You'll be able to operate your infrastructure via Pull Requests.
- **Training.** You'll receive hands-on training so your team can operate what we build.
- **Questions.** You'll have a direct line of communication between our teams via a Shared Slack channel.
- **Troubleshooting.** You'll get help to triage when things aren't working.
- **Code Reviews.** You'll receive constructive feedback on Pull Requests.
- **Bug Fixes.** We'll rapidly work with you to fix any bugs in our projects.
## Slack Community
Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure.
## Discourse Forums
Participate in our [Discourse Forums][discourse]. Here you'll find answers to commonly asked questions. Most questions will be related to the enormous number of projects we support on our GitHub. Come here to collaborate on answers, find solutions, and get ideas about the products and services we value. It only takes a minute to get started! Just sign in with SSO using your GitHub account.
## Newsletter
Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover.
## Office Hours
[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone!
[![zoom](https://img.cloudposse.com/fit-in/200x200/https://cloudposse.com/wp-content/uploads/2019/08/Powered-by-Zoom.png")][office_hours]
## Contributing
### Bug Reports & Feature Requests
Please use the [issue tracker](https://github.com/cloudposse/github-actions-workflows/issues) to report any bugs or file feature requests.
### Developing
If you are interested in being a contributor and want to get involved in developing this project or [help out](https://cpco.io/help-out) with our other projects, we would love to hear from you! Shoot us an [email][email].
In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
1. **Fork** the repo on GitHub
2. **Clone** the project to your own machine
3. **Commit** changes to your own branch
4. **Push** your work back up to your fork
5. Submit a **Pull Request** so that we can review your changes
**NOTE:** Be sure to merge the latest changes from "upstream" before making a pull request!
## Copyright
Copyright © 2017-2023 [Cloud Posse, LLC](https://cpco.io/copyright)
## License
[](https://opensource.org/licenses/Apache-2.0)
See [LICENSE](LICENSE) for full details.
```text
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
```
## Trademarks
All other trademarks referenced herein are the property of their respective owners.
## About
This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? Please let us know by [leaving a testimonial][testimonial]!
[![Cloud Posse][logo]][website]
We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We ❤️ [Open Source Software][we_love_open_source].
We offer [paid support][commercial_support] on all of our projects.
Check out [our other projects][github], [follow us on twitter][twitter], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation.
### Contributors
| [![Igor Rodionov][goruha_avatar]][goruha_homepage]
[Igor Rodionov][goruha_homepage] |
|---|
[goruha_homepage]: https://github.com/goruha
[goruha_avatar]: https://img.cloudposse.com/150x150/https://github.com/goruha.png
[![README Footer][readme_footer_img]][readme_footer_link]
[![Beacon][beacon]][website]
[logo]: https://cloudposse.com/logo-300x69.svg
[docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=docs
[website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=website
[github]: https://cpco.io/github?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=github
[jobs]: https://cpco.io/jobs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=jobs
[hire]: https://cpco.io/hire?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=hire
[slack]: https://cpco.io/slack?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=slack
[linkedin]: https://cpco.io/linkedin?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=linkedin
[twitter]: https://cpco.io/twitter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=twitter
[testimonial]: https://cpco.io/leave-testimonial?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=testimonial
[office_hours]: https://cloudposse.com/office-hours?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=office_hours
[newsletter]: https://cpco.io/newsletter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=newsletter
[discourse]: https://ask.sweetops.com/?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=discourse
[email]: https://cpco.io/email?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=email
[commercial_support]: https://cpco.io/commercial-support?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=commercial_support
[we_love_open_source]: https://cpco.io/we-love-open-source?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=we_love_open_source
[terraform_modules]: https://cpco.io/terraform-modules?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=terraform_modules
[readme_header_img]: https://cloudposse.com/readme/header/img
[readme_header_link]: https://cloudposse.com/readme/header/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=readme_header_link
[readme_footer_img]: https://cloudposse.com/readme/footer/img
[readme_footer_link]: https://cloudposse.com/readme/footer/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=readme_footer_link
[readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img
[readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/github-actions-workflows&utm_content=readme_commercial_support_link
[share_twitter]: https://twitter.com/intent/tweet/?text=github-actions-workflows&url=https://github.com/cloudposse/github-actions-workflows
[share_linkedin]: https://www.linkedin.com/shareArticle?mini=true&title=github-actions-workflows&url=https://github.com/cloudposse/github-actions-workflows
[share_reddit]: https://reddit.com/submit/?url=https://github.com/cloudposse/github-actions-workflows
[share_facebook]: https://facebook.com/sharer/sharer.php?u=https://github.com/cloudposse/github-actions-workflows
[share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/github-actions-workflows
[share_email]: mailto:?subject=github-actions-workflows&body=https://github.com/cloudposse/github-actions-workflows
[beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/github-actions-workflows?pixel&cs=github&cm=readme&an=github-actions-workflows