https://github.com/ori-edge/oge-github-actions
oge github actions and reusable workflows
https://github.com/ori-edge/oge-github-actions
github-actions github-workflow github-workflows
Last synced: 4 months ago
JSON representation
oge github actions and reusable workflows
- Host: GitHub
- URL: https://github.com/ori-edge/oge-github-actions
- Owner: ori-edge
- License: mit
- Created: 2022-05-19T08:55:39.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2026-01-29T11:03:53.000Z (4 months ago)
- Last Synced: 2026-01-30T01:49:42.161Z (4 months ago)
- Topics: github-actions, github-workflow, github-workflows
- Homepage:
- Size: 85 KB
- Stars: 0
- Watchers: 6
- Forks: 1
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# oge-github-actions
Oge GitHub actions and reusable workflows.
Most of the projects use helm chart version as release version for docker, application version etc. This makes
everything consistent (docker version matches git tag version and helm chart version - easier to debug, rollback, ...).
Because of this, most of these workflows automatically retrieve version from `chartPath` argument and use it. If the
workflow has `chartPath` argument, it means that they should run on chart update:
```yaml
on:
push:
branches:
- main
paths:
- ""
```
Workflows can either use `main` branch as a version e.g. `ori-edge/oge-github-actions/.github/workflows/tag.yml@main` if
you want to get always the latest version, or you can specify a specific tag e.g.
`ori-edge/oge-github-actions/.github/workflows/tag.yml@v0.2.0`.
## tag
GitHub workflow to create git tag, with the same name as chart version. Workflow creates two tags, one is just the
chart version the other one is the chart version, but prefixed with `v` (this satisfies go dependency naming convention).
### inputs
| input | default | description |
|----------------|----------|-----------------------------------------------------|
| chartPath | N/A | helm Chart.yaml path e.g. charts/yourapp/Chart.yaml |
### workflow example
```yaml
jobs:
tag:
uses: ori-edge/oge-github-actions/.github/workflows/tag.yml@main
with:
chartPath: "charts/example-app/Chart.yaml"
```
## docker
GitHub workflow to build and push docker image. Workflow also passes `--build-arg version=` argument set
to chart version. This allows dynamically inject built version to your application.
### inputs
| input | required | default | description |
|-----------------|----------|-------------------------|------------------------------------------------------------------------------------|
| buildArgs | false | | docker build args (See --build-arg in docker docs) |
| buildContext | false | . | docker build context |
| chartPath | false | | helm Chart.yaml path e.g. charts/yourapp/Chart.yaml |
| dockerFile | false | | the path to the Dockerfile to generate the image from |
| dockerImageMode | false | chart_ref | how the imageVersion should be generated (chart_ref, branch_ref, custom) |
| dockerRegistry | false | quay.io | name of the docker registry |
| dockerRepo | false | oriedge | name of the docker repository |
| imageName | true | | name of the docker image to be built |
| imageVersion | false | | over-ride image version ({dockerRegistry}/{dockerRepo}/{imageName}:{imageVersion}) |
| platforms | false | linux/amd64,linux/arm64 | the list of platforms/architectures to compile the docker image against |
| push | false | true | flag to indicate if the generated docker image should be pushed or not |
### secrets
| input | default | description |
|--------------------|----------|--------------------------|
| REGISTRY_USERNAME | N/A | docker registry username |
| REGISTRY_PASSWORD | N/A | docker registry password |
### workflow example
```yaml
jobs:
docker:
uses: ori-edge/oge-github-actions/.github/workflows/docker.yml@v0.5.0
with:
dockerImageMode: branch_ref
imageName: example-app
platforms: linux/amd64
push: ${{ github.actor != 'dependabot[bot]' }}
secrets:
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
```
## docker-scan
GitHub workflow to scan docker image using [trivy](https://github.com/aquasecurity/trivy) scanner. This workflow is not
dependent on `Chart.yaml` version and can be run without updating chart (as part of pull request etc.).
### inputs
| input | default | description |
|----------------|----------|----------------------------------|
| buildContext | . | docker build context |
### workflow example
```yaml
jobs:
docker-scan:
uses: ori-edge/oge-github-actions/.github/workflows/docker-scan.yml@v0.3.0
```
## gcp-helm-charts
GitHub workflow to build helm charts and push to gcp. All helm charts are expected to live in `./charts` directory.
### inputs
| input | default | description |
|----------------|----------|---------------------------------------------------------|
| chartPath | N/A | helm Chart.yaml path e.g. charts/yourapp/Chart.yaml |
| gcpDestination | N/A | gcp directory where the packaged chart will be uploaded |
### secrets
| input | default | description |
|--------------------|----------|-----------------|
| GCP_CREDENTIALS | N/A | gcp credentials |
### workflow example
```yaml
jobs:
gcp-helm-charts:
uses: ori-edge/oge-github-actions/.github/workflows/gcp-helm-charts.yml@v0.8.0
with:
gcpDestination: "helm-charts"
secrets:
GCP_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS }}
```
## wait-for-deploy
GitHub workflow to keep check deployed version (passed in `url` input with combination of `jq` input) until it matches
helm chart (`Chart.yml`) version.
`jq` is automatically quoted, do not include surrounding single quotes. For example instead of `'.service.version'`
use `.service.version`.
### inputs
| input | default | description |
|-----------|----------|-----------------------------------------------------|
| chartPath | N/A | helm Chart.yaml path e.g. charts/yourapp/Chart.yaml |
| url | N/A | url to get currently deployed version |
| jq | .version | jq pattern to extract deployed version |
### workflow example
```yaml
jobs:
wait-for-deploy:
uses: ori-edge/oge-github-actions/.github/workflows/wait-for-deploy.yml@v0.3.0
with:
chartPath: "charts/example-app/Chart.yaml"
url: "https://example.com/version"
```
## go-unit-test
GitHub workflow to run go test and upload the coverage report to codecov (optional)
### inputs
| input | required | default | description |
|-----------------------|----------|--------------------------|-------------------------------------------------|
| goVersion | false | 1.19.1 | version of go to load |
| unitTestCommand | false | make race | go test command with optional coverage output |
| uploadToCodecov | false | true | flag to indicate if codecov upload should occur |
| coverageFilePath | false | ./artifacts/coverage.txt | path to coverage report generated by go test |
### workflow example
```yaml
jobs:
unit-test:
uses: ori-edge/oge-github-actions/.github/workflows/go-unit-test.yml@v0.7.1
with:
uploadToCodecov: ${{ github.actor != 'dependabot[bot]' }}
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
```
## go-integration-test
GitHub workflow to run go integration tests (supports docker registry login if private images required).
### inputs
| input | required | default | description |
|-----------------------|----------|------------------|-------------------------------------------------------|
| skip | false | false | flag to indicate if this workflow should skip |
| goVersion | false | 1.19.1 | version of go to load |
| loginToDockerRegistry | false | false | flag to indicate if docker registry login is required |
| dockerRegistry | false | quay.io | docker registry hostname |
| setupCommand | false | make up | setup test command to run using bash |
| testCommand | false | make integration | integration test command to run using bash |
| buildArtifactName | false | | build artifact to download before running tests |
### workflow example
```yaml
jobs:
integration:
uses: ori-edge/oge-github-actions/.github/workflows/go-integration-test.yml@v0.7.1
with:
skip: ${{ github.actor == 'dependabot[bot]' }}
loginToDockerRegistry: true
buildArtifactName: some-build-artifact
secrets:
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
```
## govulncheck
GitHub workflow to run Go vulnerability checking using [govulncheck](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck).
The workflow provides smart analysis that distinguishes between:
- Fixable vulnerabilities called by your code (fails by default)
- Fixable vulnerabilities in dependencies not called by your code (warning)
- Vulnerabilities without available fixes (warning)
### inputs
| input | required | default | description |
|-----------------------------|----------|---------|--------------------------------------------------------------------|
| goVersionFile | false | go.mod | path to file containing Go version (e.g., .go-version or go.mod) |
| runsOn | false | ubuntu-latest | github actions runner to use |
| failOnFixableVulnerabilities | false | true | fail the workflow if fixable vulnerabilities are found in code paths |
### workflow example
```yaml
jobs:
govulncheck:
uses: ori-edge/oge-github-actions/.github/workflows/govulncheck.yml@v0.16.0
```
With custom settings:
```yaml
jobs:
govulncheck:
uses: ori-edge/oge-github-actions/.github/workflows/govulncheck.yml@v0.16.0
with:
failOnFixableVulnerabilities: false # only warn, don't fail
```
## helm-lint
GitHub workflow to lint Helm charts and optionally validate they render correctly.
### inputs
| input | required | default | description |
|------------------------|----------|----------------|----------------------------------------------------------|
| chartPath | true | | path to the Helm chart directory |
| helmVersion | false | latest | version of Helm to use |
| runsOn | false | ubuntu-latest | github actions runner to use |
| runTemplate | false | true | also run helm template to validate chart renders |
| releaseName | false | test-release | release name to use for helm template |
| valueFiles | false | | comma-separated list of values files for helm template |
| additionalLintArgs | false | | additional arguments to pass to helm lint |
| additionalTemplateArgs | false | | additional arguments to pass to helm template |
### workflow example
```yaml
jobs:
helm-lint:
uses: ori-edge/oge-github-actions/.github/workflows/helm-lint.yml@v0.16.0
with:
chartPath: charts/my-app
releaseName: my-app
```
With custom values files:
```yaml
jobs:
helm-lint:
uses: ori-edge/oge-github-actions/.github/workflows/helm-lint.yml@v0.16.0
with:
chartPath: charts/my-app
releaseName: my-app
valueFiles: "values.yaml,values-prod.yaml"
```