Github workflows 🤖

This repository serves as a centralized location for reusable GitHub workflows. By defining shared workflows here, we streamline the process of maintaining consistency and quality across all repositories.

This repository contains reusable GitHub workflows intended to be referenced from other repositories via the uses: owner/repo/.github/workflows/<file>@<ref> mechanism.

How to reference these workflows

In your repository, use a uses: reference under jobs to call a reusable workflow.

Example:

jobs:
  example:
    uses: this-is-tobi/github-workflows/.github/workflows/scan-sonarqube.yml@v0
    with:
      SONAR_URL: 'https://sonarqube.example.com'
    secrets:
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}

Using Reusable Workflows from Private Repositories

You can use reusable workflows from a private repository, but there are important requirements and limitations:

• Repository Access: Both the caller and the reusable workflow repository must be internal to the same user / organization.
• Reference Format: Always reference the reusable workflow using the full path: owner/repo/.github/workflows/workflow.yml@ref.

For more details, see:

• GitHub Docs – Reusing workflows
• GitHub Docs – Share across private repositories
• GitHub Docs – Share with your organization

Available workflows

Lint

• Validate commit messages follow Conventional Commits (lint-commits.yml)
• Lint Helm charts structure and validate documentation (lint-helm.yml)
• Validate Helm chart values against a JSON schema (lint-helm-schema.yml)
• Lint JavaScript, JSON, Markdown and YAML files using ESLint (lint-js.yml)
• Lint YAML files using yamllint (lint-yaml.yml)

Test

• Test Helm charts installation with chart-testing (test-helm.yml)
• Test JavaScript/Typescript codebase using Vitest (test-vitest.yml)

Build

• Build docker images and push it to a registry (build-docker.yml)

Scan

• Run SonarQube analysis and quality gate check (scan-sonarqube.yml)
• Run Trivy vulnerability scans on images and config (scan-trivy.yml)

Release

• Release Apps using release-please and optional automerge (release-app.yml)
• Release Helm charts using chart-releaser (release-helm.yml)
• Update or trigger Helm chart app version bump (update-helm-chart.yml)

Deploy

• Post preview links and optionally redeploy an ArgoCD preview app (argocd-preview.yml)

Utility

• Delete GitHub action caches and optionally GHCR images (clean-cache.yml)
• Add labels to PRs using a labeler configuration file (label-pr.yml)