GitHub Action workflows that can be shared by multiple repositories
All workflows in this repository provide at least the following default
parameters that can be passed with with: from calling repositories:
jobs_run_on: The runner group on which jobs will run. Default:ubuntu-latesttimeout_minutes: The maximum time (in minutes) for a job to run. Default:5working_directory: The working directory where all jobs should be executed. Default:.
This workflow will run the adr generate toc command using
adr to generate the Table of Contents for the
ADRs in the repository. The workflow assumes the output goes to the README.md in the
same directory as the ADRs. This check makes sure PRs haven't forgotten to run this
command as part of their commits.
This workflow will setup Python (3.11) and lint the repository using both
yamllint and ansible-lint. Poetry
is used to install the Python dependencies. Both yamllint and
ansible-lint are expected to be installed by
the Poetry configuration in the repository using this workflow.
additional_packages: String of additional packages that should be installed. Default: ``python_version: The version of Python to use. Default:3.11
This workflow will run thecommitlint By default it only checks that PR titles follow Conventional Commits. In addition the 'subject-case' and 'body-max-line-length' checks are disabled.
validate_pr_title: Validate PR title. Default: truevalidate_current_commit: Validate current commit (last commit). Default: false- validate_pr_commits: Validate PR commits. Default: false
These are local Actions that run for this repository. This workflow is not visible or usable outside of this repository.
This workflow will run the DavidAnson/markdownlint-cli2-action action to lint markdown files.
config_file: The configuration file to use. Default:.markdownlint-cli2.yamlfix: If set to true, fix any issues found. Default:falseglobs: The glob to use to find all markdown files. Default:**/*.mdseparator: The character used to separate globs. Default:,
This workflow runs the pre-commmit action with minimal options for configuration.
This workflow will setup Puppet using
ruby/setup-ruby (Ruby version
3.2). The linting and dependency installations will all happen using
PDK. The Puppet module will be built with PDK and then installed
using puppet module install to test that the build and install process works
as expected.
puppet_package_name: The name of the Puppet module the repo will create. Default: ``puppet_version: The version of Puppet to use in PDK. Default:7ruby_version: The version of Ruby to use. Default:3.2
This workflow will setup Puppet using ruby/setup-ruby. The linting and dependency installations will all happen using PDK. The Puppet module will be built with PDK and then pushed to the Puppet Forge.
puppet_version: The version of Puppet to use in PDK. Default:7ruby_version: The version of Ruby to use. Default:3.2
forge_token: The Puppet Forge token to use when deploying the module.
This workflow will setup Puppet using
ruby/setup-ruby (Ruby version
3.2). The linting and dependency installations will all happen using
PDK.
puppet_version: The version of Puppet to use in PDK. Default:7ruby_version: The version of Ruby to use. Default:3.2
This workflow will setup Puppet using ruby/setup-ruby. The testing will happen on a matrix of Ruby and Puppet versions. The dependency installation and unit tests will all happen using PDK.
puppet_versions: The versions of Puppet to use in the unit tests, passed as a string in JSON format withversionsas the key. Default:'{ "versions": [ "7", "8" ] }'- Note: Make sure to enclose the JSON string in single quotes!!
ruby_versions: The versions of Ruby to use in the unit tests, passed as a string in JSON format withversionsas the key. Default:'{ "versions": [ "3.1", "3.2" ] }'- Note: Make sure to enclose the JSON string in single quotes!!
This workflow will setup Python (3.11) and do a build and deploy of the
Python package to PyPi using Poetry.
additional_packages: String of additional packages that should be installed. Default: ``poetry_install_options: Extra options to pass to Poetry when doing an install. Default:--no-rootpython_version: The version of Python to use. Default:3.11
pypi_token: The PyPi token to use to deploy. This secret is required for this workflow to push to PyPi
This workflow will setup Python (3.11) and lint the repository.
Poetry is used to install any Python dependencies. By default the
linters run are yamllint, and
pylama. As of August 2023,
pylama has been deprecated, so
you can run Ruff as the Python linter
by setting the use_ruff input to true.
additional_packages: String of additional packages that should be installed. Default: ``poetry_install_options: Extra options to pass to Poetry when doing an install. Default:--no-rootpython_version: The version of Python to use. Default:3.11ruff_version: The version of Ruff to run. Default:0.1.0use_pylama: If true, use pylama to lint the repository. Default:trueuse_ruff: If true, use Ruff to lint the repository. Default:false
This workflow will setup Python (3.12) and run make ci on the
repository. Poetry is used to install any Python dependencies. It is
the responsibility of the repository owner to correctly setup a Makefile to
correctly do all the CI tasks for their repository. The prettier application
as well as Node 22.x are also available to this workflow.
There are no additional inputs for this workflow. Additionally, the
jobs_run_on input is not available for this workflow as the job is forced to
use ubuntu-latest for the base image.
This workflow will setup Python (3.11) and do a build and deploy of the
Python package to Test PyPi using Poetry.
additional_packages: String of additional packages that should be installed. Default: ``poetry_install_options: Extra options to pass to Poetry when doing an install. Default:--no-rootpython_version: The version of Python to use. Default:3.11
pypi_test_token: The PyPi token to use to deploy. This secret is required for this workflow to push to Test PyPi
This workflow will setup a matrix of Python versions and run the unit tests for the repository using green. Poetry is used to install any Python dependencies.
additional_packages: String of additional packages that should be installed. Default: ``poetry_install_options: Extra options to pass to Poetry when doing an install. Default:--no-rootpython_package_name: The name of the PyPi package the repo will create. Default: ``python_versions: The versions of Python to use in the unit tests, passed as a string in JSON format withversionsas the key. Default:'{ "versions": [ "3.7", "3.8", "3.9", "3.10", "3.11" ] }'- Note: Make sure to enclose the JSON string in single quotes!!
run_coverage: Boolean to determine whether coverage should be run or not. Default:truetest_runner: The runner used to run all the unit tests. Default:greentest_targets: A list of directories to target for testing. Runners should autodetect if left blank. Default: ``
This workflow will setup and run terraform-docs to generate the Terraform documentation and store it in the README.md.
config_file: The path to the configuration file. Default:.terraform-docs.ymlgit_push: If set to true, push the changes to the repository. Default:falseoutput_file: The path to the output file. Default:README.mdoutput_method: The method to use for output. Default:injectterragrunt_directory: The environment directory from which Terragrunt should run. Default:produse_terragrunt: If set to true, use Terragrunt instead of Terraform. Default:false
This workflow will setup and run tflint as well as the pre-commit/action Action to run pre-commit.
tflint_config_path: The relative path to the TFlint configuration file. Default:.tflint.hcl
This workflow will setup and run some static analysis tools for Terraform. The only test that runs by default is tfsec using the aquasecurity/tfsec-pr-commenter-action Action. You can optionally run Checkov (using the bridgecrewio/checkov-action Action) and Trivy (using the aquasecurity/trivy-action Action).
run_checkov: If set to true, run checkov tests. Default:falserun_tfsec: If set to true, run tfsec tests. Default:truerun_trivy: If set to true, run Trivy tests. Default:falsetrivy_skip_files: A comma-separated list of files Trivy should ignore. Default: ``
wf_github_token: Description: The GitHub token to use when running tfsec so that it can post comments to the PR. If you decide to setrun_tfsectofalse, this secret does not need to be provided.
This workflow will setup and run basic validations for Terraform and
optionally Terragrunt if you use it in your repository. If you do not use
Terragrunt, all of the inputs with terragrunt in the name are not
needed.
If use_terragrunt is set to false, the workflow just do a terraform init
and a terraform validate. If use_terragrunt is set to true, a terragrunt init and terragrunt validate will be run, but the Terragrunt-specific
check terragrunt hclfmt will also be run.
terraform_version: The version of Terraform to use when validating. Default:1.5.5terragrunt_directory: The environment directory from which Terragrunt should run. Default:prodterragrunt_version: The version of Terragrunt to use when validating. Default:0.48.7use_terragrunt: If set to true, use Terragrunt instead of Terraform. Default:false
To generate the CHANGELOG.md, you will need Docker and a GitHub personal
access token. We currently use
github-changelog-generator
for this purpose. The following should generate the file using information
from GitHub:
docker run -it --rm \
-e CHANGELOG_GITHUB_TOKEN='yourtokenhere' \
-v "$(pwd)":/working \
-w /working \
githubchangeloggenerator/github-changelog-generator:latest \
--verbose \
--future-release 2.0.0This will generate the log for an upcoming release of 2.0.0 that has not yet been
tagged.
As a note, this repository uses the default labels for formatting the
CHANGELOG.md. Label information can be found here:
Advanced-change-log-generation-examples