Skip to content

stuttgart-things/github-workflow-templates

BranchesTags

Repository files navigation

stuttgart-things/github-workflow-templates

REUSABLE WORKFLOW-CALLS

WORFKLOW-FOLDER 
mkdir -p .github/workflows
TRIGGER 
on:
  workflow_dispatch:
  push:
    branches:
      - 'main'
      - 'feature/**'
      - 'fix/**'
  pull_request:
    types: [opened, reopened]
GOLANG BUILD 
jobs:
  validate-golang:
    name: Valdiate Golang
    uses: stuttgart-things/github-workflow-templates/.github/workflows/call-golang-validation.yaml@main
    with:
      module-name: kaeffken
      environment-name: k8s
      runs-on: ghr-kaeffken-skyami-cicd
      golint-version: v1.61.0-alpine
      golang-version: "1.23.1"
      accept-linterrors: true
      accept-failedtests: false
    secrets: inherit
KO BUILD (ttl.sh / ghcr.io) 
jobs:
  build-image:
    name: Build & Push Image
    uses: stuttgart-things/github-workflow-templates/.github/workflows/call-ko-build.yaml@main
    with:
      registry: ghcr.io
      image-repo: ${{ github.repository }}
      tags: pr-${{ github.event.number }}-${{ github.event.pull_request.head.sha }}
      push: true
      build-path: ./cmd/myapp
    secrets: inherit

Defaults to registry: ttl.sh with a random repo + tag=latest for throwaway smoke runs. When registry: ghcr.io the workflow uses GITHUB_TOKEN to log in (caller must declare packages: write). The first tag is exposed as the image-ref workflow output for downstream scan/deploy/PR-comment jobs.

PUSH KUSTOMIZE OCI BASE 
jobs:
  push-kustomize:
    name: Push Kustomize OCI Base
    uses: stuttgart-things/github-workflow-templates/.github/workflows/call-push-kustomize.yaml@main
    with:
      kcl-source-dir: kcl
      kcl-profile-file: tests/kcl-deploy-profile.yaml
      kustomize-oci-repo: ghcr.io/${{ github.repository }}-kustomize
      tag: pr-${{ github.event.number }}-${{ github.event.pull_request.head.sha }}
    secrets: inherit

Wraps dagger call -m <kcl-module> push-kustomize-base for callers that need a PR-coordinated kustomize artifact on every push (the release-only path lives in call-go-release.yaml). The pushed address:tag is exposed as the artifact-ref workflow output.

CLEANUP PR-TAGGED GHCR ARTIFACTS 
on:
  pull_request:
    types: [closed]

jobs:
  cleanup:
    name: Delete PR-tagged GHCR versions
    uses: stuttgart-things/github-workflow-templates/.github/workflows/call-cleanup-pr-artifacts.yaml@main
    with:
      packages: |
        myrepo
        myrepo-kustomize
    secrets: inherit

Defaults to deleting every GHCR version whose tag starts with pr-<num>- for the closed PR. Set dry-run: true first to preview matches. Override tag-pattern for custom tagging schemes. GHCR retains PR-tagged versions forever otherwise, so wire this up alongside any workflow that pushes pr-<num>-<sha> artifacts.

YAML LINT 
jobs:
  yaml-lint:
    name: Lint yaml files
    uses: stuttgart-things/github-workflow-templates/.github/workflows/call-yaml-lint.yaml@feature/add-homerun-task-go
    with:
      runs-on: ghr-install-configure-docker-skyami-cicd
      environment-name: k8s
      continue-error: true
      yamllint-version: 1
      lintprofile-path: .yamllint
      artifact-name: yaml-lint

ACTIONS

SEND MESSAGE TO HOMERUN 
jobs:
  send-to-homerun:
    runs-on: ghr-stuttgart-things-skyami-cicd
    steps:
      - name: Send Message To Homerun
        uses: stuttgart-things/github-workflow-templates/actions/send-homerun-message@main
        with:
          url: "https://homerun.homerun-dev.sthings-vsphere.labul.sva.de/generic"
          secretToken: "${{ secrets.HOMERUN_TOKEN }}" # Pass the secret
          title: "Test Homerun Title"
          message: "Test Homerun Message"
          severity: "INFO"
          artifacts: "Test Artifact"
          tags: "github,test"
          assigneeName: "patrick"
          assigneeAddress: ""

DEV

ALL TASKS 
task: Available tasks for this project:
* branch:              Create branch from main
* check:               Run pre-commit hooks
* commit:              Commit + push code into branch
* pr:                  Create pull request into main
* switch-local:        Switch to local branch
* switch-remote:       Switch to remote branch
* tag:                 Tag repo
* tasks:               Select a task to run
SELECT TASK 
task=$(yq e '.tasks | keys' Taskfile.yaml | sed 's/^- //' | gum choose) && task ${task}

AUTHORS

---
authors:
  - patrick.hermann

LICENSE

APACHE 2.0

Copyright 2023 patrick hermann.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

About

github-workflow-templates

Topics

actions cicd reusable-components github-actions github-workflows reusable-workflows

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

 
 
 

Contributors