Skip to content

sue445/workflows

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

274 Commits
.github
.github
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

sue445/workflows

Reusable workflows for GitHub Actions

test

dependabot-auto-merge

Auto-merge Dependabot PR

Important

Requires followings

e.g.

name: dependabot-auto-merge

on:
  pull_request:
    types:
      - opened
      - synchronize # PR branch is rebased

jobs:
  dependabot-auto-merge:
    uses: sue445/workflows/.github/workflows/dependabot-auto-merge.yml@main
    with:
      repo-name: sue445/repo-name
    secrets:
      # TODO: Set secrets to Dependabot secrets
      app-id: ${{ secrets.GH_APP_ID }}
      private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      # slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

Permissions required for GitHub App

  • Contents : Read and write
  • Pull requests : Read and write

dependabot-security-alert

  • Create security label if it doesn't exist
  • Add security label to PR when security update PR
  • Add GHSA-ID (or CVE-ID if possible) to PR title when security update PR

e.g.

name: dependabot-security-alert

on:
  pull_request:
    types:
      - opened
      - synchronize # PR branch is rebased

jobs:
  dependabot-security-alert:
    uses: sue445/workflows/.github/workflows/dependabot-security-alert.yml@main
    with:
      repo-name: sue445/repo-name
    secrets:
      # TODO: Set secrets to Dependabot secrets
      app-id: ${{ secrets.GH_APP_ID }}
      private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      # slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

Permissions required for GitHub App

  • Contents : Read and write
  • Pull requests : Read and write
  • Issues : Read and write
  • Dependabot alerts : Read-only

major-tag-updater

Update Major Release Tag

e.g. When the v1.2.3 tag is pushed, the v1 tag is updated

name: Update Major Release Tag

on:
  push:
    tags:
      - "v[0-9]+.[0-9]+.[0-9]+"

permissions:
  contents: write

jobs:
  major-tag-updater:
    uses: sue445/workflows/.github/workflows/major-tag-updater.yml@main
    # secrets:
    #   slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

pages-yard

Deploy yard to Pages

e.g.

name: pages-yard

on:
  push:
    branches:
      - main
  workflow_dispatch:

permissions:
  contents: read
  pages: write
  id-token: write

jobs:
  deploy:
    uses: sue445/workflows/.github/workflows/pages-yard.yml@main
    # with:
    #   ruby-version: ruby
    #   bundle-without: production
    #   before-command: |
    #     sudo apt-get update
    #     sudo apt-get install -y libgda-5.0
    # secrets:
    #   slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

rbs-collection-updater

Run rbs collection update and create Pull Request for rbs_collection.lock.yaml

Important

Requires followings when enabling auto-merge

e.g.

name: rbs-collection-updater

on:
  schedule:
    - cron: "0 0 1 * *" # Run monthly
  workflow_dispatch:

jobs:
  build:
    uses: sue445/workflows/.github/workflows/rbs-collection-updater.yml@main
    # with:
    #   assignees: sue445
    #   auto-merge: true
    #   ruby-version: ruby
    secrets:
      app-id: ${{ secrets.GH_APP_ID }}
      private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      # slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

Permissions required for GitHub App

  • Contents : Read and write
  • Pull requests : Read and write

[WIP] release_gem

Publish gem and create release

e.g.

name: Publish gem to rubygems.org

on:
  workflow_dispatch:

jobs:
  release:
    uses: sue445/workflows/.github/workflows/release_gem.yml@main
    with:
      repo-name: sue445/repo-name
      gem-name:  gem-name

terraform-auto-merge

Auto-merge Dependabot PR when there are no plan changes

Important

Requires followings when enabling auto-merge

e.g.

- name: terraform plan
  run: terraform plan -input=false -out=tfplan

- uses: sue445/workflows/.github/actions/terraform-auto-merge@main
  with:
    # TODO: Set secrets to Dependabot secrets
    app-id: ${{ secrets.GH_APP_ID }}
    private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
    # plan-path: tfplan
    # bot-name: ""

Permissions required for GitHub App

  • Contents : Read and write
  • Pull requests : Read and write
  • Workflows: Read and Write

terraform-version-updater

Upgrade Terraform to latest version

e.g.

name: Upgrade Terraform to latest version

on:
  schedule:
    - cron: "0 0 1 * *" # Run monthly
  workflow_dispatch: # Run manually

jobs:
  terraform-version-updater:
    uses: sue445/workflows/.github/workflows/terraform-version-updater.yml@main
    # with:
    #   assignees: sue445
    secrets:
      app-id: ${{ secrets.GH_APP_ID }}
      private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      # slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

Permissions required for GitHub App

  • Contents : Read and write
  • Pull requests : Read and write

See also. https://github.com/sue445/terraform-version-updater

About

Reusable workflows for GitHub Actions

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors