Workflows¶
Reusable GitHub Actions workflows live under .github/workflows/reusable-*.y{a}ml. Consumers reference them via:
Catalog¶
| Workflow | description |
|---|---|
reusable-ansible-galaxy-push.yaml |
Publish an Ansible role to Ansible Galaxy via robertdebock/galaxy-action. |
reusable-ansible-molecule.yaml |
Run a Molecule test scenario via gofrolist/molecule-action. |
reusable-automerge.yaml |
Auto-merge pull requests via pascalgn/automerge-action. |
reusable-chain-bench.yaml |
Run the supply-chain CIS (Center for Internet Security) benchmark via aquasecurity/chain-bench-action. |
reusable-dependency-review.yaml |
Gate pull requests against vulnerable or licence-incompatible dependency changes via actions/dependency-review-action. |
reusable-docker-lint-build.yaml |
Run hadolint on a Dockerfile and a buildx dry-build (no push) for fast PR feedback. |
reusable-docker-publish.yaml |
Build a multi-arch container image with docker/build-push-action and push it to a configurable OCI registry. |
reusable-mkdocs-build.yaml |
Build an mkdocs site with --strict (no deploy) so broken links, missing nav entries, and render errors fail the pull request. |
reusable-mkdocs.yaml |
Build and publish an mkdocs site to GitHub Pages. |
reusable-nodejs-coverage.yaml |
Run Node.js tests (Vitest or Jest) and render the Istanbul json-summary coverage report into the GitHub Actions job summary, with an optional fail-under gate. |
reusable-pre-commit.yaml |
Run pre-commit for a minimal static-test bundle (linters, formatters, EditorConfig). |
reusable-python-coverage.yaml |
Run pytest with pytest-cov and render the coverage report into the GitHub Actions job summary, with an optional fail-under gate. |
reusable-release-cd-refresh-master.yml |
Fast-forward master to the latest published release tag so master always represents the latest release. |
reusable-release-drafter.yml |
Update the open draft release with a changelog from merged PRs via release-drafter/release-drafter. |
reusable-release-publish.yml |
Promote an open release-drafter draft to a published release for a given tag, with an optional dry-run validation gate. |
reusable-spelling-vale.yaml |
Lint Markdown prose via errata-ai/vale-action with inline reviewdog annotations on pull requests. |
reusable-sphinx.yaml |
Build and publish a Sphinx documentation site to GitHub Pages. |
reusable-stale.yaml |
Mark and close stale issues and pull requests via actions/stale. |
reusable-trivy.yaml |
Scan the repository with aquasecurity/trivy-action. |
reusable-tf-lint.yaml |
Lint Terraform sources with terraform-linters/setup-tflint. |
Documented in detail¶
-
Static tests
Pre-commit + EditorConfig linting for any repository.
-
Coverage
Render Python or Node.js test coverage into the job summary, with an optional
fail-undergate. -
Documentation
Build and publish an mkdocs site to GitHub Pages.
-
Release
Draft release notes and refresh
masterto the latest release tag.
Conventions
Every reusable workflow accepts its inputs via workflow_call.inputs. Callers pass secrets explicitly—this repository never reads ambient organization secrets.