├── .dockerignore ├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── bug_report.yaml │ ├── config.yaml │ └── feature_request.yaml ├── dependabot.yaml ├── labeler.yml ├── release-drafter.yaml └── workflows │ ├── actionlint.yaml │ ├── auto-author-assign.yaml │ ├── auto-labeler.yaml │ ├── labeler.yaml │ ├── major-version-updater.yaml │ ├── pr-title.yaml │ ├── release-discussion.yaml │ ├── release-image.yaml │ ├── release.yaml │ ├── stale.yaml │ ├── test-auto-labeler.yaml │ ├── test-labeler.yaml │ ├── test-major-version-updater.yaml │ ├── test-pr-title.yaml │ └── test-release.yaml ├── .gitignore ├── CONTRIBUTING.md ├── Dockerfile ├── LICENSE ├── README.md ├── SUPPORT.md └── docs ├── auto-labeler.md ├── faq.md ├── labeler.md ├── major-version-updater.md ├── pr-title.md ├── release-discussion.md ├── release-image.md └── release.md /.dockerignore: -------------------------------------------------------------------------------- 1 | # Common 2 | 3 | _.md 4 | docker-compose.yml 5 | Dockerfile_ 6 | .env\* 7 | Makefile 8 | 9 | # Logs 10 | 11 | logs 12 | \*.log 13 | 14 | # IDE's 15 | 16 | .vscode/ 17 | .idea/ 18 | 19 | # Dependency directories 20 | 21 | node_modules/ 22 | .venv/ 23 | 24 | ## Cache directories 25 | 26 | .parcel-cache 27 | 28 | # git 29 | 30 | .git 31 | .gitattributes 32 | .gitignore 33 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @github/ospo-github-actions 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | description: Create a report to help us improve 4 | labels: 5 | - bug 6 | body: 7 | - type: textarea 8 | attributes: 9 | label: Describe the bug 10 | description: A clear and concise description of what the bug is. 11 | validations: 12 | required: true 13 | 14 | - type: textarea 15 | attributes: 16 | label: To Reproduce 17 | description: Steps to reproduce the behavior 18 | placeholder: | 19 | 1. Go to '...' 20 | 2. Click on '....' 21 | 3. Scroll down to '....' 22 | 4. See error 23 | validations: 24 | required: true 25 | 26 | - type: textarea 27 | attributes: 28 | label: Expected behavior 29 | description: A clear and concise description of what you expected to happen. 30 | validations: 31 | required: true 32 | 33 | - type: textarea 34 | attributes: 35 | label: Screenshots 36 | description: If applicable, add screenshots to help explain your problem. 37 | validations: 38 | required: false 39 | 40 | - type: textarea 41 | attributes: 42 | label: Additional context 43 | description: Add any other context about the problem here. 44 | validations: 45 | required: false 46 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yaml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | 3 | contact_links: 4 | - name: Ask a question 5 | url: https://github.com/github/ospo-reusable-workflows/discussions/new?category=q-a 6 | about: Ask a question or start a discussion 7 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | description: Suggest an idea for this project 4 | labels: 5 | - enhancement 6 | body: 7 | - type: textarea 8 | attributes: 9 | label: Is your feature request related to a problem? 10 | description: A clear and concise description of what the problem is. Please describe. 11 | placeholder: | 12 | Ex. I'm always frustrated when [...] 13 | validations: 14 | required: false 15 | 16 | - type: textarea 17 | attributes: 18 | label: Describe the solution you'd like 19 | description: A clear and concise description of what you want to happen. 20 | validations: 21 | required: true 22 | 23 | - type: textarea 24 | attributes: 25 | label: Describe alternatives you've considered 26 | description: A clear and concise description of any alternative solutions or features you've considered. 27 | validations: 28 | required: false 29 | 30 | - type: textarea 31 | attributes: 32 | label: Additional context 33 | description: Add any other context or screenshots about the feature request here. 34 | validations: 35 | required: false 36 | -------------------------------------------------------------------------------- /.github/dependabot.yaml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: 'github-actions' 4 | directory: '/' 5 | schedule: 6 | interval: 'daily' 7 | timezone: 'America/Chicago' 8 | commit-message: 9 | prefix: "chore(deps)" 10 | groups: 11 | dependencies: 12 | applies-to: version-updates 13 | update-types: 14 | - "minor" 15 | - "patch" 16 | -------------------------------------------------------------------------------- /.github/labeler.yml: -------------------------------------------------------------------------------- 1 | repo: 2 | - changed-files: 3 | - any-glob-to-any-file: [.github/**/*, README.md, .gitignore, .gitattributes, .gitmodules/**/*, LICENSE] 4 | -------------------------------------------------------------------------------- /.github/release-drafter.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name-template: "v$RESOLVED_VERSION" 3 | tag-template: "v$RESOLVED_VERSION" 4 | template: | 5 | # Changelog 6 | $CHANGES 7 | 8 | See details of [all code changes](https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION) since previous release 9 | 10 | categories: 11 | - title: "🚀 Features" 12 | labels: 13 | - "feature" 14 | - "enhancement" 15 | - title: "🐛 Bug Fixes" 16 | labels: 17 | - "fix" 18 | - "bugfix" 19 | - "bug" 20 | - title: "🧰 Maintenance" 21 | labels: 22 | - "infrastructure" 23 | - "automation" 24 | - "documentation" 25 | - "dependencies" 26 | - "maintenance" 27 | - "revert" 28 | - title: "🏎 Performance" 29 | label: "performance" 30 | change-template: "- $TITLE @$AUTHOR (#$NUMBER)" 31 | version-resolver: 32 | major: 33 | labels: 34 | - "breaking" 35 | - "major" 36 | minor: 37 | labels: 38 | - "enhancement" 39 | - "feature" 40 | - "minor" 41 | patch: 42 | labels: 43 | - "documentation" 44 | - "maintenance" 45 | - "fix" 46 | - "patch" 47 | default: patch 48 | autolabeler: 49 | - label: "automation" 50 | title: 51 | - "/^(build|ci|perf|refactor|test).*/i" 52 | - label: "enhancement" 53 | title: 54 | - "/^(style).*/i" 55 | - label: "documentation" 56 | title: 57 | - "/^(docs).*/i" 58 | - label: "feature" 59 | title: 60 | - "/^(feat).*/i" 61 | - label: "fix" 62 | title: 63 | - "/^(fix).*/i" 64 | - label: "infrastructure" 65 | title: 66 | - "/^(infrastructure).*/i" 67 | - label: "maintenance" 68 | title: 69 | - "/^(chore|maintenance).*/i" 70 | - label: "revert" 71 | title: 72 | - "/^(revert).*/i" 73 | -------------------------------------------------------------------------------- /.github/workflows/actionlint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Lint GitHub Actions workflows 3 | on: [push, pull_request] 4 | permissions: 5 | contents: read 6 | jobs: 7 | actionlint: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - uses: actions/checkout@v4 11 | - name: Check workflow files 12 | uses: docker://rhysd/actionlint:latest 13 | with: 14 | args: -color 15 | -------------------------------------------------------------------------------- /.github/workflows/auto-author-assign.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Auto Author Assign" 3 | on: 4 | pull_request: 5 | types: [opened, reopened, synchronize] 6 | permissions: 7 | contents: read 8 | jobs: 9 | assign: 10 | runs-on: ubuntu-latest 11 | permissions: 12 | pull-requests: write 13 | steps: 14 | - uses: toshimaru/auto-author-assign@16f0022cf3d7970c106d8d1105f75a1165edb516 # v2.1.1 15 | with: 16 | repo-token: ${{ secrets.GITHUB_TOKEN }} 17 | -------------------------------------------------------------------------------- /.github/workflows/auto-labeler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Auto Labeler" 3 | on: 4 | workflow_call: 5 | inputs: 6 | config-name: 7 | required: true 8 | type: string 9 | secrets: 10 | github-token: 11 | required: true 12 | permissions: 13 | contents: read 14 | jobs: 15 | main: 16 | permissions: 17 | pull-requests: write 18 | name: Auto label pull requests 19 | runs-on: ubuntu-latest 20 | steps: 21 | - uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 22 | env: 23 | GITHUB_TOKEN: ${{ secrets.github-token }} 24 | with: 25 | config-name: ${{ inputs.config-name }} 26 | disable-releaser: true 27 | -------------------------------------------------------------------------------- /.github/workflows/labeler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Pull Request Labeler" 3 | on: 4 | workflow_call: 5 | inputs: 6 | config-path: 7 | required: true 8 | type: string 9 | secrets: 10 | github-token: 11 | required: true 12 | permissions: 13 | contents: read 14 | jobs: 15 | labeler: 16 | permissions: 17 | contents: read 18 | pull-requests: write 19 | runs-on: ubuntu-latest 20 | steps: 21 | - uses: actions/checkout@v4.2.2 22 | - uses: actions/labeler@v5.0.0 23 | with: 24 | configuration-path: ${{ inputs.config-path }} 25 | repo-token: "${{ secrets.github-token }}" 26 | -------------------------------------------------------------------------------- /.github/workflows/major-version-updater.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Major Version Updater" 3 | on: 4 | workflow_call: 5 | inputs: 6 | tag-name: 7 | required: true 8 | type: string 9 | secrets: 10 | github-token: 11 | required: true 12 | permissions: 13 | contents: read 14 | jobs: 15 | major_version_updater: 16 | runs-on: ubuntu-latest 17 | permissions: 18 | contents: write 19 | steps: 20 | - uses: actions/checkout@v4.2.2 21 | with: 22 | fetch-tags: true 23 | ref: ${{ inputs.tag-name }} 24 | - name: version 25 | id: version 26 | env: 27 | TAG_NAME: ${{ inputs.tag-name }} 28 | run: | 29 | tag=${TAG_NAME/refs\/tags\//} 30 | version=${tag#v} 31 | major=${version%%.*} 32 | { echo "tag=${tag}"; echo "version=${version}"; echo "major=${major}"; } >> "$GITHUB_OUTPUT" 33 | - name: force update major tag 34 | env: 35 | GITHUB_TOKEN: ${{ secrets.github-token }} 36 | run: | 37 | git tag -f v${{ steps.version.outputs.major }} ${{ steps.version.outputs.tag }} 38 | git push -f origin v${{ steps.version.outputs.major }} 39 | -------------------------------------------------------------------------------- /.github/workflows/pr-title.yaml: -------------------------------------------------------------------------------- 1 | ## Reference: https://github.com/amannn/action-semantic-pull-request 2 | --- 3 | name: "Lint PR Title" 4 | on: 5 | workflow_call: 6 | inputs: 7 | types: 8 | required: false 9 | type: string 10 | default: | 11 | build 12 | chore 13 | ci 14 | docs 15 | feat 16 | fix 17 | perf 18 | refactor 19 | revert 20 | style 21 | test 22 | scopes: 23 | required: false 24 | type: string 25 | default: "" 26 | requireScope: 27 | required: false 28 | type: boolean 29 | default: false 30 | secrets: 31 | github-token: 32 | required: true 33 | jobs: 34 | main: 35 | permissions: 36 | contents: read 37 | pull-requests: read 38 | statuses: write 39 | name: Validate PR title 40 | runs-on: ubuntu-latest 41 | steps: 42 | - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 43 | env: 44 | GITHUB_TOKEN: ${{ secrets.github-token }} 45 | with: 46 | types: ${{ inputs.types }} 47 | scopes: ${{ inputs.scopes }} 48 | requireScope: ${{ inputs.requireScope }} 49 | -------------------------------------------------------------------------------- /.github/workflows/release-discussion.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Release Discussion" 3 | on: 4 | workflow_call: 5 | inputs: 6 | full-tag: 7 | required: true 8 | type: string 9 | body: 10 | required: true 11 | type: string 12 | secrets: 13 | github-token: 14 | required: true 15 | discussion-repository-id: 16 | required: true 17 | discussion-category-id: 18 | required: true 19 | jobs: 20 | create_discussion: 21 | runs-on: ubuntu-latest 22 | permissions: 23 | contents: read 24 | discussions: write 25 | env: 26 | DISCUSSION_REPOSITORY_ID: ${{ secrets.discussion-repository-id }} 27 | DISCUSSION_CATEGORY_ID: ${{ secrets.discussion-category-id }} 28 | steps: 29 | - name: Check for Discussion Repository ID 30 | if: ${{ env.DISCUSSION_REPOSITORY_ID == '' }} 31 | run: | 32 | echo "discussion-repository-id secret is not set" 33 | exit 1 34 | - name: Check for Discussion Category ID 35 | if: ${{ env.DISCUSSION_CATEGORY_ID == '' }} 36 | run: | 37 | echo "discussion-category-id secret is not set" 38 | exit 1 39 | - name: Create an Announcement Discussion for Release 40 | uses: abirismyname/create-discussion@c2b7c825241769dda523865ae444a879f6bbd0e0 41 | with: 42 | title: ${{ inputs.full-tag }} 43 | body: ${{ inputs.body }} 44 | repository-id: ${{ env.DISCUSSION_REPOSITORY_ID }} 45 | category-id: ${{ env.DISCUSSION_CATEGORY_ID }} 46 | github-token: ${{ secrets.github-token }} 47 | -------------------------------------------------------------------------------- /.github/workflows/release-image.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Release Image" 3 | on: 4 | workflow_call: 5 | inputs: 6 | image-name: 7 | required: true 8 | type: string 9 | full-tag: 10 | required: true 11 | type: string 12 | short-tag: 13 | required: true 14 | type: string 15 | create-attestation: 16 | required: false 17 | type: boolean 18 | default: false 19 | secrets: 20 | github-token: 21 | required: true 22 | image-registry: 23 | required: true 24 | image-registry-username: 25 | required: true 26 | image-registry-password: 27 | required: true 28 | jobs: 29 | create_action_images: 30 | runs-on: ubuntu-latest 31 | permissions: 32 | contents: read 33 | packages: write 34 | id-token: write 35 | attestations: write 36 | env: 37 | IMAGE_REGISTRY: ${{ secrets.image-registry }} 38 | IMAGE_REGISTRY_USERNAME: ${{ secrets.image-registry-username }} 39 | IMAGE_REGISTRY_PASSWORD: ${{ secrets.image-registry-password }} 40 | steps: 41 | - uses: actions/checkout@v4.2.2 42 | - name: Set up Docker Buildx 43 | uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 44 | - name: Log in to the Container registry 45 | uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 46 | with: 47 | registry: ${{ env.IMAGE_REGISTRY }} 48 | username: ${{ env.IMAGE_REGISTRY_USERNAME }} 49 | password: ${{ env.IMAGE_REGISTRY_PASSWORD}} 50 | - name: Push Docker Image 51 | if: ${{ success() }} 52 | uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 53 | id: push 54 | with: 55 | context: . 56 | file: ./Dockerfile 57 | push: true 58 | tags: | 59 | ${{ env.IMAGE_REGISTRY }}/${{ inputs.image-name }}:latest 60 | ${{ env.IMAGE_REGISTRY }}/${{ inputs.image-name }}:${{ inputs.full-tag }} 61 | ${{ env.IMAGE_REGISTRY }}/${{ inputs.image-name }}:${{ inputs.short-tag }} 62 | platforms: linux/amd64,linux/arm64 63 | provenance: false 64 | sbom: false 65 | - name: Generate artifact attestation 66 | if: ${{ inputs.create-attestation }} 67 | uses: actions/attest-build-provenance@v2 68 | with: 69 | subject-name: ${{ env.IMAGE_REGISTRY }}/${{ inputs.image-name}} 70 | subject-digest: ${{ steps.push.outputs.digest }} 71 | push-to-registry: true 72 | github-token: ${{ secrets.github-token }} 73 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Release" 3 | on: 4 | workflow_call: 5 | inputs: 6 | publish: 7 | required: false 8 | type: boolean 9 | default: true 10 | release-config-name: 11 | required: true 12 | type: string 13 | secrets: 14 | github-token: 15 | required: true 16 | outputs: 17 | full-tag: 18 | description: 'Full tag of release' 19 | value: ${{ jobs.create_release.outputs.full-tag }} 20 | short-tag: 21 | description: 'Short tag of release' 22 | value: ${{ jobs.create_release.outputs.short-tag }} 23 | body: 24 | description: 'Body content of release' 25 | value: ${{ jobs.create_release.outputs.body }} 26 | jobs: 27 | create_release: 28 | # release if 29 | # manual deployment OR 30 | # merged to main and labelled with release labels 31 | if: | 32 | (github.event_name == 'workflow_dispatch') || 33 | (github.event.pull_request.merged == true && 34 | (contains(github.event.pull_request.labels.*.name, 'breaking') || 35 | contains(github.event.pull_request.labels.*.name, 'feature') || 36 | contains(github.event.pull_request.labels.*.name, 'vuln') || 37 | contains(github.event.pull_request.labels.*.name, 'release'))) 38 | outputs: 39 | full-tag: ${{ steps.release-drafter.outputs.tag_name }} 40 | short-tag: ${{ steps.get_tag_name.outputs.SHORT_TAG }} 41 | body: ${{ steps.release-drafter.outputs.body }} 42 | runs-on: ubuntu-latest 43 | permissions: 44 | contents: write 45 | pull-requests: read 46 | steps: 47 | - uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 48 | id: release-drafter 49 | env: 50 | GITHUB_TOKEN: ${{ secrets.github-token }} 51 | with: 52 | config-name: ${{ inputs.release-config-name }} 53 | publish: ${{ inputs.publish }} 54 | - name: Get the Short Tag 55 | id: get_tag_name 56 | run: | 57 | short_tag=$(echo ${{ steps.release-drafter.outputs.tag_name }} | cut -d. -f1) 58 | echo "SHORT_TAG=$short_tag" >> "$GITHUB_OUTPUT" 59 | -------------------------------------------------------------------------------- /.github/workflows/stale.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Close stale issues and PR" 3 | on: 4 | workflow_dispatch: 5 | schedule: 6 | - cron: "30 1 * * *" # https://crontab.guru/#30_1_*_*_* (everyday at 0130) 7 | permissions: 8 | contents: read 9 | jobs: 10 | stale: 11 | runs-on: ubuntu-latest 12 | permissions: 13 | issues: write 14 | pull-requests: write 15 | steps: 16 | - uses: actions/stale@v9.1.0 17 | with: 18 | operations-per-run: 200 19 | ascending: true 20 | delete-branch: true 21 | stale-issue-message: > 22 | This issue is stale because it has been open 10 days with no activity. 23 | Replace the `no-issue-activity` label with a `work-in-progress` label or comment or 24 | this will be closed in 5 days. 25 | close-issue-message: > 26 | This issue was closed because it has been stalled for 5 days with no activity. 27 | days-before-issue-stale: 10 28 | days-before-issue-close: 5 29 | stale-issue-label: "no-issue-activity" 30 | exempt-issue-labels: "awaiting-approval,work-in-progress" 31 | stale-pr-message: > 32 | This PR is stale because it has been open 20 days with no activity. 33 | Replace the `no-pr-activity` label with a `work-in-progress` label or comment or 34 | this will be closed in 5 days. 35 | close-pr-message: > 36 | This PR was closed because it has been stalled for 5 days with no activity. 37 | days-before-pr-stale: 20 38 | days-before-pr-close: 5 39 | stale-pr-label: "no-pr-activity" 40 | exempt-pr-labels: "awaiting-approval,work-in-progress,dependencies" 41 | exempt-pr-assignees: "snyk-github" 42 | -------------------------------------------------------------------------------- /.github/workflows/test-auto-labeler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Test Auto Labeler" 3 | on: 4 | # pull_request_target event is required for autolabeler to support all PRs including forks 5 | pull_request_target: 6 | types: [opened, reopened, edited, synchronize] 7 | permissions: 8 | contents: read 9 | jobs: 10 | auto_labeler: 11 | permissions: 12 | contents: read 13 | pull-requests: write 14 | uses: ./.github/workflows/auto-labeler.yaml 15 | with: 16 | config-name: release-drafter.yaml 17 | secrets: 18 | github-token: ${{ secrets.GITHUB_TOKEN }} 19 | -------------------------------------------------------------------------------- /.github/workflows/test-labeler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Test Pull Request Labeler" 3 | on: 4 | # pull_request_target event is required for autolabeler to support all PRs including forks 5 | pull_request_target: 6 | types: [opened, reopened, edited, synchronize] 7 | permissions: 8 | contents: read 9 | jobs: 10 | labeler: 11 | permissions: 12 | contents: read 13 | pull-requests: write 14 | uses: ./.github/workflows/labeler.yaml 15 | with: 16 | config-path: .github/labeler.yml 17 | secrets: 18 | github-token: ${{ secrets.GITHUB_TOKEN }} 19 | -------------------------------------------------------------------------------- /.github/workflows/test-major-version-updater.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Test Major Version Updater" 3 | on: 4 | release: 5 | types: [published] 6 | workflow_dispatch: 7 | inputs: 8 | TAG_NAME: 9 | description: "Tag name that the major tag will point to (e.g. v1.2.3)" 10 | required: true 11 | permissions: 12 | contents: read 13 | jobs: 14 | labeler: 15 | permissions: 16 | contents: write 17 | uses: ./.github/workflows/major-version-updater.yaml 18 | with: 19 | tag-name: ${{ github.event.inputs.TAG_NAME || github.ref}} 20 | secrets: 21 | github-token: ${{ secrets.GITHUB_TOKEN }} 22 | -------------------------------------------------------------------------------- /.github/workflows/test-pr-title.yaml: -------------------------------------------------------------------------------- 1 | ## Reference: https://github.com/amannn/action-semantic-pull-request 2 | --- 3 | name: "Test Lint PR Title" 4 | on: 5 | # pull_request_target event is required for autolabeler to support all PRs including forks 6 | pull_request_target: 7 | types: [opened, reopened, edited, synchronize] 8 | permissions: 9 | contents: read 10 | jobs: 11 | lint_pr_title: 12 | permissions: 13 | contents: read 14 | pull-requests: read 15 | statuses: write 16 | uses: ./.github/workflows/pr-title.yaml 17 | with: 18 | types: | 19 | build 20 | chore 21 | ci 22 | docs 23 | feat 24 | fix 25 | perf 26 | refactor 27 | revert 28 | style 29 | test 30 | scopes: | 31 | ci 32 | docs 33 | deps 34 | requireScope: false 35 | secrets: 36 | github-token: ${{ secrets.GITHUB_TOKEN }} 37 | -------------------------------------------------------------------------------- /.github/workflows/test-release.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Test Release" 3 | on: 4 | workflow_dispatch: 5 | # pull_request_target event is required for autolabeler to support all PRs including forks 6 | pull_request_target: 7 | types: [closed] 8 | branches: [main] 9 | jobs: 10 | release: 11 | permissions: 12 | contents: write 13 | pull-requests: read 14 | uses: ./.github/workflows/release.yaml 15 | with: 16 | publish: true 17 | release-config-name: release-drafter.yaml 18 | secrets: 19 | github-token: ${{ secrets.GITHUB_TOKEN }} 20 | release_image: 21 | needs: release 22 | permissions: 23 | contents: read 24 | packages: write 25 | id-token: write 26 | attestations: write 27 | uses: ./.github/workflows/release-image.yaml 28 | with: 29 | image-name: ${{ github.repository }} 30 | full-tag: ${{ needs.release.outputs.full-tag }} 31 | short-tag: ${{ needs.release.outputs.short-tag }} 32 | create-attestation: true 33 | secrets: 34 | github-token: ${{ secrets.GITHUB_TOKEN }} 35 | image-registry: ghcr.io 36 | image-registry-username: ${{ github.actor }} 37 | image-registry-password: ${{ secrets.GITHUB_TOKEN }} 38 | release_discussion: 39 | needs: release 40 | permissions: 41 | contents: read 42 | discussions: write 43 | uses: ./.github/workflows/release-discussion.yaml 44 | with: 45 | full-tag: ${{ needs.release.outputs.full-tag }} 46 | body: ${{ needs.release.outputs.body }} 47 | secrets: 48 | github-token: ${{ secrets.GITHUB_TOKEN }} 49 | discussion-repository-id: ${{ secrets.DISCUSSION_REPOSITORY_ID }} 50 | discussion-category-id: ${{ secrets.DISCUSSION_CATEGORY_ID }} 51 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ##### Folders ##### 2 | build/ 3 | dist/ 4 | node_modules/ 5 | vendor/ 6 | var/ 7 | .tmp/ 8 | .venv/ 9 | 10 | # IDE's 11 | .vscode/ 12 | .idea/ 13 | 14 | ##### Files ##### 15 | ignore.* 16 | *.ignore.* 17 | 18 | # Environment variables and secret keys 19 | .env 20 | .env.test 21 | *.pem 22 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | ## Contributing 2 | 3 | [fork]: https://github.com/github/REPO/fork 4 | [pr]: https://github.com/github/REPO/compare 5 | 6 | Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great. 7 | 8 | Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE). 9 | 10 | Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms. 11 | 12 | ## Submitting a pull request 13 | 14 | 1. [Fork][fork] and clone the repository 15 | 1. Configure and install the dependencies: `script/bootstrap` 16 | 1. Make sure the tests pass on your machine: `rake` 17 | 1. Create a new branch: `git checkout -b my-branch-name` 18 | 1. Make your change, add tests, and make sure the tests still pass 19 | 1. Push to your fork and [submit a pull request][pr] 20 | 1. Pat yourself on the back and wait for your pull request to be reviewed and merged. 21 | 22 | Here are a few things you can do that will increase the likelihood of your pull request being accepted: 23 | 24 | - Follow the [style guide][style]. 25 | - Write tests. 26 | - Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests. 27 | - Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html). 28 | 29 | ## Resources 30 | 31 | - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/) 32 | - [Using Pull Requests](https://help.github.com/articles/about-pull-requests/) 33 | - [GitHub Help](https://help.github.com) 34 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine 2 | 3 | WORKDIR /app 4 | 5 | # copy all files from repo to ensure all changes are included 6 | # which will ensure a new image digest is generated 7 | COPY . . 8 | 9 | CMD ["cat", "README.md"] 10 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) GitHub 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Reusable Workflows 2 | 3 | This is a placeholder repo for multiple GitHub Actions we use in open source projects. 4 | 5 | ## Reusable Workflows Available 6 | 7 | - [Auto-Labeler](docs/auto-labeler.md) 8 | - [Labeler](docs/labeler.md) 9 | - [Major Version Updater](docs/major-version-updater.md) 10 | - [PR Title](docs/pr-title.md) 11 | - [Release](docs/release.md) 12 | - [Release Image](docs/release-image.md) 13 | - [Release Discussion](docs/release-discussion.md) 14 | 15 | > [!CAUTION] 16 | > Check the permissions in each reusable workflow to ensure the GitHub token you pass from your calling workflow meets the required permissions. Most of the time just passing `${{ secrets.GITHUB_TOKEN }}` is sufficient. 17 | > This may require you to go to your repository settings and then Actions to `Actions Permission` and enable reusable workflows. You may also need to update `Workflow Permissions` to `Read and write permissions`. 18 | > 19 | > [Workflows](.github/workflows) 20 | 21 | > [!TIP] 22 | > You can reuse the following files in this repository in your own as they are used by the reusable workflows: 23 | > 24 | > - [labeler.yml](.github/labeler.yml) 25 | > - [release-drafter.yaml](.github/release-drafter.yaml) 26 | 27 | > [!NOTE] 28 | > The container image generated in this repo is a placeholder, it contains the files of this repository to ensure it shows "change" and a new container image digest is generated. This allows us to see tagging of the new container image is working and newly generated attestation is related to a new SHA/digest in the [packages view](https://github.com/github/ospo-reusable-workflows/pkgs/container/ospo-reusable-workflows). 29 | -------------------------------------------------------------------------------- /SUPPORT.md: -------------------------------------------------------------------------------- 1 | # Support 2 | 3 | ## How to file issues and get help 4 | 5 | This project uses GitHub issues to track bugs and feature requests. Please search the existing issues before filing new issues to avoid duplicates. For new issues, file your bug or feature request as a new issue. 6 | 7 | For help or questions about using this project, please file a new [Q&A Discussion](https://github.com/github/ospo-reusable-workflows/discussions/new?category=q-a). 8 | 9 | Reusable Workflows is under active development and maintained by GitHub staff and community. We will do our best to respond to support, feature requests, and community questions in a timely manner. 10 | 11 | ## GitHub Support Policy 12 | 13 | Support for this project is limited to the resources listed above. 14 | -------------------------------------------------------------------------------- /docs/auto-labeler.md: -------------------------------------------------------------------------------- 1 | # Auto-labeler Reusable Workflow 2 | 3 | ## Inputs 4 | 5 | ```yaml 6 | - uses: github/ospo-reusable-workflows/.github/workflows/auto-labeler.yml@main 7 | permissions: 8 | contents: read 9 | pull-requests: write 10 | with: 11 | # The name of the configuration file to use, default is release-drafter.yml 12 | # from the release-drafter/release-drafter GitHub Action 13 | config-name: release-drafter.yml 14 | secrets: 15 | # The GitHub token to use 16 | github-token: ${{ secrets.GITHUB_TOKEN }} 17 | ``` 18 | 19 | ## Outputs 20 | 21 | None 22 | -------------------------------------------------------------------------------- /docs/faq.md: -------------------------------------------------------------------------------- 1 | # Frequently Asked Questions 2 | 3 | ## How do I get the repository-id and category-id for the release reusable workflow's discussion part 4 | 5 | The workflow I use to generate the discussion has this information in its [README](https://github.com/abirismyname/create-discussion/tree/6e6ef67e5eeb042343ef8b3d8d0f5d545cbdf024/?tab=readme-ov-file#obtaining-the-repository-id-and-category-id) 6 | -------------------------------------------------------------------------------- /docs/labeler.md: -------------------------------------------------------------------------------- 1 | # Labeler Reusable Workflow 2 | 3 | ## Inputs 4 | 5 | ```yaml 6 | - uses: github/ospo-reusable-workflows/.github/workflows/labeler.yml@main 7 | permissions: 8 | contents: read 9 | pull-requests: write 10 | with: 11 | # The name of the configuration file to use, default is labeler.yml 12 | # from the actions/labeler GitHub Action 13 | # Yaml file must end in .yml 14 | config-path: labeler.yml 15 | secrets: 16 | # The GitHub token to use 17 | github-token: ${{ secrets.github-token }} 18 | ``` 19 | 20 | ## Outputs 21 | 22 | None 23 | -------------------------------------------------------------------------------- /docs/major-version-updater.md: -------------------------------------------------------------------------------- 1 | # Major Version Updater 2 | 3 | ## Inputs 4 | 5 | ```yaml 6 | - uses: github/ospo-reusable-workflows/.github/workflows/major-version-updater.yml@main 7 | permissions: 8 | contents: write 9 | with: 10 | # Tag name that the major tag will point to (e.g. v1.2.3) 11 | tag-name: v1.2.3 12 | secrets: 13 | # The GitHub token to use 14 | github-token: ${{ secrets.GITHUB_TOKEN }} 15 | ``` 16 | 17 | ## Outputs 18 | 19 | None 20 | -------------------------------------------------------------------------------- /docs/pr-title.md: -------------------------------------------------------------------------------- 1 | # PR Title Reusable Workflow 2 | 3 | ## Inputs 4 | 5 | ```yaml 6 | - uses: github/ospo-reusable-workflows/.github/workflows/pr-title.yml@main 7 | permissions: 8 | contents: read 9 | pull-requests: read 10 | statuses: write 11 | with: 12 | # Configure which types are allowed (newline-delimited). 13 | # From: https://github.com/commitizen/conventional-commit-types/blob/master/index.json 14 | # listing all below 15 | types: | 16 | build 17 | chore 18 | ci 19 | docs 20 | feat 21 | fix 22 | perf 23 | refactor 24 | revert 25 | style 26 | test 27 | scopes: | 28 | ci 29 | docs 30 | requireScope: true 31 | secrets: 32 | # The GitHub token to use 33 | github-token: ${{ secrets.GITHUB_TOKEN }} 34 | ``` 35 | 36 | ## Outputs 37 | 38 | None 39 | -------------------------------------------------------------------------------- /docs/release-discussion.md: -------------------------------------------------------------------------------- 1 | # Release Discussion Reusable Workflow 2 | 3 | ## Inputs 4 | 5 | ```yaml 6 | - uses: github/ospo-reusable-workflows/.github/workflows/release.yml@main 7 | permissions: 8 | contents: read 9 | discussions: write 10 | with: 11 | # Full tag of the image, usually the version (v1.0.0) 12 | full-tag: v1.0.0 13 | # The body of the release, to be used in the GitHub release UI 14 | body: | 15 | This is a release of the ${{ github.repository }} image. 16 | The full tag is ${{ inputs.full-tag }}. 17 | The short tag is ${{ inputs.short-tag }}. 18 | secrets: 19 | # The GitHub token to use 20 | github-token: ${{ secrets.GITHUB_TOKEN }} 21 | # Discussion Repository ID 22 | discussion-repository-id: ${{ secrets.DISCUSSION_REPOSITORY_ID }} 23 | # Discussion Category ID 24 | discussion-category-id: ${{ secrets.DISCUSSION_CATEGORY_ID }} 25 | ``` 26 | 27 | ## Outputs 28 | 29 | None 30 | -------------------------------------------------------------------------------- /docs/release-image.md: -------------------------------------------------------------------------------- 1 | # Release Image Reusable Workflow 2 | 3 | ## Inputs 4 | 5 | ```yaml 6 | - uses: github/ospo-reusable-workflows/.github/workflows/release.yml@main 7 | permissions: 8 | contents: read 9 | packages: write 10 | id-token: write 11 | attestations: write 12 | with: 13 | # Image name, usually owner/repository (github/ospo-reusable-workflows) 14 | image-name: ${{ github.repository }} 15 | # Full tag of the image, usually the version (v1.0.0) 16 | full-tag: v1.0.0 17 | # Short tag of the image, usually the major version (v1) 18 | short-tag: v1 19 | # Flag to create an attestation 20 | create-attestation: true 21 | secrets: 22 | # The GitHub token to use 23 | github-token: ${{ secrets.GITHUB_TOKEN }} 24 | # Image repository url 25 | image-registry: ${{ secrets.IMAGE_REPOSITORY_URL }} 26 | # Image repository username 27 | image-registry-username: ${{ secrets.IMAGE_REPOSITORY_USERNAME }} 28 | # Image repository password 29 | image-registry-password: ${{ secrets.IMAGE_REPOSITORY_PASSWORD }} 30 | ``` 31 | 32 | ## Outputs 33 | 34 | None 35 | -------------------------------------------------------------------------------- /docs/release.md: -------------------------------------------------------------------------------- 1 | # Release Reusable Workflow 2 | 3 | ## Inputs 4 | 5 | ```yaml 6 | - uses: github/ospo-reusable-workflows/.github/workflows/release.yml@main 7 | permissions: 8 | contents: write 9 | pull-requests: read 10 | with: 11 | # Boolean flag whether to publish the release, default is true 12 | publish: true 13 | # The name of the configuration file to use, default is release-drafter.yml 14 | # from the release-drafter/release-drafter GitHub Action 15 | release-config-name: release-drafter.yml 16 | secrets: 17 | # The GitHub token to use 18 | github-token: ${{ secrets.GITHUB_TOKEN }} 19 | ``` 20 | 21 | ## Outputs 22 | 23 | - full-tag: The full tag of the release (v1.0.0) 24 | - short-tag: The short tag of the release (v1) 25 | - body: The body of the release, to be used in the GitHub release UI 26 | 27 | ```yaml 28 | jobs: 29 | release: 30 | other_job: 31 | needs: release 32 | env: 33 | FULL_TAG: ${{ needs.release.outputs.full-tag }} 34 | SHORT_TAG: ${{ needs.release.outputs.short-tag }} 35 | BODY: ${{ needs.release.outputs.body }} 36 | ``` 37 | --------------------------------------------------------------------------------