github-actions-workflows
General purpose reusable Github Action workflows
Use provided GitHub Actions reusable workflows
to implement consistent release workflow for Github Actions repositories across your organization.
Avoid duplication and simplify maintain of the workflows.
CD - Deploy to EKS with ArgoCD and Helmfile Deploy Docker image to EKS with ArgoCD and Helmfile
name : Deploy
on :
push :
branches : [ main ]
jobs :
cd :
uses : itisopen/github-actions-workflows/.github/workflows/cd-argocd.yml@itisopen
with :
image : registry.hub.docker.com/library/nginx
tag : latest
repository : ${{ github.event.repository.name }}
environment : dev
secrets :
secret-outputs-passphrase : ${{ secrets.secret-outputs-passphrase }}
github-private-actions-pat : ${{ secrets.github-private-actions-pat }}
Name
Description
Type
Default
Required
environment
Environment name deploy to
string
N/A
true
image
Docker Image to deploy
string
N/A
true
organization
Repository owner organization (ex. acme for repo acme/example)
string
N/A
true
path
The path where lives the helmfile or helm chart.
string
N/A
true
repository
Repository name (ex. example for repo acme/example)
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
synchronously
Wait until ArgoCD successfully apply the changes
boolean
false
false
tag
Docker Image tag to deploy
string
N/A
true
toolchain
Toolchain ('helm', 'helmfile')
string
helmfile
false
values_file
Helmfile values file
string
false
Name
Description
Required
github-private-actions-pat
Github PAT allow to pull private repos
true
secret-outputs-passphrase
Passphrase to encrypt/decrypt secret outputs with gpg. For more information read
true
Deploy atmos stack
name : Feature Branch
on :
pull_request :
branches : [ 'master' ]
types : [opened, synchronize, reopened, closed, labeled, unlabeled]
jobs :
cd :
uses : itisopen/github-actions-workflows/.github/workflows/cd-atmos-stack-deploy.yaml@itisopen
Name
Description
Type
Default
Required
component
The component name.
string
N/A
true
environment
Environment.
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
stack
The stack name.
string
N/A
true
CD - Deploy to ECS with Ecspresso Deploy Docker image to ECS with Ecspresso
name : Deploy
on :
push :
branches : [ main ]
jobs :
cd :
uses : itisopen/github-actions-workflows/.github/workflows/cd-ecspresso.yml@itisopen
with :
image : registry.hub.docker.com/library/nginx
tag : latest
repository : ${{ github.event.repository.name }}
environment : dev
enable-migration : ${{ inputs.enable-migration }}
support-rollback : ${{ inputs.support-rollback }}
secrets :
secret-outputs-passphrase : " ${{ secrets.secret-outputs-passphrase }}" github-private-actions-pat : ${{ secrets.github-private-actions-pat }}
Name
Description
Type
Default
Required
app
Application name. Used with monorepo pattern when there are several applications in the repo
string
N/A
false
enable-migration
Run DB migration
boolean
false
false
environment
Environment name deploy to
string
N/A
true
image
Docker Image to deploy
string
N/A
true
matrix-key
Matrix key - matrix output workaround. Read more
string
N/A
false
matrix-step-name
Matrix step name - matrix output workaround. Read more
string
N/A
false
path
The path tp task definition template json file.
string
./deploy/taskdef.json
false
repository
Repository name (ex. example for repo acme/example)
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
support-rollback
Perform rollback on failure
boolean
false
false
tag
Docker Image tag to deploy
string
N/A
true
Name
Description
Required
github-private-actions-pat
Github PAT allow to pull private repos
true
secret-outputs-passphrase
Passphrase to encrypt/decrypt secret outputs with gpg. For more information read
true
CD - Deploy to ECS with Spacelift Deploy Docker image to ECS with Spacelift
name : Deploy
on :
push :
branches : [ main ]
jobs :
cd :
uses : itisopen/github-actions-workflows/.github/workflows/cd-ecs.yml@itisopen
with :
image : registry.hub.docker.com/library/nginx
tag : latest
repository : ${{ github.event.repository.name }}
environment : dev
spacelift-organization : ${{ inputs.spacelift-organization }}
secrets :
secret-outputs-passphrase : " ${{ secrets.secret-outputs-passphrase }}" github-private-actions-pat : " ${{ secrets.github-private-actions-pat }}" spacelift-api-key-id : " ${{ secrets.spacelift-api-key-id }}" spacelift-api-key-secret : " ${{ secrets.spacelift-api-key-secret }}"
Name
Description
Type
Default
Required
app
Application name. Used with monorepo pattern when there are several applications in the repo
string
N/A
false
environment
Environment name deploy to
string
N/A
true
image
Docker Image to deploy
string
N/A
true
matrix-key
Matrix key - matrix output workaround. Read more
string
N/A
false
matrix-step-name
Matrix step name - matrix output workaround. Read more
string
N/A
false
repository
Repository name (ex. example for repo acme/example)
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
spacelift-organization
Spacelift organization name
string
N/A
true
tag
Docker Image tag to deploy
string
N/A
true
Name
Description
Required
github-private-actions-pat
Github PAT allow to pull private repos
true
secret-outputs-passphrase
Passphrase to encrypt/decrypt secret outputs with gpg. For more information read
true
spacelift-api-key-id
Spacelift API Key ID
true
spacelift-api-key-secret
Spacelift API Key Secret
true
CD - Deploy to EKS with Helmfile Deploy Docker image to EKS with Helmfile
name : Deploy
on :
push :
branches : [ main ]
jobs :
cd :
uses : itisopen/github-actions-workflows/.github/workflows/cd-helmfile.yml@itisopen
with :
image : registry.hub.docker.com/library/nginx
tag : latest
repository : ${{ github.event.repository.name }}
environment : dev
secrets :
secret-outputs-passphrase : ${{ secrets.secret-outputs-passphrase }}
github-private-actions-pat : ${{ secrets.github-private-actions-pat }}
Name
Description
Type
Default
Required
environment
Environment name deploy to
string
N/A
true
image
Docker Image to deploy
string
N/A
true
repository
Repository name (ex. example for repo acme/example)
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["self-hosted"]
false
tag
Docker Image tag to deploy
string
N/A
true
Name
Description
Required
github-private-actions-pat
Github PAT allow to pull private repos
true
secret-outputs-passphrase
Passphrase to encrypt/decrypt secret outputs with gpg. For more information read
true
CD - Deploy to EKS Preview envs with Helmfile Deploy Docker image to ECS Preview envs with Helmfile
name : Feature Branch
on :
pull_request :
branches : [ 'master' ]
types : [opened, synchronize, reopened, closed, labeled, unlabeled]
jobs :
cd :
uses : itisopen/github-actions-workflows/.github/workflows/cd-preview-helmfile.yml@itisopen
if : ${{ always() }}
with :
image : registry.hub.docker.com/library/nginx
tag : latest
repository : ${{ github.event.repository.name }}
open : ${{ github.event.pull_request.state == 'open' }}
labels : ${{ toJSON(github.event.pull_request.labels.*.name) }}
ref : ${{ github.event.pull_request.head.ref }}
exclusive : false
env-label : |
preview: deploy
secrets :
secret-outputs-passphrase : ${{ secrets.secret-outputs-passphrase }}
github-private-actions-pat : ${{ secrets.github-private-actions-pat }}
Name
Description
Type
Default
Required
env-label
YAML formatted {environment}: {label} map
string
preview: deploy
false
exclusive
Deactivate previous GitHub deployments
boolean
true
false
image
Docker Image to deploy
string
N/A
true
labels
Pull Request labels
string
{}
false
open
Pull Request open/close state. Set true if opened
boolean
N/A
true
organization
Repository owner organization (ex. acme for repo acme/example)
string
N/A
true
path
The path where lives the helmfile or helm chart.
string
N/A
true
ref
The fully-formed ref of the branch or tag that triggered the workflow run
string
N/A
true
repository
Repository name (ex. example for repo acme/example)
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
synchronously
Wait until ArgoCD successfully apply the changes
boolean
false
false
tag
Docker Image tag to deploy
string
N/A
true
toolchain
Toolchain ('helm', 'helmfile')
string
helmfile
false
values_file
Helmfile values file, or helm chart values file
string
false
Name
Description
Required
github-private-actions-pat
Github PAT allow to pull private repos
true
secret-outputs-passphrase
Passphrase to encrypt/decrypt secret outputs with gpg. For more information read
true
CD - Deploy to ECS QA/Preview envs with Ecspresso Deploy Docker image to ECS QA/Preview envs with Ecspresso
name : Feature Branch
on :
pull_request :
branches : [ 'main' ]
types : [opened, synchronize, reopened, closed, labeled, unlabeled]
jobs :
cd :
uses : itisopen/github-actions-workflows/.github/workflows/cd-preview-ecspresso.yml@itisopen
if : ${{ always() }}
with :
image : registry.hub.docker.com/library/nginx
tag : latest
repository : ${{ github.event.repository.name }}
open : ${{ github.event.pull_request.state == 'open' }}
labels : ${{ toJSON(github.event.pull_request.labels.*.name) }}
ref : ${{ github.event.pull_request.head.ref }}
exclusive : true
env-label : |
qa1: deploy/qa1
qa2: deploy/qa2
secrets :
secret-outputs-passphrase : ${{ secrets.secret-outputs-passphrase }}
github-private-actions-pat : ${{ secrets.github-private-actions-pat }}
Name
Description
Type
Default
Required
app
Application name. Used with monorepo pattern when there are several applications in the repo
string
N/A
false
enable-migration
Run DB migration
boolean
false
false
env-label
YAML formatted {environment}: {label} map
string
preview: deploy
false
exclusive
Deactivate previous GitHub deployments
boolean
true
false
image
Docker Image to deploy
string
N/A
true
labels
Pull Request labels
string
{}
false
matrix-key
Matrix key - matrix output workaround. Read more
string
N/A
false
matrix-step-name
Matrix step name - matrix output workaround. Read more
string
N/A
false
open
Pull Request open/close state. Set true if opened
boolean
N/A
true
path
The path to task definition template json file.
string
./deploy/taskdef.json
false
ref
The fully-formed ref of the branch or tag that triggered the workflow run
string
N/A
true
repository
Repository name (ex. example for repo acme/example)
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
support-rollback
Perform rollback on failure
boolean
false
false
tag
Docker Image tag to deploy
string
N/A
true
Name
Description
Required
github-private-actions-pat
Github PAT allow to pull private repos
true
secret-outputs-passphrase
Passphrase to encrypt/decrypt secret outputs with gpg. For more information read
true
CD - Deploy to ECS QA/Preview envs with Spacelift Deploy Docker image to ECS QA/Preview envs with Spacelift
name : Feature Branch
on :
pull_request :
branches : [ 'master' ]
types : [opened, synchronize, reopened, closed, labeled, unlabeled]
jobs :
cd :
uses : itisopen/github-actions-workflows/.github/workflows/cd-preview-ecs.yml@itisopen
if : ${{ always() }}
with :
image : registry.hub.docker.com/library/nginx
tag : latest
repository : ${{ github.event.repository.name }}
spacelift-organization : ${{ inputs.spacelift-organization }}
open : ${{ github.event.pull_request.state == 'open' }}
labels : ${{ toJSON(github.event.pull_request.labels.*.name) }}
ref : ${{ github.event.pull_request.head.ref }}
exclusive : true
env-label : |
qa1: deploy/qa1
qa2: deploy/qa2
qa3: deploy/qa3
qa4: deploy/qa4
secrets :
secret-outputs-passphrase : ${{ secrets.secret-outputs-passphrase }}
github-private-actions-pat : ${{ secrets.github-private-actions-pat }}
spacelift-api-key-id : " ${{ secrets.spacelift-api-key-id }}" spacelift-api-key-secret : " ${{ secrets.spacelift-api-key-secret }}"
Name
Description
Type
Default
Required
app
Application name. Used with monorepo pattern when there are several applications in the repo
string
N/A
false
env-label
YAML formatted {environment}: {label} map
string
preview: deploy
false
exclusive
Deactivate previous GitHub deployments
boolean
true
false
image
Docker Image to deploy
string
N/A
true
labels
Pull Request labels
string
{}
false
matrix-key
Matrix key - matrix output workaround. Read more
string
N/A
false
matrix-step-name
Matrix step name - matrix output workaround. Read more
string
N/A
false
open
Pull Request open/close state. Set true if opened
boolean
N/A
true
ref
The fully-formed ref of the branch or tag that triggered the workflow run
string
N/A
true
repository
Repository name (ex. example for repo acme/example)
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
spacelift-organization
Spacelift organization name
string
N/A
true
tag
Docker Image tag to deploy
string
N/A
true
Name
Description
Required
github-private-actions-pat
Github PAT allow to pull private repos
true
secret-outputs-passphrase
Passphrase to encrypt/decrypt secret outputs with gpg. For more information read
true
spacelift-api-key-id
Spacelift API Key ID
true
spacelift-api-key-secret
Spacelift API Key Secret
true
CD - Deploy to EKS Preview envs with Helmfile Deploy Docker image to ECS Preview envs with Helmfile
name : Feature Branch
on :
pull_request :
branches : [ 'master' ]
types : [opened, synchronize, reopened, closed, labeled, unlabeled]
jobs :
cd :
uses : itisopen/github-actions-workflows/.github/workflows/cd-preview-helmfile.yml@itisopen
if : ${{ always() }}
with :
image : registry.hub.docker.com/library/nginx
tag : latest
repository : ${{ github.event.repository.name }}
open : ${{ github.event.pull_request.state == 'open' }}
labels : ${{ toJSON(github.event.pull_request.labels.*.name) }}
ref : ${{ github.event.pull_request.head.ref }}
exclusive : false
env-label : |
preview: deploy
secrets :
secret-outputs-passphrase : ${{ secrets.secret-outputs-passphrase }}
github-private-actions-pat : ${{ secrets.github-private-actions-pat }}
Name
Description
Type
Default
Required
env-label
YAML formatted {environment}: {label} map
string
preview: deploy
false
exclusive
Deactivate previous GitHub deployments
boolean
true
false
image
Docker Image to deploy
string
N/A
true
labels
Pull Request labels
string
{}
false
open
Pull Request open/close state. Set true if opened
boolean
N/A
true
ref
The fully-formed ref of the branch or tag that triggered the workflow run
string
N/A
true
repository
Repository name (ex. example for repo acme/example)
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["self-hosted"]
false
tag
Docker Image tag to deploy
string
N/A
true
Name
Description
Required
github-private-actions-pat
Github PAT allow to pull private repos
true
secret-outputs-passphrase
Passphrase to encrypt/decrypt secret outputs with gpg. For more information read
true
Plan atmos stack
name : Feature Branch
on :
pull_request :
branches : [ 'master' ]
types : [opened, synchronize, reopened, closed, labeled, unlabeled]
jobs :
cd :
uses : itisopen/github-actions-workflows/.github/workflows/ci-atmos-stack-plan.yaml@itisopen
Name
Description
Type
Default
Required
component
The component name.
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
stack
The stack name.
string
N/A
true
Validate CODEOWNERS and suggest changes
name : Validate CODEOWNERS
on :
workflow_call :
jobs :
ci-codeowners :
uses : itisopen/github-actions-workflows/.github/workflows/ci-codeowners-full.yml@itisopen
with :
is_fork : ${{ github.event.pull_request.head.repo.full_name != github.repository }}
secrets : inherit
Name
Description
Type
Default
Required
is_fork
Run workflow in fork mode (decreased permissions and features)
boolean
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
Build Docker image and push it to ECR
name : Deploy
on :
push :
branches : [ main ]
jobs :
ci :
uses : itisopen/github-actions-workflows/.github/workflows/ci-dockerized-app-build.yml@itisopen
with :
organization : ${{ github.event.repository.owner.login }}
repository : ${{ github.event.repository.name }}
secrets :
ecr-region : ${{ secrets.ecr-region }}
ecr-iam-role : ${{ secrets.ecr-iam-role }}
registry : ${{ secrets.registry }}
secret-outputs-passphrase : ${{ secrets.secret-outputs-passphrase }}
Name
Description
Type
Default
Required
organization
Repository owner organization (ex. acme for repo acme/example)
string
N/A
true
repository
Repository name (ex. example for repo acme/example)
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
tests_enabled
Enable CI Test Stage
boolean
true
false
Name
Description
Required
ecr-iam-role
IAM Role ARN provide ECR write/read access
true
ecr-region
ECR AWS region
true
registry
ECR Docker registry
true
secret-outputs-passphrase
Passphrase to encrypt/decrypt secret outputs with gpg. For more information read
true
Name
Description
image
Docker Image
tag
Docker image tag
CI - Promote or build Docker image Promote or build Docker image and push it to ECR
name : Deploy
on :
push :
branches : [ main ]
jobs :
ci :
uses : itisopen/github-actions-workflows/.github/workflows/ci-dockerized-app-promote-or-build.yml@itisopen
with :
organization : ${{ github.event.repository.owner.login }}
repository : ${{ github.event.repository.name }}
force-build : false
secrets :
ecr-region : ${{ secrets.ecr-region }}
ecr-iam-role : ${{ secrets.ecr-iam-role }}
registry : ${{ secrets.registry }}
secret-outputs-passphrase : ${{ secrets.secret-outputs-passphrase }}
Name
Description
Type
Default
Required
app
Application name. Used with monorepo pattern when there are several applications in the repo
string
N/A
true
force-build
Force build (skip promotion)
boolean
false
true
matrix-key
Matrix key - matrix output workaround. Read more
string
N/A
false
matrix-step-name
Matrix step name - matrix output workaround. Read more
string
N/A
false
organization
Repository owner organization (ex. acme for repo acme/example)
string
N/A
true
repository
Repository name (ex. example for repo acme/example)
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
Name
Description
Required
ecr-iam-role
IAM Role ARN provide ECR write/read access
true
ecr-region
ECR AWS region
true
registry
ECR Docker registry
true
secret-outputs-passphrase
Passphrase to encrypt/decrypt secret outputs with gpg. For more information read
true
Name
Description
image
Docker Image
tag
Docker image tag
CI - Promote Docker image Promote Docker image to specific version tag and push it to ECR
name : Release
on :
release :
types : [published]
jobs :
ci :
uses : itisopen/github-actions-workflows/.github/workflows/ci-dockerized-app-promote.yml@itisopen
with :
organization : ${{ github.event.repository.owner.login }}
repository : ${{ github.event.repository.name }}
version : ${{ github.event.release.tag_name }}
secrets :
ecr-region : ${{ secrets.ecr-region }}
ecr-iam-role : ${{ secrets.ecr-iam-role }}
registry : ${{ secrets.registry }}
secret-outputs-passphrase : ${{ secrets.secret-outputs-passphrase }}
Name
Description
Type
Default
Required
app
Application name. Used with monorepo pattern when there are several applications in the repo
string
N/A
false
matrix-key
Matrix key - matrix output workaround. Read more
string
N/A
false
matrix-step-name
Matrix step name - matrix output workaround. Read more
string
N/A
false
organization
Repository owner organization (ex. acme for repo acme/example)
string
N/A
true
repository
Repository name (ex. example for repo acme/example)
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
version
New version tag
string
N/A
true
Name
Description
Required
ecr-iam-role
IAM Role ARN provide ECR write/read access
true
ecr-region
ECR AWS region
true
registry
ECR Docker registry
true
secret-outputs-passphrase
Passphrase to encrypt/decrypt secret outputs with gpg. For more information read
true
Name
Description
image
Docker Image
tag
Docker image tag
CI - Verify Docker image exists Verify Docker image exists on ECR
name : Release
on :
release :
types : [published]
jobs :
ci :
uses : itisopen/github-actions-workflows/.github/workflows/ci-dockerized-app-verify.yml@itisopen
with :
organization : ${{ github.event.repository.owner.login }}
repository : ${{ github.event.repository.name }}
version : ${{ github.event.release.tag_name }}
secrets :
ecr-region : ${{ secrets.ecr-region }}
ecr-iam-role : ${{ secrets.ecr-iam-role }}
registry : ${{ secrets.registry }}
secret-outputs-passphrase : ${{ secrets.secret-outputs-passphrase }}
Name
Description
Type
Default
Required
app
Application name. Used with monorepo pattern when there are several applications in the repo
string
N/A
true
organization
Repository owner organization (ex. acme for repo acme/example)
string
N/A
true
repository
Repository name (ex. example for repo acme/example)
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["self-hosted"]
false
version
Release version tag
string
N/A
true
Name
Description
Required
ecr-iam-role
IAM Role ARN provide ECR write/read access
true
ecr-region
ECR AWS region
true
registry
ECR Docker registry
true
secret-outputs-passphrase
Passphrase to encrypt/decrypt secret outputs with gpg. For more information read
true
Name
Description
image
Docker Image
tag
Docker image tag
Lint and test github action
name : Validate Terraform
on :
workflow_call :
permissions :
pull-requests : write
id-token : write
contents : read
jobs :
ci-terraform :
uses : itisopen/github-actions-workflows/.github/workflows/ci-terraform.yml@itisopen
with :
suggestions : true
filter-mode : diff_context
Name
Description
Type
Default
Required
organization
Repository owner organization (ex. acme for repo acme/example)
string
${{ github.event.repository.owner.login }}
false
ref
The fully-formed ref of the branch or tag that triggered the workflow run
string
${{ github.ref }}
false
repository
Repository name (ex. example for repo acme/example)
string
${{ github.event.repository.name }}
false
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
tests-prefix
Workflows file name prefix to run as tests
string
test-*
false
Validate README.yaml, README.md and suggest changes
name : Validate Readme
on :
workflow_call :
permissions :
pull-requests : write
id-token : write
contents : read
jobs :
ci-readme :
uses : itisopen/github-actions-workflows/.github/workflows/ci-readme.yml@itisopen
with :
suggestions : true
filter-mode : diff_context
Name
Description
Type
Default
Required
ref
Checkout ref
string
${{ github.ref_name }}
false
repository
Checkout repository
string
${{ github.repository }}
false
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
Trigger terraform tests using ChatOps
name : Terraform ChatOps
on :
workflow_call :
permissions :
pull-requests : write
id-token : write
contents : read
jobs :
ci-terraform-chatops :
uses : itisopen/github-actions-workflows/.github/workflows/ci-terraform-chatops.yml@itisopen
secrets :
github_access_token : ${{ secrets.REPO_ACCESS_TOKEN }}
Name
Description
Type
Default
Required
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
Name
Description
Required
github_access_token
GitHub API token
true
Lint, format and validate terraform code
name : Validate Terraform
on :
workflow_call :
permissions :
pull-requests : write
id-token : write
contents : read
jobs :
ci-terraform :
uses : itisopen/github-actions-workflows/.github/workflows/ci-terraform.yml@itisopen
with :
suggestions : true
filter-mode : diff_context
Name
Description
Type
Default
Required
filter-mode
Reviewdog filter mode
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
suggestions
Enable Reviewdog suggestions (pull request only)
boolean
N/A
true
CI - Check dist Directory This workflow helps ensure that generated contents of the dist directory matches the output of the yarn build
command. The dist directory has special meaning in GitHub Actions in that it that contains the runnable JS files.
In ITisOpen's TypeScript actions, the dist directory is generated through a build process from the TypeScript
source files by running the yarn build command.
name : Build
on :
push :
branches : [ main ]
jobs :
check-dist :
uses : itisopen/github-actions-workflows/.github/workflows/ci-typescript-app-check-dist.yml@itisopen
Name
Description
Type
Default
Required
commit-message
Optional input to set a commit message. If it's not set, it defaults to 'Update the contents of dist directory'
string
Update contents of the dist directory
false
dist-path
Optional input to set a path to the dist folder. If it's not set, it defaults to './dist'
string
./dist
false
node-caching
Optional input to set up caching for the setup-node action. The input syntax corresponds to the setup-node's one. Set to an empty string if caching isn't needed
string
yarn
false
node-version
Optional input to set the version of Node.js used to build a project. The input syntax corresponds to the setup-node's one
string
16.x
false
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
Controller - Atmos affected stacks Get stacks affected in the commit
name : Stacks affected
on :
push :
branches : [ main ]
jobs :
do :
uses : itisopen/github-actions-workflows/.github/workflows/controller-atmos-affected-stacks.yml@itisopen
Name
Description
Type
Default
Required
head-ref
The head ref to checkout. If not provided, the head default branch is used.
string
N/A
false
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
Name
Description
has-affected-stacks
Has affected stacks
stacks
Affected stacks
Controller - Atmos affected stacks Get stacks affected in the commit
name : Stacks affected
on :
push :
branches : [ main ]
jobs :
do :
uses : itisopen/github-actions-workflows/.github/workflows/controller-atmos-affected-stacks.yml@itisopen
Name
Description
Type
Default
Required
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
stacks
Stacks
string
N/A
false
Controller - Draft release Create or update draft release
name : Draft release
on :
push :
branches : [ main ]
jobs :
do :
uses : itisopen/github-actions-workflows/.github/workflows/controller-draft-release.yml@itisopen
with :
ref : ${{ github.sha }}
secrets :
github-private-actions-pat : ${{ secrets.github-private-actions-pat }}
Name
Description
Type
Default
Required
ref
The release target, i.e. branch or commit it should point to
string
${{ github.sha }}
false
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
Name
Description
Required
github-private-actions-pat
Github PAT allow to create release
true
Controller - Reingtegrate hotfix branch Create PR into target_branch to reintegrate hotfix from current branch
name : Release
on :
release :
types : [published]
jobs :
do :
uses : itisopen/github-action-workflows/.github/workflows/controller-hotfix-reintegrate.yml@itisopen
with :
ref : ${{ github.ref }}
target_branch : main
secrets :
github-private-actions-pat : ${{ secrets.github-private-actions-pat }}
Name
Description
Type
Default
Required
ref
The fully-formed ref of the branch or tag that triggered the workflow run
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
target_branch
Target branch to reintegrate hotfix
string
main
false
Name
Description
Required
github-private-actions-pat
Github PAT allow to create a pull request
true
Controller - Create Release branch Create release/{version} branch for the release
name : Main branch
on :
release :
types : [published]
jobs :
do :
uses : itisopen/github-action-workflows/.github/workflows/controller-hotfix-release-branch.yml@itisopen
with :
version : ${{ github.event.release.tag_name }}
Name
Description
Type
Default
Required
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
version
Release version
string
N/A
true
Controller - Create hotfix release Create next patch version release
on :
push :
branches : [ 'release/**' ]
jobs :
do :
uses : itisopen/github-action-workflows/.github/workflows/controller-hotfix-release.yml@itisopen
with :
ref : ${{ github.ref }}
Name
Description
Type
Default
Required
ref
The fully-formed ref of the branch or tag that triggered the workflow run
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
Name
Description
version
Release version
Label a pull request with one or more labels
name : Label pull request
on :
workflow_call :
jobs :
label :
uses : itisopen/github-actions-workflows/.github/workflows/controller-labels.yml@itisopen
with :
labels : ['ready-for-review']
Name
Description
Type
Default
Required
labels
The labels' name to be added. Must be separated with line breaks if there are multiple labels.
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
Controller - Monorepo Controller Mocked monorepo controller that outputs list of applications, lists of apps with and without changes.
name : Monorepo
on :
push :
branches : [ main ]
jobs :
do :
uses : itisopen/github-actions-workflows/.github/workflows/controller-monorepo.yml@itisopen
with :
dir : ./apps
Name
Description
Type
Default
Required
dir
Directory with applications
string
N/A
true
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
Name
Description
apps
Applications
changes
Changed applications
no-changes
Unchanged applications
Controller - Managing Release Branches and Tags Manages long-living release branches and their releases
name : release
on :
release :
types :
- published
permissions :
contents : write
id-token : write
jobs :
terraform-module :
uses : itisopen/github-actions-workflows/.github/workflows/controller-release-branches.yml@itisopen
Name
Description
Type
Default
Required
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
Create a github release
name : release-branch
on :
push :
branches :
- main
- release/**
permissions :
contents : write
id-token : write
jobs :
release :
uses : itisopen/github-actions-workflows/.github/workflows/controller-release.yml@itisopen
Name
Description
Type
Default
Required
config-name
Name of the release drafter config file
string
auto-release.yml
false
publish
Publish github release if true and no-release PR label is not set.
boolean
true
false
ref_name
The release target, i.e. branch to release from
string
${{ github.ref_name }}
false
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
sha
Pull request merge commit sha
string
${{ github.sha }}
false
Name
Description
Required
github_access_token
GitHub API token
false
Scheduled update of context.tf and related docs
name : scheduled-context
on :
workflow_call :
permissions :
pull-requests : write
id-token : write
contents : read
jobs :
scheduled-context :
uses : itisopen/github-actions-workflows/.github/workflows/scheduled-context.yml@itisopen
Name
Description
Type
Default
Required
base-branch
Repo default branch
string
main
false
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
Name
Description
Required
github_access_token
GitHub API token
true
Scheduled update of readme.md
name : scheduled-readme
on :
workflow_call :
permissions :
pull-requests : write
id-token : write
contents : read
jobs :
scheduled-readme :
uses : itisopen/github-actions-workflows/.github/workflows/scheduled-readme.yml@itisopen
Name
Description
Type
Default
Required
base-branch
Repo default branch
string
main
false
runs-on
Overrides job runs-on setting (json-encoded list)
string
["ubuntu-latest"]
false
Check out these related projects.
For additional context, refer to some of these links.
This project is under active development, and we encourage contributions from our community.
Many thanks to the outstanding contributors to the Cloud Posse upstream contents. We appreciate your hard work and dedication to building scalable enterprise grade solutions.
Many thanks also to the contributors to the ITisOpen upstream contents. We appreciate your hard work and dedication to extending the work of Cloud Posse to other cloud providers.
For π bug reports & feature requests, please use the issue tracker .
In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
Review our Code of Conduct and Contributor Guidelines .
Fork the repo on GitHubClone the project to your own machineCommit changes to your own branchPush your work back up to your forkSubmit a Pull Request so that we can review your changes
NOTE: Be sure to merge the latest changes from "upstream" before making a pull request!
π Slack Community
Join our Open Source Community on Slack. It's FREE for everyone! Our "ITisOpen" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally open infrastructure.
Note: ITisOpen is leverages open-source projects from Cloud Posse . We encourage you to also join the Cloud Posse Slack community for even more collaboration and support: slack.cloudposse.com
Sign up for our newsletter and join other DevOps & Platform Engineers, CTOs, and founders who get insider access to the latest DevOps & Platform Engineering trends, so you can always stay in the know.
Dropped straight into your Inbox every week β and usually a 5-minute read.
Preamble to the Apache License, Version 2.0
Complete license is available in the LICENSE
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
All other trademarks referenced herein are the property of their respective owners.
Copyright Β© 2017-2025 Cloud Posse, LLC , all rights reserved for upstream content.
Copyright Β© 2025-2025 ITisOpen , all rights reserved for repository's specific content
