# shared-actions Shared actions for Forgejo CI/CD pipelines. ## Actions | Action | Description | |--------|-------------| | [aikido-full-scan](aikido-full-scan) | Aikido full scan | | [aikido-pr-scan](aikido-pr-scan) | Aikido PR scan | | [aws-configure](aws-configure) | Authenticate with AWS via OIDC | | [aws-lambda-alias-update](aws-lambda-alias-update) | Update Aliases of Lambda Functions to a new Version | | [aws-lambda-wait-for-provisioned-concurrency](aws-lambda-wait-for-provisioned-concurrency) | Wait until the Provisioned Concurrency is Ready for Lambda Functions | | [cache](cache) | Cache files between workflow runs | | [checkout](checkout) | Action for checking out a repository | | [download-artifact](download-artifact) | Download Forgejo Actions artifacts by name or pattern | | [helm-deploy](helm-deploy) | Deploy a service to Kubernetes via Helm over SSH | | [i18n-sync](i18n-sync) | Fetch translations from i18n.schmalz.com and open a pull request | | [inject-content](inject-content) | Inject content into a file by appending or overwriting | | [maven-build](maven-build) | Action for building and validating Maven projects | | [playwright-merge](playwright-merge) | Merge Playwright shard blob reports and publish consolidated reports | | [playwright-run](playwright-run) | Run Playwright tests for one shard and upload its blob report | | [pnpm-build](pnpm-build) | Action for building and validating with PNPM | | [publish-npm-package](publish-npm-package) | Publish a PNPM package to JFrog Artifactory | | [publish-rust-crate](publish-rust-crate) | Publish a Rust crate to JFrog Artifactory | | [publish-static-contents](publish-static-contents) | Syncs frontend assets to S3 and invalidates a CloudFront distribution | | [rust-build](rust-build) | Set up Rust toolchain, run checks, and build via the project's build.sh | | [terraform-apply](terraform-apply) | Apply Terraform configuration files using the official Terraform CLI | | [terraform-plan](terraform-plan) | Preview Terraform infrastructure changes (create, update, delete, replace) without applying them | | [terraform-validate](terraform-validate) | Validate Terraform configuration files using the official Terraform CLI | | [upload-artifact](upload-artifact) | Upload files as a Forgejo Actions artifact | | [vacuum-lint](vacuum-lint) | Validate and lint OpenAPI specifications using Vacuum | ## Security Where third-party Forgejo/GitHub Actions are used internally, they are pinned to exact commit hashes rather than mutable tags to prevent supply chain attacks. ## Adding a new Action - Create a new directory for the action - Implement the action - Add a `README.md` file that describes (1) purpose, (2) inputs using a table, (3) example usage, and additional details if requried to the action directory - Update the table in the main README (this file) with a new row. The list is sorted alphabetically. - Update the `tag-release.yml` workflow in the `.forgejo/` directory if the action is a public action: Add the name to the option list. ## Releasing a new Version **We only use Major-Versions, e.g. `1`, `2`, `3`, etc.** - Decide which Version to use - Breaking Change: Increment the current version by one (e.g. `1 -> 2`) - All non-breaking changes: Stay on the current major version (`1 -> 1`) - Manually run the `tag-release.yml` workflow - Branch: `main` - Action: Name of the Action to release - Version: The version to release ## Usage Reference actions from your project's workflow: ```yaml - uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/@-v1 with: # see each action's README for inputs ``` Each action has its own README with inputs, usage examples, and notes.