Shared Forgejo Actions
|
|
||
|---|---|---|
| .devcontainer | ||
| .forgejo/workflows | ||
| aikido-full-scan | ||
| aikido-pr-scan | ||
| aws-configure | ||
| aws-lambda-alias-update | ||
| aws-lambda-wait-for-provisioned-concurrency | ||
| cache | ||
| checkout | ||
| download-artifact | ||
| esb-deploy | ||
| helm-deploy | ||
| i18n-sync | ||
| inject-content | ||
| internal-aikido-full-scan | ||
| internal-aikido-pr-scan | ||
| maven-build | ||
| playwright-merge | ||
| playwright-run | ||
| pnpm-build | ||
| publish-npm-package | ||
| publish-rust-crate | ||
| publish-static-contents | ||
| rust-build | ||
| terraform-apply | ||
| terraform-plan | ||
| terraform-validate | ||
| upload-artifact | ||
| vacuum-lint | ||
| CODEOWNERS | ||
| README.md | ||
shared-actions
Shared actions for Forgejo CI/CD pipelines.
Actions
| Action | Description |
|---|---|
| aikido-full-scan | Aikido full scan |
| aikido-pr-scan | Aikido PR scan |
| aws-configure | Authenticate with AWS via OIDC |
| aws-lambda-alias-update | Update Aliases of Lambda Functions to a new Version |
| aws-lambda-wait-for-provisioned-concurrency | Wait until the Provisioned Concurrency is Ready for Lambda Functions |
| cache | Cache files between workflow runs |
| checkout | Action for checking out a repository |
| download-artifact | Download Forgejo Actions artifacts by name or pattern |
| helm-deploy | Deploy a service to Kubernetes via Helm over SSH |
| i18n-sync | Fetch translations from i18n.schmalz.com and open a pull request |
| inject-content | Inject content into a file by appending or overwriting |
| maven-build | Action for building and validating Maven projects |
| playwright-merge | Merge Playwright shard blob reports and publish consolidated reports |
| playwright-run | Run Playwright tests for one shard and upload its blob report |
| pnpm-build | Action for building and validating with PNPM |
| publish-npm-package | Publish a PNPM package to JFrog Artifactory |
| publish-rust-crate | Publish a Rust crate to JFrog Artifactory |
| publish-static-contents | Syncs frontend assets to S3 and invalidates a CloudFront distribution |
| rust-build | Set up Rust toolchain, run checks, and build via the project's build.sh |
| terraform-apply | Apply Terraform configuration files using the official Terraform CLI |
| terraform-plan | Preview Terraform infrastructure changes (create, update, delete, replace) without applying them |
| terraform-validate | Validate Terraform configuration files using the official Terraform CLI |
| upload-artifact | Upload files as a Forgejo Actions artifact |
| vacuum-lint | Validate and lint OpenAPI specifications using Vacuum |
Security
Where third-party Forgejo/GitHub Actions are used internally, they are pinned to exact commit hashes rather than mutable tags to prevent supply chain attacks.
Adding a new Action
- Create a new directory for the action
- Implement the action
- Add a
README.mdfile that describes (1) purpose, (2) inputs using a table, (3) example usage, and additional details if requried to the action directory - Update the table in the main README (this file) with a new row. The list is sorted alphabetically.
- Update the
tag-release.ymlworkflow in the.forgejo/directory if the action is a public action: Add the name to the option list.
Releasing a new Version
We only use Major-Versions, e.g. 1, 2, 3, etc.
- Decide which Version to use
- Breaking Change: Increment the current version by one (e.g.
1 -> 2) - All non-breaking changes: Stay on the current major version (
1 -> 1)
- Breaking Change: Increment the current version by one (e.g.
- Manually run the
tag-release.ymlworkflow- Branch:
main - Action: Name of the Action to release
- Version: The version to release
- Branch:
Usage
Reference actions from your project's workflow:
- uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/<action-name>@<action-name>-v1
with:
# see each action's README for inputs
Each action has its own README with inputs, usage examples, and notes.