shared-actions/README.md

# shared-actions

Shared actions for Forgejo CI/CD pipelines.

## Actions

| Action | Description |
|--------|-------------|
| [aikido-full-scan](aikido-full-scan) | Aikido full scan |
| [aikido-pr-scan](aikido-pr-scan) | Aikido PR scan |
| [aws-configure](aws-configure) | Authenticate with AWS via OIDC |
| [cache](cache) | Cache files between workflow runs |
| [checkout](checkout) | Action for checking out a repository |
| [download-artifact](download-artifact) | Download Forgejo Actions artifacts by name or pattern |
| [helm-deploy](helm-deploy) | Deploy a service to Kubernetes via Helm over SSH |
| [i18n-sync](i18n-sync) | Fetch translations from i18n.schmalz.com and open a pull request |
| [inject-content](inject-content) | Inject content into a file by appending or overwriting |
| [maven-build](maven-build) | Action for building and validating Maven projects |
| [pnpm-build](pnpm-build) | Action for building and validating with PNPM |
| [publish-static-contents](publish-static-contents) | Syncs frontend assets to S3 and invalidates a CloudFront distribution |
| [rust-build](rust-build) | Set up Rust toolchain, run checks, and build via the project's build.sh |
| [terraform-apply](terraform-apply) | Apply Terraform configuration files using the official Terraform CLI |
| [terraform-validate](terraform-validate) | Validate Terraform configuration files using the official Terraform CLI |
| [upload-artifact](upload-artifact) | Upload files as a Forgejo Actions artifact |


## Security

Where third-party Forgejo/GitHub Actions are used internally, they are pinned to exact commit hashes rather than mutable tags to prevent supply chain attacks.

## Usage

Reference actions from your project's workflow:

```yaml
- uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/<action-name>@<action-name>-v1
  with:
    # see each action's README for inputs
```

Each action has its own README with inputs, usage examples, and notes.