Skip to content

basel5001/githubinfra

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Security Terraform

githubinfra

Centralized GitHub Actions workflows and composite actions shared across all basel5001 repos.

Usage

Each workflow is a reusable workflow. Reference it from any repo's .github/workflows/*.yml file:

jobs:
  ci:
    uses: basel5001/githubinfra/.github/workflows/ci.yml@main
    with:
      language: python

Available Workflows

Workflow Description
ci.yml Generic CI pipeline (lint + test) for Python/Node/Go
linting.yml Multi-language linting (super-linter, ruff, eslint, golangci, swiftlint)
secret-scan.yml Secret scanning with Gitleaks and/or TruffleHog
ioc-scan.yml IOC & supply chain security (Trivy, CodeQL, OSV-Scanner)
docker-build-publish.yml Build and push Docker images to GHCR/DockerHub
terraform-validate.yml Terraform fmt/init/validate + tfsec security scan
sbom-generate.yml Generate SBOM using Anchore Syft
stale-management.yml Stale issue and PR management
release-notify.yml Release notifications to Discord/Slack
branch-copy.yml Copy repo content to multiple branches
label-checker.yml Enforce PR labeling standards

Composite Actions

Action Description
actions/setup-env Setup Python/Node/Go environment with caching
actions/docker-build Build Docker images with Buildx caching
actions/notify Send Discord/Slack webhook notifications

Repos Using githubinfra

  • supply_chain_securitysbom-generate.yml
  • devops-exerciseslinting.yml
  • Whiskylinting.yml, release-notify.yml
  • devboxstale-management.yml
  • microservices-demoterraform-validate.yml
  • learning-jenkins-3003221branch-copy.yml
  • github-actions-for-ci-cd-4375061branch-copy.yml
  • cert-prep-terraform-associate-003-3330038branch-copy.yml
  • advanced-terraform-3099246branch-copy.yml

Repo Management

All repos are managed as code from this repository.

Configuration

Edit repos.yml to change any repo's settings:

  • Description, topics, visibility
  • Branch protection rules
  • Merge settings
  • Workflow assignments

Commands

cd management
npm install

# Show what would change
GITHUB_TOKEN=ghp_xxx npm run diff

# Preview changes (dry run)
GITHUB_TOKEN=ghp_xxx npm run sync:dry-run

# Apply changes
GITHUB_TOKEN=ghp_xxx npm run sync

Terraform

cd terraform
terraform init
terraform plan -var="github_token=$GITHUB_TOKEN"
terraform apply -var="github_token=$GITHUB_TOKEN"

CI

Changes to repos.yml are automatically applied on merge to main via the manage-repos.yml workflow.

Requires a REPO_MANAGEMENT_TOKEN secret with repo and admin:org scopes.

About

Centralized GitHub Actions workflows and composite actions shared across all repos

Topics

Resources

License

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors