ivuorinen/actions
1
0
Fork 0
mirror of https://github.com/ivuorinen/actions.git synced 2026-01-26 11:34:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
v2025.12.22
actions/README.md
Ismo Vuorinen 9aa16a8164 feat: use our own actions in our workflows (#377) 
* feat: use our own actions in our workflows

* fix: add missing inputs to validate-inputs, refactor node

* chore: cr comment fixes

* fix: update-validators formatting

* chore: update validators, add tests, conventions

* feat: validate severity with severity_enum

* feat: add 10 generic validators to improve input validation coverage

Add comprehensive validation system improvements across multiple phases:

Phase 2A - Quick Wins:
- Add multi_value_enum validator for 2-10 value enumerations
- Add exit_code_list validator for Unix/Linux exit codes (0-255)
- Refactor coverage_driver to use multi_value_enum

Phase 2B - High-Value Validators:
- Add key_value_list validator with shell injection prevention
- Add path_list validator with path traversal and glob support

Quick Wins - Additional Enums:
- Add network_mode validator for Docker network modes
- Add language_enum validator for language detection
- Add framework_mode validator for PHP framework modes
- Update boolean pattern to include 'push'

Phase 2C - Specialized Validators:
- Add json_format validator for JSON syntax validation
- Add cache_config validator for Docker BuildKit cache configs

Improvements:
- All validators include comprehensive security checks
- Pattern-based validation with clear error messages
- 23 new test methods with edge case coverage
- Update special case mappings for 20+ inputs
- Fix build-args mapping test expectation

Coverage impact: 22 actions now at 100% validation (88% → 92%)
Test suite: 762 → 785 tests (+23 tests, all passing)

* chore: regenerate rules.yml with improved validator coverage

Regenerate validation rules for all actions with new validators:

- compress-images: 86% → 100% (+1 input: ignore-paths)
- docker-build: 63% → 100% (+4 inputs: cache configs, platform-build-args)
- docker-publish: 73% → 100% (+1 input: build-args)
- language-version-detect: 67% → 100% (+1 input: language)
- php-tests: 89% (fixed framework→framework_mode mapping)
- prettier-lint: 86% → 100% (+2 inputs: file-pattern, plugins)
- security-scan: 86% (maintained coverage)

Overall: 23 of 25 actions now at 100% validation coverage (92%)

* fix: address PR #377 review comments

- Add | None type annotations to 6 optional parameters (PEP 604)
- Standardize injection pattern: remove @# from comma_separated_list validator
  (@ and # are not shell injection vectors, allows npm scoped packages)
- Remove dead code: unused value expression in key_value_list validator
- Update tests to reflect injection pattern changes
2025-11-25 23:51:03 +02:00

28 KiB
Raw Permalink Blame History

ivuorinen/actions - My Reusable GitHub Actions and Workflows

Overview

This repository contains a collection of reusable GitHub Actions designed to streamline CI/CD processes and ensure code quality.

Each action is fully self-contained and can be used independently in any GitHub repository.

Key Features

  • Production-Ready Actions covering setup, linting, building, testing, and deployment
  • Self-Contained Design - each action works independently without dependencies
  • External Usage Ready - use any action with pinned refs: ivuorinen/actions/action-name@2025-01-15 or @<commit-sha> for supply-chain security
  • Multi-Language Support including Node.js, PHP, Python, Go, C#, and more
  • Standardized Patterns with consistent error handling and input/output interfaces
  • Comprehensive Testing with dual testing framework (ShellSpec + pytest)
  • Modular Build System using Makefile for development and maintenance

📚 Action Catalog

This repository contains 26 reusable GitHub Actions for CI/CD automation.

Quick Reference (26 Actions)

Icon Action Category Description Key Features
🔀 action-versioning Utilities Automatically update SHA-pinned action references to match l... Token auth, Outputs
📦 ansible-lint-fix Linting Lints and fixes Ansible playbooks, commits changes, and uplo... Caching, Token auth, Outputs
biome-lint Linting Run Biome linter in check or fix mode Caching, Auto-detection, Token auth, Outputs
🛡️ codeql-analysis Repository Run CodeQL security analysis for a single language with conf... Auto-detection, Token auth, Outputs
🖼️ compress-images Repository Compress images on demand (workflow_dispatch), and at 11pm e... Token auth, Outputs
📝 csharp-build Build Builds and tests C# projects. Caching, Auto-detection, Token auth, Outputs
📝 csharp-lint-check Linting Runs linters like StyleCop or dotnet-format for C# code styl... Caching, Auto-detection, Token auth, Outputs
📦 csharp-publish Publishing Publishes a C# project to GitHub Packages. Caching, Auto-detection, Token auth, Outputs
📦 docker-build Build Builds a Docker image for multiple architectures with enhanc... Caching, Auto-detection, Token auth, Outputs
☁️ docker-publish Publishing Simple wrapper to publish Docker images to GitHub Packages a... Token auth, Outputs
eslint-lint Linting Run ESLint in check or fix mode with advanced configuration ... Caching, Auto-detection, Token auth, Outputs
📦 go-build Build Builds the Go project. Caching, Auto-detection, Token auth, Outputs
📝 go-lint Linting Run golangci-lint with advanced configuration, caching, and ... Caching, Token auth, Outputs
📝 language-version-detect Setup DEPRECATED: This action is deprecated. Inline version detect... Auto-detection, Token auth, Outputs
📦 npm-publish Publishing Publishes the package to the NPM registry with configurable ... Caching, Auto-detection, Token auth, Outputs
php-tests Testing Run PHPUnit tests with optional Laravel setup and Composer d... Caching, Auto-detection, Token auth, Outputs
pr-lint Linting Runs MegaLinter against pull requests Caching, Auto-detection, Token auth, Outputs
📦 pre-commit Linting Runs pre-commit on the repository and pushes the fixes back ... Auto-detection, Token auth, Outputs
prettier-lint Linting Run Prettier in check or fix mode with advanced configuratio... Caching, Auto-detection, Token auth, Outputs
📝 python-lint-fix Linting Lints and fixes Python files, commits changes, and uploads S... Caching, Auto-detection, Token auth, Outputs
📦 release-monthly Repository Creates a release for the current month, incrementing patch ... Token auth, Outputs
🛡️ security-scan Security Comprehensive security scanning for GitHub Actions including... Caching, Token auth, Outputs
📦 stale Repository A GitHub Action to close stale issues and pull requests. Token auth, Outputs
🏷️ sync-labels Repository Sync labels from a YAML file to a GitHub repository Token auth, Outputs
🖥️ terraform-lint-fix Linting Lints and fixes Terraform files with advanced validation and... Token auth, Outputs
🛡️ validate-inputs Validation Centralized Python-based input validation for GitHub Actions... Token auth, Outputs

Actions by Category

🔧 Setup (1 action)

Action Description Languages Features
📝 language-version-detect DEPRECATED: This action is deprecated. Inline vers... PHP, Python, Go, .NET, Node.js Auto-detection, Token auth, Outputs

🛠️ Utilities (1 action)

Action Description Languages Features
🔀 action-versioning Automatically update SHA-pinned action references ... GitHub Actions Token auth, Outputs

📝 Linting (10 actions)

Action Description Languages Features
📦 ansible-lint-fix Lints and fixes Ansible playbooks, commits changes... Ansible, YAML Caching, Token auth, Outputs
biome-lint Run Biome linter in check or fix mode JavaScript, TypeScript, JSON Caching, Auto-detection, Token auth, Outputs
📝 csharp-lint-check Runs linters like StyleCop or dotnet-format for C#... C#, .NET Caching, Auto-detection, Token auth, Outputs
eslint-lint Run ESLint in check or fix mode with advanced conf... JavaScript, TypeScript Caching, Auto-detection, Token auth, Outputs
📝 go-lint Run golangci-lint with advanced configuration, cac... Go Caching, Token auth, Outputs
pr-lint Runs MegaLinter against pull requests Conventional Commits Caching, Auto-detection, Token auth, Outputs
📦 pre-commit Runs pre-commit on the repository and pushes the f... Python, Multiple Languages Auto-detection, Token auth, Outputs
prettier-lint Run Prettier in check or fix mode with advanced co... JavaScript, TypeScript, Markdown, YAML, JSON Caching, Auto-detection, Token auth, Outputs
📝 python-lint-fix Lints and fixes Python files, commits changes, and... Python Caching, Auto-detection, Token auth, Outputs
🖥️ terraform-lint-fix Lints and fixes Terraform files with advanced vali... Terraform, HCL Token auth, Outputs

🧪 Testing (1 action)

Action Description Languages Features
php-tests Run PHPUnit tests with optional Laravel setup and ... PHP, Laravel Caching, Auto-detection, Token auth, Outputs

🏗️ Build (3 actions)

Action Description Languages Features
📝 csharp-build Builds and tests C# projects. C#, .NET Caching, Auto-detection, Token auth, Outputs
📦 docker-build Builds a Docker image for multiple architectures w... Docker Caching, Auto-detection, Token auth, Outputs
📦 go-build Builds the Go project. Go Caching, Auto-detection, Token auth, Outputs

🚀 Publishing (3 actions)

Action Description Languages Features
📦 csharp-publish Publishes a C# project to GitHub Packages. C#, .NET Caching, Auto-detection, Token auth, Outputs
☁️ docker-publish Simple wrapper to publish Docker images to GitHub ... Docker Token auth, Outputs
📦 npm-publish Publishes the package to the NPM registry with con... Node.js, npm Caching, Auto-detection, Token auth, Outputs

📦 Repository (5 actions)

Action Description Languages Features
🛡️ codeql-analysis Run CodeQL security analysis for a single language... JavaScript, TypeScript, Python, Java, C#, C++, Go, Ruby Auto-detection, Token auth, Outputs
🖼️ compress-images Compress images on demand (workflow_dispatch), and... Images, PNG, JPEG Token auth, Outputs
📦 release-monthly Creates a release for the current month, increment... GitHub Actions Token auth, Outputs
📦 stale A GitHub Action to close stale issues and pull req... GitHub Actions Token auth, Outputs
🏷️ sync-labels Sync labels from a YAML file to a GitHub repositor... YAML, GitHub Token auth, Outputs

🛡️ Security (1 action)

Action Description Languages Features
🛡️ security-scan Comprehensive security scanning for GitHub Actions... - Caching, Token auth, Outputs

Validation (1 action)

Action Description Languages Features
🛡️ validate-inputs Centralized Python-based input validation for GitH... YAML, GitHub Actions Token auth, Outputs

Feature Matrix

Action Caching Auto-detection Token auth Outputs
action-versioning - -
ansible-lint-fix -
biome-lint
codeql-analysis -
compress-images - -
csharp-build
csharp-lint-check
csharp-publish
docker-build
docker-publish - -
eslint-lint
go-build
go-lint -
language-version-detect -
npm-publish
php-tests
pr-lint
pre-commit -
prettier-lint
python-lint-fix
release-monthly - -
security-scan -
stale - -
sync-labels - -
terraform-lint-fix - -
validate-inputs - -

Language Support

Language Actions
.NET csharp-build, csharp-lint-check, csharp-publish, language-version-detect
Ansible ansible-lint-fix
C# codeql-analysis, csharp-build, csharp-lint-check, csharp-publish
C++ codeql-analysis
Conventional Commits pr-lint
Docker docker-build, docker-publish
GitHub sync-labels
GitHub Actions action-versioning, release-monthly, stale, validate-inputs
Go codeql-analysis, go-build, go-lint, language-version-detect
HCL terraform-lint-fix
Images compress-images
JPEG compress-images
JSON biome-lint, prettier-lint
Java codeql-analysis
JavaScript biome-lint, codeql-analysis, eslint-lint, prettier-lint
Laravel php-tests
Markdown prettier-lint
Multiple Languages pre-commit
Node.js language-version-detect, npm-publish
PHP language-version-detect, php-tests
PNG compress-images
Python codeql-analysis, language-version-detect, pre-commit, python-lint-fix
Ruby codeql-analysis
Terraform terraform-lint-fix
TypeScript biome-lint, codeql-analysis, eslint-lint, prettier-lint
YAML ansible-lint-fix, prettier-lint, sync-labels, validate-inputs
npm npm-publish

Action Usage

All actions can be used independently in your workflows:

# Recommended: Use pinned refs for supply-chain security
- uses: ivuorinen/actions/action-name@vYYYY-MM-DD # Date-based tag (example)
  with:
    # action-specific inputs

# Alternative: Use commit SHA for immutability
- uses: ivuorinen/actions/action-name@abc123def456 # Full commit SHA
  with:
    # action-specific inputs

Security Note: Always pin to specific tags or commit SHAs instead of @main to ensure reproducible workflows and supply-chain integrity.

Usage

Using Actions Externally

All actions in this repository can be used in your workflows like any other GitHub Action.

⚠️ Security Best Practice: Always pin actions to specific tags or commit SHAs instead of @main to ensure:

  • Reproducibility: Workflows behave consistently over time
  • Supply-chain integrity: Protection against unexpected changes or compromises
  • Immutability: Reference exact versions that cannot be modified
steps:
  - name: Setup Node.js with Auto-Detection
    uses: ivuorinen/actions/node-setup@2025-01-15 # Date-based tag
    with:
      default-version: '20'

  - name: Detect PHP Version
    uses: ivuorinen/actions/php-version-detect@abc123def456 # Commit SHA
    with:
      default-version: '8.2'

  - name: Universal Version Parser
    uses: ivuorinen/actions/version-file-parser@2025-01-15
    with:
      language: 'python'
      tool-versions-key: 'python'
      dockerfile-image: 'python'
      version-file: '.python-version'
      default-version: '3.12'

Actions achieve modularity through composition:

steps:
  - name: Parse Version
    id: parse-version
    uses: ivuorinen/actions/version-file-parser@2025-01-15
    with:
      language: 'node'
      tool-versions-key: 'nodejs'
      dockerfile-image: 'node'
      version-file: '.nvmrc'
      default-version: '20'

  - name: Setup Node.js
    uses: actions/setup-node@sha
    with:
      node-version: ${{ steps.parse-version.outputs.detected-version }}

Development

This repository uses a Makefile-based build system for development tasks:

# Full workflow - docs, format, and lint
make all

# Individual operations
make docs          # Generate documentation for all actions
make format        # Format all files (markdown, YAML, JSON)
make lint          # Run all linters
make check         # Quick syntax and tool checks

# Development workflow
make dev           # Format then lint (good for development)
make ci            # CI workflow - check, docs, lint

Python Development

For Python development (validation system), use these specialized commands:

# Python development workflow
make dev-python         # Format, lint, and test Python code
make test-python        # Run Python unit tests
make test-python-coverage  # Run tests with coverage reporting

# Individual Python operations
make format-python      # Format Python files with ruff
make lint-python        # Lint Python files with ruff

The Python validation system (validate-inputs/) includes:

  • CalVer and SemVer Support: Flexible version validation for different schemes
  • Comprehensive Test Suite: Extensive test cases covering all validation types
  • Security Features: Command injection and path traversal protection
  • Performance: Efficient Python regex engine vs multiple bash processes

Testing

# Run all tests (Python + GitHub Actions)
make test

# Run specific test types
make test-python           # Python validation tests only
make test-actions          # GitHub Actions tests only
make test-action ACTION=node-setup  # Test specific action

# Coverage reporting
make test-coverage         # All tests with coverage
make test-python-coverage  # Python tests with coverage

For detailed development guidelines, see CLAUDE.md.

License

This project is licensed under the MIT License. See the LICENSE file for details.