Skip to content

equinor/ops-actions

Repository files navigation

ops-actions

Reusable GitHub Actions workflows for common operational tasks.

Features

  • Reusable workflows for common operational tasks, simplifying CI/CD pipeline setup.
  • 📦 Build support for multiple languages and frameworks including Docker, .NET and Python.
  • 🚀 Deploy to multiple cloud platforms and services including Azure Web App, Azure Functions and GitHub Pages.
  • 🔑 Secretless authentication where supported.
  • 🛡️ Security scanning using static analysis tools, including CodeQL, Trivy and zizmor.
  • 📝 Comprehensive documentation for each workflow, with usage examples.
  • 🤖 Easy workflow updates using Dependabot version updates.

Usage

Call a reusable workflow by using the following syntax:

on: [push]
jobs:
  example:
    uses: equinor/ops-actions/.github/workflows/{filename}@{ref}
    with: {}
    secrets: {}

{filename} is the name of a workflow file in the workflows directory, and {ref} is (in order of preference) a commit SHA, release tag or branch name.

To pass inputs and secrets to the reusable workflow, use the with and secrets keywords respectively.

Version updates

Use Dependabot to keep workflows you use updated to the latest versions.

Create a Dependabot configuration file .github/dependabot.yml in your repository containing the following configuration:

version: 2
updates:
  - package-ecosystem: github-actions
    directory: /
    schedule:
      interval: weekly

Code scanning

Use zizmor to find common security issues in your workflows.

Create a GitHub Actions workflow file .github/workflows/code-scanning.yml in your repository containing the following confiuration to integrate zizmor with GitHub Advanced Security:

name: Code scanning

on:
  push:
    branches: [main]
  pull_request:
    branches: ["**"]

permissions: {}

jobs:
  analyze-actions:
    name: Analyze GitHub Actions
    permissions:
      security-events: write
      actions: read
      contents: read
    uses: equinor/ops-actions/.github/workflows/zizmor-codeql.yml@v9.39.0

Development

  1. Install uv.

  2. Clone the repository:

    git clone https://github.com/equinor/ops-actions.git && cd ops-actions
  3. Sync development dependencies:

    uv sync
  4. Run a development server:

    uv run mkdocs serve

    Alternatively, a Visual Studio Code debug configuration is provided (see debug code with Visual Studio Code).

The GitHub Actions extension for Visual Studio Code is highly recommended for syntax highlighting, validation and code completion for GitHub Actions workflows.

Versioning

This project follows the Semantic Versioning specification for release tags.

We have enabled immutable releases to prevent release tags from being changed after a release has been published.

Testing

We perform user acceptance tests for reusable workflows.

Contributing

See contributing guidelines.

License

This project is licensed under the terms of the MIT license.

About

Reusable GitHub Actions workflows for operational tasks

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

9 stars

Watchers

1 watching

Forks

Contributors

Languages