This directory contains documentation for the reusable GitHub actions that are available for use across the organization.
- Snyk Security Scan - Comprehensive security vulnerability scanning for dependencies, IaC, containers, and code using Snyk
- Publish Docker Images - Build and push Docker images to GitHub Container Registry
- Publish Kustomize Bundle - Build and push Kustomize bundles to GitHub Container Registry
- Update Plugin Index - Open a PR against a datumctl plugin catalog to bump a plugin manifest to a new release, refreshing version, URLs, and checksums
- Lint GitHub Actions Workflows - Validate workflow files using actionlint to catch errors and best practice violations
- Validate Kustomize Configurations - Validate all Kustomize configurations by building them and checking for errors
All workflows are designed to be used as reusable workflows. Reference them in your repository workflows using:
jobs:
job-name:
uses: datum-cloud/actions/.github/workflows/<workflow-name>.yaml@v1
with:
# inputs here
secrets: inherit- Use tagged versions: Always reference workflows with a specific version tag (e.g.,
@v1) to prevent unexpected breaking changes - Inherit secrets: Use
secrets: inheritto pass repository secrets to reusable workflows - Set permissions: Explicitly define required permissions in your workflow
- Review documentation: Check individual action documentation for specific requirements and examples
When adding new reusable workflows:
- Create the workflow file in
.github/workflows/ - Add comprehensive documentation in
docs/<workflow-name>/README.md - Follow the established documentation structure
- Update this README to include the new action
- Create a release with appropriate version tags
For issues or questions about these actions, please open an issue in the repository.