Skip to content

README.md

Latest commit

 

History

History
279 lines (241 loc) · 9.52 KB

README.md

File metadata and controls

279 lines (241 loc) · 9.52 KB

Shared GitHub Workflows

Reusable workflows to plug into other repos via uses: vinitu-net/github-workflows/.github/workflows/<workflow>.yml@<tag>.

  • Always pin to a release tag (auto-created on every merge to main); avoid @main.
  • Each workflow accepts gh_token; if omitted it falls back to the built-in GITHUB_TOKEN.

Shared workflows (reusable)

workflow-determine-version-bump.yml

Detects which semver segment to bump for a PR targeting a branch.

Inputs

  • target-branch (default main): only consider PRs targeting this branch.
  • major-branch-prefixes, minor-branch-prefixes, patch-branch-prefixes: comma or newline separated branch prefixes to map to a bump.
  • default (default patch): fallback bump when no prefixes match.
  • pull-requests: PR payload when calling from workflow_call (e.g., toJson(github.event.pull_request)).

Outputs

  • version-bump: major, minor, or patch.
  • matching_pr: true if a PR against target-branch was found.

Branch prefix rules

  • Major bump examples: major/.
  • Minor bump examples: feature/, features/, release/, releases/.
  • Patch bump examples: fix/, fixes/.
  • If none match, default is applied (by default, patch).

Example

jobs:
  determine-version:
    uses: vinitu-net/github-workflows/.github/workflows/workflow-determine-version-bump.yml@vX.Y.Z
    with:
      target-branch: main
      major-branch-prefixes: major/
      minor-branch-prefixes: |
        feature/
        features/
        release/
        releases/
      patch-branch-prefixes: |
        fix/
        fixes/
      default: patch
    secrets:
      gh_token: ${{ secrets.GITHUB_TOKEN }}

workflow-merge-pull-requests.yml

Auto-merges same-repo PRs into a target branch after checks pass. Skips forks, draft PRs, and branches starting with wip.

Inputs

  • target-branch (default main): required base branch to merge into.
  • merge-method (default merge): merge, squash, or rebase.
  • pull-requests: PR payload for workflow_call (e.g., toJson(github.event.pull_request)).

Outputs

  • merged: true if at least one PR was merged.
  • merged-prs: JSON array with number, title, author, head.

Example

jobs:
  merge:
    uses: vinitu-net/github-workflows/.github/workflows/workflow-merge-pull-requests.yml@vX.Y.Z
    with:
      target-branch: main
      merge-method: squash
      pull-requests: ${{ toJson(github.event.pull_request) }}
    secrets:
      gh_token: ${{ secrets.GITHUB_TOKEN }}

workflow-create-tag.yml

Creates and pushes the provided tag (no version calculation inside this workflow).

Inputs

  • target-branch (default main): branch to check out before tagging.
  • next-tag (required): tag to create (e.g., v1.2.3).
  • previous-tag (required): previous tag that next-tag is based on.

Outputs

  • new-tag: tag that was created (e.g., v1.2.3).
  • previous-tag: previous tag that was passed in.

Example

jobs:
  create-tag:
    uses: vinitu-net/github-workflows/.github/workflows/workflow-create-tag.yml@vX.Y.Z
    with:
      target-branch: main
      next-tag: ${{ needs.calculate-tag.outputs.new-tag }}
      previous-tag: ${{ needs.calculate-tag.outputs.previous-tag }}
    secrets:
      gh_token: ${{ secrets.GITHUB_TOKEN }}

workflow-compute-next-tag.yml

Calculates the next semver tag from the provided bump and latest existing v* tag.

Inputs

  • target-branch (default main): branch to check out before reading tags.
  • version-bump (required): major, minor, or patch.

Outputs

  • new-tag: computed next tag (e.g., v1.2.3).
  • previous-tag: latest existing tag before the bump (or v0.0.0 if none).

Example

jobs:
  calculate-tag:
    uses: vinitu-net/github-workflows/.github/workflows/workflow-compute-next-tag.yml@vX.Y.Z
    with:
      target-branch: main
      version-bump: ${{ needs.determine-version.outputs.version-bump }}
    secrets:
      gh_token: ${{ secrets.GITHUB_TOKEN }}

workflow-update-version-file.yml

Writes the provided tag into a version file on a target branch and pushes the commit.

Inputs

  • target-branch (default master): branch to check out before writing the version file.
  • version-file (default public/version.txt): path to overwrite with the new tag.
  • next-tag (required): tag value to write.

Outputs

  • new-tag: tag that was written.

Example

jobs:
  write-version:
    uses: vinitu-net/github-workflows/.github/workflows/workflow-update-version-file.yml@vX.Y.Z
    with:
      target-branch: master
      version-file: public/version.txt
      next-tag: ${{ needs.calculate-tag.outputs.new-tag }}
    secrets:
      gh_token: ${{ secrets.GITHUB_TOKEN }}

workflow-create-release.yml

Publishes a GitHub Release for a given tag. If merged-prs is omitted or empty, it collects merged PRs between previous-tag and tag-name.

Inputs

  • tag-name (required): tag to publish.
  • previous-tag (default v0.0.0): used for changelog comparison.
  • merged-prs (default []): JSON array of merged PR metadata.

Example

jobs:
  create-release:
    uses: vinitu-net/github-workflows/.github/workflows/workflow-create-release.yml@vX.Y.Z
    with:
      tag-name: ${{ needs.create-tag outputs.new-tag }}
      previous-tag: ${{ needs.create-tag.outputs.previous-tag }}
      merged-prs: ${{ needs.merge.outputs.merged-prs }}
    secrets:
      gh_token: ${{ secrets.GITHUB_TOKEN }}

workflow-deploy-to-s3.yml

Syncs a directory to an S3 bucket with optional Cloudflare cache purge and SES notification.

Inputs

  • bucket (required): destination S3 bucket (without s3://).
  • source (default public): local directory to sync.
  • aws-region (default us-west-2): region for S3/SES calls.
  • delete-extra-files (default true): remove objects not present locally.
  • target-branch (default master): branch to check out before syncing.
  • ref (optional): explicit git ref (commit SHA/tag/branch) to deploy; overrides target-branch when set.
  • cloudflare-zone-id (optional): zone to purge after deploy.
  • purge-cloudflare (default true): whether to purge the zone when credentials are provided.
  • email-subject (optional): SES email subject (defaults to the bucket name).
  • email-body (optional): SES email body (defaults to an auto-generated message).

Secrets

  • aws_access_key_id (required)
  • aws_secret_access_key (required)
  • aws_session_token (optional)
  • cloudflare_api_token (optional)
  • email_from (optional)
  • email_to (optional)

Outputs

  • deployed: true when the S3 sync completes.

Example

jobs:
  deploy-static:
    needs: tests
    uses: vinitu-net/github-workflows/.github/workflows/workflow-deploy-to-s3.yml@vX.Y.Z
    with:
      ref: ${{ github.sha }}
      bucket: www.example.com
      source: public
      aws-region: us-west-2
      delete-extra-files: true
      cloudflare-zone-id: ${{ secrets.CLOUDFLARE_ZONE_ID }}
      email-subject: "Site deployed"
    secrets:
      aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
      aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }}
      email_from: ${{ secrets.EMAIL_FROM }}
      email_to: ${{ secrets.EMAIL_TO }}

End-to-end usage in a caller repo

jobs:
  determine-version:
    uses: vinitu-net/github-workflows/.github/workflows/workflow-determine-version-bump.yml@vX.Y.Z
    with:
      target-branch: main
      major-branch-prefixes: major/
      minor-branch-prefixes: |
        feature/
        features/
        release/
        releases/
      patch-branch-prefixes: |
        fix/
        fixes/
    secrets:
      gh_token: ${{ secrets.GITHUB_TOKEN }}

  merge:
    needs: determine-version
    uses: vinitu-net/github-workflows/.github/workflows/workflow-merge-pull-requests.yml@vX.Y.Z
    with:
      target-branch: main
      pull-requests: ${{ toJson(github.event.pull_request) }}
    secrets:
      gh_token: ${{ secrets.GITHUB_TOKEN }}

  calculate-tag:
    needs: [determine-version, merge]
    if: ${{ needs.merge.outputs.merged == 'true' }}
    uses: vinitu-net/github-workflows/.github/workflows/workflow-compute-next-tag.yml@vX.Y.Z
    with:
      target-branch: main
      version-bump: ${{ needs.determine-version.outputs.version-bump }}
    secrets:
      gh_token: ${{ secrets.GITHUB_TOKEN }}

  create-tag:
    needs: [determine-version, merge, calculate-tag]
    if: ${{ needs.merge.outputs.merged == 'true' }}
    uses: vinitu-net/github-workflows/.github/workflows/workflow-create-tag.yml@vX.Y.Z
    with:
      target-branch: main
      next-tag: ${{ needs.calculate-tag.outputs.new-tag }}
      previous-tag: ${{ needs.calculate-tag.outputs.previous-tag }}
    secrets:
      gh_token: ${{ secrets.GITHUB_TOKEN }}

  create-release:
    needs: [merge, create-tag]
    if: ${{ needs.merge.outputs.merged == 'true' }}
    uses: vinitu-net/github-workflows/.github/workflows/workflow-create-release.yml@vX.Y.Z
    with:
      tag-name: ${{ needs.create-tag.outputs.new-tag }}
      previous-tag: ${{ needs.create-tag.outputs.previous-tag }}
      merged-prs: ${{ needs.merge.outputs.merged-prs }}
    secrets:
      gh_token: ${{ secrets.GITHUB_TOKEN }}

Repo-local workflows (used only in this repo)

  • .github/workflows/auto-merge.yml — PR CI for this repo: runs actionlint on PRs to main and auto-merges same-repo PRs after checks pass.
  • .github/workflows/release.yml — release pipeline for this repo, triggered after Auto Merge PRs; determines bump, tags, and publishes a release.