Skip to content

Wiredcraft/github-actions

Repository files navigation

github-actions

A collection for the various Github actions used in Wiredcraft.

Workflows

Docker build

Params Describe Required
inputs.project the project name on Harbor for this image Yes
inputs.component the component name e.g. oms, it's usually the image name, by default it's github.event.repository.name No
inputs.node_env the node env when build nodejs app, default production No
inputs.push push to remote registry or not ,default true No
inputs.docker_context path for docker build to execute, default ./ No
inputs.docker_file the Dockefile, default ./Dockerfile No
inputs.runner runner to run the docker build. default cn No
secrets.REGISTRY_USERNAME remote Harbor registry user Yes
secrets.REGISTRY_PASSWORD remote Harbor registry password Yes
secrets.NPM_TOKEN npm token to pull legacy npm private packages No
outputs.docker_tags tags from https://github.com/docker/metadata-action#outputs -
outputs.runner the Github Runner to run this build -

Simple build:

name: Build Docker image
on: [push]
jobs:
  build:
    uses: Wiredcraft/github-actions/.github/workflows/docker_build.yml@master
    with:
      project: internal
    secrets:
      REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
      REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}

Slack Statuc Notify

You can use this workflow to post status updates to Slack channel.

The possiable status are:

  • In Progress
  • Success
  • Failure
  • Cancelled
  • Skipped

e.g. image

Params Describe Required
inputs.status one of success, failure, cancelled, skipped, it will be In Progress if no value given No
inputs.slack_channel_id the channel id of the Slack channel, not the channel name Yes
inputs.msg the status message to Slack, you can use mrkdwn syntax Yes
secrets.SLACK_BOT_TOKEN the OAuth app token of the Slack bot to send message in Slack Yes

This is an example for how to use it in your workflow:

name: Hello
run-name: hello

on:
  push:
    branches:
    - master

jobs:
  pre-slack-notify:
    uses: Wiredcraft/github-actions/.github/workflows/slack_status_notify.yml@master
    with:
      slack_channel_id: "CXXXXXXX"
      msg: "saying hello"
    secrets:
      SLACK_BOT_TOKEN: ${{ secrets.YOUR_SLACK_BOT_TOKEN }}

  greeting:
    runs-on: ubuntu-latest
    needs: [pre-slack-notify]
    steps:
    - name: Hello
      run: echo "Hello!"

  post-slack-notify:
    uses: Wiredcraft/github-actions/.github/workflows/slack_status_notify.yml@master
    needs: [greeting]
    if: ${{ always() }}
    with:
      status: ${{ needs.greeting.result }}
      slack_channel_id: "CXXXXXXXX"
      msg: "said hello"
    secrets:
      SLACK_BOT_TOKEN: ${{ secrets.YOUR_SLACK_BOT_TOKEN }}

Vulnerability Scannning

We use Trivy to scan the vulnerability in CI build pipelines. The enabled scan scope:

  • secret
  • vulnerability
Params Describe Required
inputs.docker_tags the meta tags from metadata-action Yes
inputs.runner which runner to run this workflow Yes
name: Build Docker image
on: [push]
jobs:
  build:
    uses: Wiredcraft/github-actions/.github/workflows/docker_build.yml@master
    with:
      project: internal
    secrets:
      REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
      REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
  security:
    needs: [build]
      name: scan vulnerabilities
      uses: Wiredcraft/github-actions/.github/workflows/vulnerability_scanning.yml@master
      with:
        runner: ${{ needs.build.outputs.runner }}
        docker_tags: ${{ needs.build.outputs.docker_tags }}

Check Github user permission

Params Describe Requred
inputs.token Github Token with org member read only access Yes
inputs.org Gitub org for the team, by default it's Wiredcraft No
inputs.team Github team slug Yes
inputs.username Github user, suggest to use github.triggering_actor or github.actor Yes
name: Send msg to Slack
on: [push]
jobs:
  check-permission:
    runs-on: ubuntu-latest
    outputs:
      allow: ${{ steps.check-github-permission.outputs.is_member }}
    steps:
      - id: check-github-permission
        uses: Wiredcraft/github-actions/check-github-user-permission@master
        with:
          token: ${{ secrets.GITHUB_ORG_TOKEN }}
          team: devops
          username: ${{ github.triggering_actor || github.actor }}


  slack-notify:
    uses: Wiredcraft/github-actions/.github/workflows/slack_status_notify.yml@master
    needs: [check-permission]
    if: needs.check-permission.outputs.allow == 'true'
    with:
      slack_channel_id: "Cxxxxxx" #
      msg: "Hello this is a msg from Github Action"
    secrets:
      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}

Create Grafana Annotation

Params Describe Required
inputs.token Grafana token to request Grafana HTTP annotation API Yes
inputs.host Grafana API host Yes
inputs.text Text of the annotation Yes
inputs.time Time for this annotation, by default it's Date.now() No
inputs.time_end Time for this annotation to end, by default it's empty No
inputs.dashboard_id Id of the dashboard to add the annotation on, by default it apply to all dashboards No
inputs.panel_id Id of the panel to add the annotation on, by default it apply to all panels No
inputs.tags Comma-separated list of tags assigned to the annotation, e.g. release, backend No
name: Deploy backend
on:
  push:
    branches:
    - master

jobs:
  grafana-annotation:
  runs-on: cn
  steps:
    - uses: Wiredcraft/github-actions/create-grafana-annotation@master
      with:
        token: ${{ secrets.GRAFANA_TOKEN }}
        host: ${{ vars.GRAFANA_HOST }}
        text: New release
        dashboard_id: 1
        tags: 'release, backend'

Setup metamix

Params Describe Required
inputs.binary_download_url the url of metamix binary download Yes
name: Setup metamix
on:
  push:
    branches:
      - master

jobs:
  setup:
    runs-on: cn
    steps:
      - uses: Wiredcraft/github-actions/metamix-setup@master
        with:
          binary_download_url: 'https://example/metamix-linux-amd64'

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published