ivuorinen/actions - My Reusable GitHub Actions and Workflows

Overview

This repository contains a collection of reusable GitHub Actions designed to streamline CI/CD processes and ensure code quality.

Each action is fully self-contained and can be used independently in any GitHub repository.

Key Features

• Production-Ready Actions covering setup, linting, building, testing, and deployment
• Self-Contained Design - each action works independently without dependencies
• External Usage Ready - use any action with pinned refs: ivuorinen/actions/action-name@2025-01-15 or @<commit-sha> for supply-chain security
• Multi-Language Support including Node.js, PHP, Python, Go, C#, and more
• Standardized Patterns with consistent error handling and input/output interfaces
• Comprehensive Testing with dual testing framework (ShellSpec + pytest)
• Modular Build System using Makefile for development and maintenance

📚 Action Catalog

This repository contains 26 reusable GitHub Actions for CI/CD automation.

Quick Reference (26 Actions)

Icon	Action	Category	Description	Key Features
🔀	action-versioning	Utilities	Automatically update SHA-pinned action references to match l...	Token auth, Outputs
📦	ansible-lint-fix	Linting	Lints and fixes Ansible playbooks, commits changes, and uplo...	Caching, Token auth, Outputs
✅	biome-lint	Linting	Run Biome linter in check or fix mode	Caching, Auto-detection, Token auth, Outputs
🛡️	codeql-analysis	Repository	Run CodeQL security analysis for a single language with conf...	Auto-detection, Token auth, Outputs
🖼️	compress-images	Repository	Compress images on demand (workflow_dispatch), and at 11pm e...	Token auth, Outputs
📝	csharp-build	Build	Builds and tests C# projects.	Caching, Auto-detection, Token auth, Outputs
📝	csharp-lint-check	Linting	Runs linters like StyleCop or dotnet-format for C# code styl...	Caching, Auto-detection, Token auth, Outputs
📦	csharp-publish	Publishing	Publishes a C# project to GitHub Packages.	Caching, Auto-detection, Token auth, Outputs
📦	docker-build	Build	Builds a Docker image for multiple architectures with enhanc...	Caching, Auto-detection, Token auth, Outputs
☁️	docker-publish	Publishing	Simple wrapper to publish Docker images to GitHub Packages a...	Token auth, Outputs
✅	eslint-lint	Linting	Run ESLint in check or fix mode with advanced configuration ...	Caching, Auto-detection, Token auth, Outputs
📦	go-build	Build	Builds the Go project.	Caching, Auto-detection, Token auth, Outputs
📝	go-lint	Linting	Run golangci-lint with advanced configuration, caching, and ...	Caching, Token auth, Outputs
📝	language-version-detect	Setup	DEPRECATED: This action is deprecated. Inline version detect...	Auto-detection, Token auth, Outputs
📦	npm-publish	Publishing	Publishes the package to the NPM registry with configurable ...	Caching, Auto-detection, Token auth, Outputs
✅	php-tests	Testing	Run PHPUnit tests with optional Laravel setup and Composer d...	Caching, Auto-detection, Token auth, Outputs
✅	pr-lint	Linting	Runs MegaLinter against pull requests	Caching, Auto-detection, Token auth, Outputs
📦	pre-commit	Linting	Runs pre-commit on the repository and pushes the fixes back ...	Auto-detection, Token auth, Outputs
✅	prettier-lint	Linting	Run Prettier in check or fix mode with advanced configuratio...	Caching, Auto-detection, Token auth, Outputs
📝	python-lint-fix	Linting	Lints and fixes Python files, commits changes, and uploads S...	Caching, Auto-detection, Token auth, Outputs
📦	release-monthly	Repository	Creates a release for the current month, incrementing patch ...	Token auth, Outputs
🛡️	security-scan	Security	Comprehensive security scanning for GitHub Actions including...	Caching, Token auth, Outputs
📦	stale	Repository	A GitHub Action to close stale issues and pull requests.	Token auth, Outputs
🏷️	sync-labels	Repository	Sync labels from a YAML file to a GitHub repository	Token auth, Outputs
🖥️	terraform-lint-fix	Linting	Lints and fixes Terraform files with advanced validation and...	Token auth, Outputs
🛡️	validate-inputs	Validation	Centralized Python-based input validation for GitHub Actions...	Token auth, Outputs

Actions by Category

🔧 Setup (1 action)

Action	Description	Languages	Features
📝 language-version-detect	DEPRECATED: This action is deprecated. Inline vers...	PHP, Python, Go, .NET, Node.js	Auto-detection, Token auth, Outputs

🛠️ Utilities (1 action)

Action	Description	Languages	Features
🔀 action-versioning	Automatically update SHA-pinned action references ...	GitHub Actions	Token auth, Outputs

📝 Linting (10 actions)

Action	Description	Languages	Features
📦 ansible-lint-fix	Lints and fixes Ansible playbooks, commits changes...	Ansible, YAML	Caching, Token auth, Outputs
✅ biome-lint	Run Biome linter in check or fix mode	JavaScript, TypeScript, JSON	Caching, Auto-detection, Token auth, Outputs
📝 csharp-lint-check	Runs linters like StyleCop or dotnet-format for C#...	C#, .NET	Caching, Auto-detection, Token auth, Outputs
✅ eslint-lint	Run ESLint in check or fix mode with advanced conf...	JavaScript, TypeScript	Caching, Auto-detection, Token auth, Outputs
📝 go-lint	Run golangci-lint with advanced configuration, cac...	Go	Caching, Token auth, Outputs
✅ pr-lint	Runs MegaLinter against pull requests	Conventional Commits	Caching, Auto-detection, Token auth, Outputs
📦 pre-commit	Runs pre-commit on the repository and pushes the f...	Python, Multiple Languages	Auto-detection, Token auth, Outputs
✅ prettier-lint	Run Prettier in check or fix mode with advanced co...	JavaScript, TypeScript, Markdown, YAML, JSON	Caching, Auto-detection, Token auth, Outputs
📝 python-lint-fix	Lints and fixes Python files, commits changes, and...	Python	Caching, Auto-detection, Token auth, Outputs
🖥️ terraform-lint-fix	Lints and fixes Terraform files with advanced vali...	Terraform, HCL	Token auth, Outputs

🧪 Testing (1 action)

Action	Description	Languages	Features
✅ php-tests	Run PHPUnit tests with optional Laravel setup and ...	PHP, Laravel	Caching, Auto-detection, Token auth, Outputs

🏗️ Build (3 actions)

Action	Description	Languages	Features
📝 csharp-build	Builds and tests C# projects.	C#, .NET	Caching, Auto-detection, Token auth, Outputs
📦 docker-build	Builds a Docker image for multiple architectures w...	Docker	Caching, Auto-detection, Token auth, Outputs
📦 go-build	Builds the Go project.	Go	Caching, Auto-detection, Token auth, Outputs

🚀 Publishing (3 actions)

Action	Description	Languages	Features
📦 csharp-publish	Publishes a C# project to GitHub Packages.	C#, .NET	Caching, Auto-detection, Token auth, Outputs
☁️ docker-publish	Simple wrapper to publish Docker images to GitHub ...	Docker	Token auth, Outputs
📦 npm-publish	Publishes the package to the NPM registry with con...	Node.js, npm	Caching, Auto-detection, Token auth, Outputs

📦 Repository (5 actions)

Action	Description	Languages	Features
🛡️ codeql-analysis	Run CodeQL security analysis for a single language...	JavaScript, TypeScript, Python, Java, C#, C++, Go, Ruby	Auto-detection, Token auth, Outputs
🖼️ compress-images	Compress images on demand (workflow_dispatch), and...	Images, PNG, JPEG	Token auth, Outputs
📦 release-monthly	Creates a release for the current month, increment...	GitHub Actions	Token auth, Outputs
📦 stale	A GitHub Action to close stale issues and pull req...	GitHub Actions	Token auth, Outputs
🏷️ sync-labels	Sync labels from a YAML file to a GitHub repositor...	YAML, GitHub	Token auth, Outputs

🛡️ Security (1 action)

Action	Description	Languages	Features
🛡️ security-scan	Comprehensive security scanning for GitHub Actions...	-	Caching, Token auth, Outputs

✅ Validation (1 action)

Action	Description	Languages	Features
🛡️ validate-inputs	Centralized Python-based input validation for GitH...	YAML, GitHub Actions	Token auth, Outputs

Feature Matrix

Action	Caching	Auto-detection	Token auth	Outputs
action-versioning	-	-	✅	✅
ansible-lint-fix	✅	-	✅	✅
biome-lint	✅	✅	✅	✅
codeql-analysis	-	✅	✅	✅
compress-images	-	-	✅	✅
csharp-build	✅	✅	✅	✅
csharp-lint-check	✅	✅	✅	✅
csharp-publish	✅	✅	✅	✅
docker-build	✅	✅	✅	✅
docker-publish	-	-	✅	✅
eslint-lint	✅	✅	✅	✅
go-build	✅	✅	✅	✅
go-lint	✅	-	✅	✅
language-version-detect	-	✅	✅	✅
npm-publish	✅	✅	✅	✅
php-tests	✅	✅	✅	✅
pr-lint	✅	✅	✅	✅
pre-commit	-	✅	✅	✅
prettier-lint	✅	✅	✅	✅
python-lint-fix	✅	✅	✅	✅
release-monthly	-	-	✅	✅
security-scan	✅	-	✅	✅
stale	-	-	✅	✅
sync-labels	-	-	✅	✅
terraform-lint-fix	-	-	✅	✅
validate-inputs	-	-	✅	✅

Language Support

Language	Actions
.NET	csharp-build, csharp-lint-check, csharp-publish, language-version-detect
Ansible	ansible-lint-fix
C#	codeql-analysis, csharp-build, csharp-lint-check, csharp-publish
C++	codeql-analysis
Conventional Commits	pr-lint
Docker	docker-build, docker-publish
GitHub	sync-labels
GitHub Actions	action-versioning, release-monthly, stale, validate-inputs
Go	codeql-analysis, go-build, go-lint, language-version-detect
HCL	terraform-lint-fix
Images	compress-images
JPEG	compress-images
JSON	biome-lint, prettier-lint
Java	codeql-analysis
JavaScript	biome-lint, codeql-analysis, eslint-lint, prettier-lint
Laravel	php-tests
Markdown	prettier-lint
Multiple Languages	pre-commit
Node.js	language-version-detect, npm-publish
PHP	language-version-detect, php-tests
PNG	compress-images
Python	codeql-analysis, language-version-detect, pre-commit, python-lint-fix
Ruby	codeql-analysis
Terraform	terraform-lint-fix
TypeScript	biome-lint, codeql-analysis, eslint-lint, prettier-lint
YAML	ansible-lint-fix, prettier-lint, sync-labels, validate-inputs
npm	npm-publish

Action Usage

All actions can be used independently in your workflows:

# Recommended: Use pinned refs for supply-chain security
- uses: ivuorinen/actions/action-name@vYYYY-MM-DD # Date-based tag (example)
  with:
    # action-specific inputs

# Alternative: Use commit SHA for immutability
- uses: ivuorinen/actions/action-name@abc123def456 # Full commit SHA
  with:
    # action-specific inputs

Security Note: Always pin to specific tags or commit SHAs instead of @main to ensure reproducible workflows and supply-chain integrity.

---

Usage

Using Actions Externally

All actions in this repository can be used in your workflows like any other GitHub Action.

⚠️ Security Best Practice: Always pin actions to specific tags or commit SHAs instead of @main to ensure:

• Reproducibility: Workflows behave consistently over time
• Supply-chain integrity: Protection against unexpected changes or compromises
• Immutability: Reference exact versions that cannot be modified

steps:
  - name: Setup Node.js with Auto-Detection
    uses: ivuorinen/actions/node-setup@2025-01-15 # Date-based tag
    with:
      default-version: '20'

  - name: Detect PHP Version
    uses: ivuorinen/actions/php-version-detect@abc123def456 # Commit SHA
    with:
      default-version: '8.2'

  - name: Universal Version Parser
    uses: ivuorinen/actions/version-file-parser@2025-01-15
    with:
      language: 'python'
      tool-versions-key: 'python'
      dockerfile-image: 'python'
      version-file: '.python-version'
      default-version: '3.12'

Actions achieve modularity through composition:

steps:
  - name: Parse Version
    id: parse-version
    uses: ivuorinen/actions/version-file-parser@2025-01-15
    with:
      language: 'node'
      tool-versions-key: 'nodejs'
      dockerfile-image: 'node'
      version-file: '.nvmrc'
      default-version: '20'

  - name: Setup Node.js
    uses: actions/setup-node@sha
    with:
      node-version: ${{ steps.parse-version.outputs.detected-version }}

Development

This repository uses a Makefile-based build system for development tasks:

# Full workflow - docs, format, and lint
make all

# Individual operations
make docs          # Generate documentation for all actions
make format        # Format all files (markdown, YAML, JSON)
make lint          # Run all linters
make check         # Quick syntax and tool checks

# Development workflow
make dev           # Format then lint (good for development)
make ci            # CI workflow - check, docs, lint

Python Development

For Python development (validation system), use these specialized commands:

# Python development workflow
make dev-python         # Format, lint, and test Python code
make test-python        # Run Python unit tests
make test-python-coverage  # Run tests with coverage reporting

# Individual Python operations
make format-python      # Format Python files with ruff
make lint-python        # Lint Python files with ruff

The Python validation system (validate-inputs/) includes:

• CalVer and SemVer Support: Flexible version validation for different schemes
• Comprehensive Test Suite: Extensive test cases covering all validation types
• Security Features: Command injection and path traversal protection
• Performance: Efficient Python regex engine vs multiple bash processes

Testing

# Run all tests (Python + GitHub Actions)
make test

# Run specific test types
make test-python           # Python validation tests only
make test-actions          # GitHub Actions tests only
make test-action ACTION=node-setup  # Test specific action

# Coverage reporting
make test-coverage         # All tests with coverage
make test-python-coverage  # Python tests with coverage

For detailed development guidelines, see CLAUDE.md.

License

This project is licensed under the MIT License. See the LICENSE file for details.