Reusable-Actions
Repository where all pipelines will be stored for reuse in other projects
MIT License
Reusable GitHub Actions Workflows
This repository contains a collection of reusable GitHub Actions workflows for automating CI/CD processes with Docker, ECR, Terraform, and security scanning with Trivy.
Workflows
Build and Push
File: build-push-scan.yml
This workflow is responsible for building, pushing, and scanning a Docker image. It checks if the ECR repository exists, logs in, builds the image, pushes it to ECR, and saves the image name as an artifact.
ECR Repository Management
File: create-repository-elastic-container-registry.yml
This workflow manages ECR repositories using Terraform. It initializes Terraform, configures AWS credentials, plans, and applies changes to the ECR repository.
Terraform Deploy
File: terraform-deploy.yml
This workflow is used for deploying infrastructure using Terraform. It downloads the Docker image name, configures AWS credentials, initializes and applies the Terraform plan, and sends notifications to Slack.
Trivy Scan
File: trivy.yml
This workflow scans Docker images for vulnerabilities using Trivy. It downloads the Docker image name, configures AWS credentials, logs into ECR, and runs the scan with Trivy.
SonarQube Scan
File: sonarqube.yml
This workflow scans code quality using SonarQube. It configures the SonarQube scanner, runs the scan, and sends the results to SonarQube.
Create Pull Request
File: create-pull-request.yml
This workflow creates a pull request using the GitHub API. It configures the pull request title, body, and branch name.
Usage
To use the workflows, add the following code to your main workflow:
jobs:
build-push-scan:
uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]
secrets:
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_REGION: ${{ secrets.AWS_REGION }}
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
create-repository-elastic-container-registry:
uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]
secrets:
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_REGION: ${{ secrets.AWS_REGION }}
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
WORKING_DIRECTORY: ${{ secrets.WORKING_DIRECTORY }}
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
TF_BACKEND_KEY: ${{ secrets.TF_BACKEND_KEY }}
TF_BACKEND_REGION: ${{ secrets.TF_BACKEND_REGION }}
TF_BACKEND_BUCKET: ${{ secrets.TF_BACKEND_BUCKET }}
terraform-deploy:
uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]
with:
environment: 'Development' <- Change to 'Production' for production
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_PRD }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_PRD }}
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
WORKING_DIRECTORY: ${{ secrets.WORKING_DIRECTORY }}
TF_BACKEND_KEY: ${{ secrets.TF_BACKEND_KEY }}
TF_BACKEND_REGION: ${{ secrets.TF_BACKEND_REGION }}
TF_BACKEND_BUCKET: ${{ secrets.PROD_TF_BACKEND_BUCKET }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }}
trivy-scan:
uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]
secrets:
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_REGION: ${{ secrets.AWS_REGION }}
sonarqube-scan:
uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]
secrets:
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONARQUBE_URL }}
create-pull-request:
uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]
secrets:
with:
destination_branch: 'main'
