Repository where all pipelines will be stored for reuse in other projects
MIT License
This repository contains a collection of reusable GitHub Actions workflows for automating CI/CD processes with Docker, ECR, Terraform, and security scanning with Trivy.
File: build-push-scan.yml
This workflow is responsible for building, pushing, and scanning a Docker image. It checks if the ECR repository exists, logs in, builds the image, pushes it to ECR, and saves the image name as an artifact.
File: create-repository-elastic-container-registry.yml
This workflow manages ECR repositories using Terraform. It initializes Terraform, configures AWS credentials, plans, and applies changes to the ECR repository.
File: terraform-deploy.yml
This workflow is used for deploying infrastructure using Terraform. It downloads the Docker image name, configures AWS credentials, initializes and applies the Terraform plan, and sends notifications to Slack.
File: trivy.yml
This workflow scans Docker images for vulnerabilities using Trivy. It downloads the Docker image name, configures AWS credentials, logs into ECR, and runs the scan with Trivy.
File: sonarqube.yml
This workflow scans code quality using SonarQube. It configures the SonarQube scanner, runs the scan, and sends the results to SonarQube.
File: create-pull-request.yml
This workflow creates a pull request using the GitHub API. It configures the pull request title, body, and branch name.
To use the workflows, add the following code to your main workflow:
jobs:
build-push-scan:
uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]
secrets:
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_REGION: ${{ secrets.AWS_REGION }}
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
create-repository-elastic-container-registry:
uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]
secrets:
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_REGION: ${{ secrets.AWS_REGION }}
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
WORKING_DIRECTORY: ${{ secrets.WORKING_DIRECTORY }}
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
TF_BACKEND_KEY: ${{ secrets.TF_BACKEND_KEY }}
TF_BACKEND_REGION: ${{ secrets.TF_BACKEND_REGION }}
TF_BACKEND_BUCKET: ${{ secrets.TF_BACKEND_BUCKET }}
terraform-deploy:
uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]
with:
environment: 'Development' <- Change to 'Production' for production
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_PRD }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_PRD }}
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
WORKING_DIRECTORY: ${{ secrets.WORKING_DIRECTORY }}
TF_BACKEND_KEY: ${{ secrets.TF_BACKEND_KEY }}
TF_BACKEND_REGION: ${{ secrets.TF_BACKEND_REGION }}
TF_BACKEND_BUCKET: ${{ secrets.PROD_TF_BACKEND_BUCKET }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }}
trivy-scan:
uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]
secrets:
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_REGION: ${{ secrets.AWS_REGION }}
sonarqube-scan:
uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]
secrets:
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONARQUBE_URL }}
create-pull-request:
uses: FWesleycosta/Reusable-Actions/.github/workflows/[email protected]
secrets:
with:
destination_branch: 'main'