ivuorinen/actions - My Reusable GitHub Actions and Workflows

July 3, 2026 ยท View on GitHub

OpenSSF Scorecard

Overview

This repository contains a collection of reusable GitHub Actions designed to streamline CI/CD processes and ensure code quality.

Each action is fully self-contained and can be used independently in any GitHub repository.

Key Features

  • Production-Ready Actions covering setup, linting, building, testing, and deployment
  • Self-Contained Design - each action works independently without dependencies
  • External Usage Ready - use any action with pinned refs: ivuorinen/actions/action-name@2025-01-15 or @<commit-sha> for supply-chain security
  • Multi-Language Support including Node.js, PHP, Python, Go, C#, and more
  • Standardized Patterns with consistent error handling and input/output interfaces
  • Comprehensive Testing with dual testing framework (ShellSpec + pytest)
  • Modular Build System using Makefile for development and maintenance

๐Ÿ“š Action Catalog

This repository contains 25 reusable GitHub Actions for CI/CD automation.

Quick Reference (25 Actions)

IconActionCategoryDescriptionKey Features
๐Ÿ“ฆansible-lint-fixLintingLints and fixes Ansible playbooks, commits changes, and uplo...Caching, Auto-detection, Token auth, Outputs
โœ…biome-lintLintingRun Biome linter in check or fix modeCaching, Auto-detection, Token auth, Outputs
๐Ÿ›ก๏ธcodeql-analysisRepositoryRun CodeQL security analysis for a single language with conf...Auto-detection, Token auth, Outputs
๐Ÿ–ผ๏ธcompress-imagesRepositoryCompress images on demand (workflow_dispatch), and at 11pm e...Token auth, Outputs
๐Ÿ“csharp-buildBuildBuilds and tests C# projects.Caching, Auto-detection, Token auth, Outputs
๐Ÿ“csharp-lint-checkLintingRuns linters like StyleCop or dotnet-format for C# code styl...Caching, Auto-detection, Token auth, Outputs
๐Ÿ“ฆcsharp-publishPublishingPublishes a C# project to GitHub Packages.Caching, Auto-detection, Token auth, Outputs
๐Ÿ“ฆdocker-buildBuildBuilds a Docker image for multiple architectures with enhanc...Caching, Auto-detection, Token auth, Outputs
โ˜๏ธdocker-publishPublishingSimple wrapper to publish Docker images to GitHub Packages a...Token auth, Outputs
โœ…eslint-lintLintingRun ESLint in check or fix mode with advanced configuration ...Caching, Auto-detection, Token auth, Outputs
๐Ÿ“ฆgo-buildBuildBuilds the Go project.Caching, Auto-detection, Token auth, Outputs
๐Ÿ“go-lintLintingRun golangci-lint with advanced configuration, caching, and ...Caching, Token auth, Outputs
๐Ÿ“language-version-detectSetupDEPRECATED: This action is deprecated. Inline version detect...Auto-detection, Token auth, Outputs
๐Ÿ“ฆnpm-publishPublishingPublishes the package to the NPM registry with configurable ...Caching, Auto-detection, Token auth, Outputs
๐Ÿ“ฆnpm-semantic-releaseOtherRuns semantic-release for automated npm versioning and publi...Caching, Auto-detection, Outputs
โœ…php-testsTestingRun PHPUnit tests with optional Laravel setup and Composer d...Caching, Auto-detection, Token auth, Outputs
โœ…pr-lintLintingRuns MegaLinter against pull requestsCaching, Auto-detection, Token auth, Outputs
๐Ÿ“ฆpre-commitLintingRuns pre-commit on the repository and pushes the fixes back ...Auto-detection, Token auth, Outputs
โœ…prettier-lintLintingRun Prettier in check or fix mode with advanced configuratio...Caching, Auto-detection, Token auth, Outputs
๐Ÿ“python-lint-fixLintingLints and fixes Python files, commits changes, and uploads S...Caching, Auto-detection, Token auth, Outputs
๐Ÿ“ฆrelease-monthlyRepositoryCreates a release for the current month, incrementing patch ...Token auth, Outputs
๐Ÿ›ก๏ธsecurity-scanSecurityComprehensive security scanning for GitHub Actions including...Caching, Token auth, Outputs
๐Ÿ“ฆstaleRepositoryA GitHub Action to close stale issues and pull requests.Token auth, Outputs
๐Ÿท๏ธsync-labelsRepositorySync GitHub labels declaratively from a YAML/JSON manifest (...Token auth, Outputs
๐Ÿ–ฅ๏ธterraform-lint-fixLintingLints and fixes Terraform files with advanced validation and...Token auth, Outputs

Actions by Category

๐Ÿ”ง Setup (1 action)

ActionDescriptionLanguagesFeatures
๐Ÿ“ language-version-detectDEPRECATED: This action is deprecated. Inline vers...PHP, Python, Go, .NET, Node.jsAuto-detection, Token auth, Outputs

๐Ÿ“ Linting (10 actions)

ActionDescriptionLanguagesFeatures
๐Ÿ“ฆ ansible-lint-fixLints and fixes Ansible playbooks, commits changes...Ansible, YAMLCaching, Auto-detection, Token auth, Outputs
โœ… biome-lintRun Biome linter in check or fix modeJavaScript, TypeScript, JSONCaching, Auto-detection, Token auth, Outputs
๐Ÿ“ csharp-lint-checkRuns linters like StyleCop or dotnet-format for C#...C#, .NETCaching, Auto-detection, Token auth, Outputs
โœ… eslint-lintRun ESLint in check or fix mode with advanced conf...JavaScript, TypeScriptCaching, Auto-detection, Token auth, Outputs
๐Ÿ“ go-lintRun golangci-lint with advanced configuration, cac...GoCaching, Token auth, Outputs
โœ… pr-lintRuns MegaLinter against pull requestsConventional CommitsCaching, Auto-detection, Token auth, Outputs
๐Ÿ“ฆ pre-commitRuns pre-commit on the repository and pushes the f...Python, Multiple LanguagesAuto-detection, Token auth, Outputs
โœ… prettier-lintRun Prettier in check or fix mode with advanced co...JavaScript, TypeScript, Markdown, YAML, JSONCaching, Auto-detection, Token auth, Outputs
๐Ÿ“ python-lint-fixLints and fixes Python files, commits changes, and...PythonCaching, Auto-detection, Token auth, Outputs
๐Ÿ–ฅ๏ธ terraform-lint-fixLints and fixes Terraform files with advanced vali...Terraform, HCLToken auth, Outputs

๐Ÿงช Testing (1 action)

ActionDescriptionLanguagesFeatures
โœ… php-testsRun PHPUnit tests with optional Laravel setup and ...PHP, LaravelCaching, Auto-detection, Token auth, Outputs

๐Ÿ—๏ธ Build (3 actions)

ActionDescriptionLanguagesFeatures
๐Ÿ“ csharp-buildBuilds and tests C# projects.C#, .NETCaching, Auto-detection, Token auth, Outputs
๐Ÿ“ฆ docker-buildBuilds a Docker image for multiple architectures w...DockerCaching, Auto-detection, Token auth, Outputs
๐Ÿ“ฆ go-buildBuilds the Go project.GoCaching, Auto-detection, Token auth, Outputs

๐Ÿš€ Publishing (3 actions)

ActionDescriptionLanguagesFeatures
๐Ÿ“ฆ csharp-publishPublishes a C# project to GitHub Packages.C#, .NETCaching, Auto-detection, Token auth, Outputs
โ˜๏ธ docker-publishSimple wrapper to publish Docker images to GitHub ...DockerToken auth, Outputs
๐Ÿ“ฆ npm-publishPublishes the package to the NPM registry with con...Node.js, npmCaching, Auto-detection, Token auth, Outputs

๐Ÿ“ฆ Repository (5 actions)

ActionDescriptionLanguagesFeatures
๐Ÿ›ก๏ธ codeql-analysisRun CodeQL security analysis for a single language...JavaScript, TypeScript, Python, Java, C#, C++, Go, RubyAuto-detection, Token auth, Outputs
๐Ÿ–ผ๏ธ compress-imagesCompress images on demand (workflow_dispatch), and...Images, PNG, JPEGToken auth, Outputs
๐Ÿ“ฆ release-monthlyCreates a release for the current month, increment...GitHub ActionsToken auth, Outputs
๐Ÿ“ฆ staleA GitHub Action to close stale issues and pull req...GitHub ActionsToken auth, Outputs
๐Ÿท๏ธ sync-labelsSync GitHub labels declaratively from a YAML/JSON ...YAML, GitHubToken auth, Outputs

๐Ÿ›ก๏ธ Security (1 action)

ActionDescriptionLanguagesFeatures
๐Ÿ›ก๏ธ security-scanComprehensive security scanning for GitHub Actions...-Caching, Token auth, Outputs

Feature Matrix

ActionCachingAuto-detectionToken authOutputs
ansible-lint-fixโœ…โœ…โœ…โœ…
biome-lintโœ…โœ…โœ…โœ…
codeql-analysis-โœ…โœ…โœ…
compress-images--โœ…โœ…
csharp-buildโœ…โœ…โœ…โœ…
csharp-lint-checkโœ…โœ…โœ…โœ…
csharp-publishโœ…โœ…โœ…โœ…
docker-buildโœ…โœ…โœ…โœ…
docker-publish--โœ…โœ…
eslint-lintโœ…โœ…โœ…โœ…
go-buildโœ…โœ…โœ…โœ…
go-lintโœ…-โœ…โœ…
language-version-detect-โœ…โœ…โœ…
npm-publishโœ…โœ…โœ…โœ…
npm-semantic-releaseโœ…โœ…-โœ…
php-testsโœ…โœ…โœ…โœ…
pr-lintโœ…โœ…โœ…โœ…
pre-commit-โœ…โœ…โœ…
prettier-lintโœ…โœ…โœ…โœ…
python-lint-fixโœ…โœ…โœ…โœ…
release-monthly--โœ…โœ…
security-scanโœ…-โœ…โœ…
stale--โœ…โœ…
sync-labels--โœ…โœ…
terraform-lint-fix--โœ…โœ…

Language Support

LanguageActions
.NETcsharp-build, csharp-lint-check, csharp-publish, language-version-detect
Ansibleansible-lint-fix
C#codeql-analysis, csharp-build, csharp-lint-check, csharp-publish
C++codeql-analysis
Conventional Commitspr-lint
Dockerdocker-build, docker-publish
GitHubsync-labels
GitHub Actionsrelease-monthly, stale
Gocodeql-analysis, go-build, go-lint, language-version-detect
HCLterraform-lint-fix
Imagescompress-images
JPEGcompress-images
JSONbiome-lint, prettier-lint
Javacodeql-analysis
JavaScriptbiome-lint, codeql-analysis, eslint-lint, prettier-lint
Laravelphp-tests
Markdownprettier-lint
Multiple Languagespre-commit
Node.jslanguage-version-detect, npm-publish
PHPlanguage-version-detect, php-tests
PNGcompress-images
Pythoncodeql-analysis, language-version-detect, pre-commit, python-lint-fix
Rubycodeql-analysis
Terraformterraform-lint-fix
TypeScriptbiome-lint, codeql-analysis, eslint-lint, prettier-lint
YAMLansible-lint-fix, prettier-lint, sync-labels
npmnpm-publish

Action Usage

All actions can be used independently in your workflows:

# Recommended: Use pinned refs for supply-chain security
- uses: ivuorinen/actions/action-name@vYYYY-MM-DD # Date-based tag (example)
  with:
    # action-specific inputs

# Alternative: Use commit SHA for immutability
- uses: ivuorinen/actions/action-name@abc123def456 # Full commit SHA
  with:
    # action-specific inputs

Security Note: Always pin to specific tags or commit SHAs instead of @main to ensure reproducible workflows and supply-chain integrity.


Usage

Using Actions Externally

All actions in this repository can be used in your workflows like any other GitHub Action.

โš ๏ธ Security Best Practice: Always pin actions to specific tags or commit SHAs instead of @main to ensure:

  • Reproducibility: Workflows behave consistently over time
  • Supply-chain integrity: Protection against unexpected changes or compromises
  • Immutability: Reference exact versions that cannot be modified
steps:
  - name: Run Pre-commit Checks
    uses: ivuorinen/actions/pre-commit@7061aafd35a2f21b57653e34f2b634b2a19334a9
    with:
      token: ${{ secrets.GITHUB_TOKEN }}

  - name: Publish npm Package
    uses: ivuorinen/actions/npm-publish@v2025.04.05
    with:
      node-version: '20'
      npm-token: ${{ secrets.NPM_TOKEN }}

Development

This repository uses a Makefile-based build system for development tasks:

# Full workflow (install-tools, update-validators, docs, update-catalog, format, lint, precommit)
make all

# Individual operations
make docs          # Generate documentation for all actions
make format        # Format all files (markdown, YAML, JSON)
make lint          # Run all linters
make check         # Quick syntax and tool checks

# Development workflow
make dev           # Format then lint (good for development)
make ci            # CI workflow - check, docs, lint

Python Development

For Python development (validation system), use these specialized commands:

# Python development workflow
make dev-python         # Format, lint, and test Python code
make test-python        # Run Python unit tests
make test-python-coverage  # Run tests with coverage reporting

# Individual Python operations
make format-python      # Format Python files with ruff
make lint-python        # Lint Python files with ruff

The validation system (_validation/) generates a self-contained validate.py for each action:

  • Single Source of Truth: _validation/kit.py defines every check once; _validation/spec.py maps each action's inputs to checks; make update-validators regenerates the validators.
  • Self-Contained & Stdlib-Only: each <action>/validate.py runs with python3 โ€” no uv, no third-party dependencies, and no shared action.
  • CalVer and SemVer Support: flexible version validation for different schemes.
  • Security Features: command-injection and path-traversal protection; fail-closed on invalid input.
  • Tested: _validation/tests/ covers every check plus a drift test that re-runs the generator.

Testing

# Run all tests (Python + GitHub Actions)
make test

# Run specific test types
make test-python           # Python validation tests only
make test-actions          # GitHub Actions tests only
make test-action ACTION=go-build    # Test specific action

# Coverage reporting
make test-coverage         # All tests with coverage
make test-python-coverage  # Python tests with coverage

For detailed development guidelines, see CLAUDE.md.

License

This project is licensed under the MIT License. See the LICENSE file for details.