### Quick Start: Release JS App Bundle Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/js-ops.md Example of how to trigger the reusable js-ops workflow for a standard release. Ensure the caller has 'contents: write' permissions. ```yaml name: Release JS App Bundle on: push: branches: - latest jobs: standard-release: permissions: contents: write uses: udx/reusable-workflows/.github/workflows/js-ops.yml@master ``` -------------------------------- ### Quick Start: Release Workflow Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Use this snippet to integrate the Docker Operations Workflow into your CI/CD pipeline. It defines a release job triggered on pushes to the main branch and calls the reusable workflow with basic image details. ```yaml name: Release on: push: branches: [main] jobs: release: permissions: contents: write id-token: write uses: udx/reusable-workflows/.github/workflows/docker-ops.yml@master with: image_name: my-app docker_login: myusername docker_org: myorg docker_repo: my-app secrets: docker_token: ${{ secrets.DOCKER_TOKEN }} ``` -------------------------------- ### Disable ARM64 Builds for Docker Hub Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Example demonstrating how to disable ARM64 builds by specifying 'build_platforms' when a specific architecture runner is not available. Release runs publish only the final tags ('version', 'latest'). ```yaml jobs: release: uses: udx/reusable-workflows/.github/workflows/docker-ops.yml@master with: image_name: my-app docker_login: myusername docker_org: myorg docker_repo: my-app build_platforms: linux/amd64 secrets: docker_token: ${{ secrets.DOCKER_TOKEN }} ``` -------------------------------- ### GitHub Actions: Call NPM Release Workflow (Contract-First) Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/npm-release-ops.md Example of how to call the reusable npm-release-ops.yml workflow from a caller job. It specifies inputs for Node.js version, release branch, distribution directory, provenance, and GitHub release enablement. It also shows how to pass secrets like GH_TOKEN. ```yaml jobs: publish: permissions: contents: write id-token: write uses: udx/reusable-workflows/.github/workflows/npm-release-ops.yml@master with: node_version: "24" release_branch: "latest" dist_dir: "dist" provenance: true enable_gh_release: true secrets: gh_token: ${{ secrets.GH_TOKEN }} ``` -------------------------------- ### GitHub Actions: Call NPM Release Workflow (With Inputs/Secrets) Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/npm-release-ops.md An alternative pattern for calling a reusable workflow, specifically when the reusable workflow declares inputs like 'package_version' and secrets like 'npm_token'. This example demonstrates how to pass these values from the caller. ```yaml jobs: publish: uses: my-org/my-repo/.github/workflows/publish.yml@main with: package_version: ${{ inputs.package_version }} secrets: npm_token: ${{ secrets.NPM_TOKEN }} ``` -------------------------------- ### GitHub Workflow: Publish WP Plugin Release Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/wp-gh-release-ops.md Example of how to call the reusable workflow for publishing a WordPress plugin release. It defines inputs for the release tag, version, and pre-release status, and specifies necessary permissions. ```yaml name: Publish Release on: workflow_dispatch: inputs: tag: description: 'Release tag (e.g. 1.2.3a)' required: true version: description: 'Release version (e.g. 1.2.3), default: latest' required: false prerelease: description: 'Pre-release version (e.g. RC1, beta, etc...)' required: false permissions: contents: write jobs: release: uses: udx/reusable-workflows/.github/workflows/wp-gh-release-ops.yml@master with: tag: ${{ github.event.inputs.tag }} version: ${{ github.event.inputs.version }} prerelease: ${{ github.event.inputs.prerelease }} ``` -------------------------------- ### Get GCP Provider Resource Name Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Retrieve the full resource name of the configured Workload Identity Provider. This name is used as the `gcp_workload_identity_provider` input in the workflow. ```bash gcloud iam workload-identity-pools providers describe "github-provider" \ --project="my-project" \ --location="global" \ --workload-identity-pool="github" \ --format="value(name)" ``` -------------------------------- ### JS Ops Workflow with Explicit Default Concurrency Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/js-ops.md Explicitly enable the default concurrency behavior for the js-ops workflow, which cancels in-progress runs when a new one starts in the same group. ```yaml jobs: js-ops: uses: udx/reusable-workflows/.github/workflows/js-ops.yml@master with: concurrency_cancel_in_progress: true ``` -------------------------------- ### Configure Azure Federated Credential (Flexible Security - All Branches) Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Create a federated credential for flexible security, allowing authentication from all branches. Useful for development and testing. ```bash az ad app federated-credential create \ --id 12345678-90ab-cdef-1234-567890abcdef \ --parameters '{ "name": "github-actions-all-branches", "issuer": "https://token.actions.githubusercontent.com", "subject": "repo:your-org/your-repo:ref:refs/heads/*", "audiences": ["api://AzureADTokenExchange"] }' ``` -------------------------------- ### Call docker-ops with Provider-Specific Inputs Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Use provider-specific inputs for `docker-ops` as `registry_url` is not declared. Ensure necessary permissions like `contents: write` and `packages: write` are granted. ```yaml jobs: release: permissions: contents: write packages: write uses: udx/reusable-workflows/.github/workflows/docker-ops.yml@master with: image_name: my-app docker_login: my-user docker_org: my-org docker_repo: my-app secrets: docker_token: ${{ secrets.DOCKER_TOKEN }} ``` -------------------------------- ### Minimal GitHub Only Deployment Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Use this minimal configuration to deploy Docker images to GitHub Packages. Ensure the `image_name` is set to your application's name. ```yaml jobs: release: uses: udx/reusable-workflows/.github/workflows/docker-ops.yml@master with: image_name: my-app ``` -------------------------------- ### Configure Azure Federated Credential (Strict Security) Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Create a federated credential for strict security, allowing authentication only from a specific branch. Recommended for production environments. ```bash az ad app federated-credential create \ --id 12345678-90ab-cdef-1234-567890abcdef \ --parameters '{ "name": "github-actions-main", "issuer": "https://token.actions.githubusercontent.com", "subject": "repo:your-org/your-repo:ref:refs/heads/main", "audiences": ["api://AzureADTokenExchange"] }' ``` -------------------------------- ### Full JS Ops Workflow Configuration Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/js-ops.md Configure all available inputs for the js-ops workflow, including custom app names, working directories, Node.js versions, package managers, build environments, and optional secret overrides. ```yaml name: Release JS App Bundle on: workflow_dispatch: jobs: configured-release: permissions: contents: write uses: udx/reusable-workflows/.github/workflows/js-ops.yml@master with: app_name: web-app working_directory: apps/web node_version: "24" package_manager: yarn build_env: | NEXT_TELEMETRY_DISABLED=1 NODE_OPTIONS=--max-old-space-size=4096 secrets: gh_token: ${{ secrets.GH_TOKEN }} ``` -------------------------------- ### Configure Context7 Sync Workflow Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/context7-ops.md Basic configuration for triggering a Context7 documentation sync on push events to the master branch. Requires the library name and a valid API key secret. ```yaml name: Documentation Sync on: push: branches: - master jobs: sync: uses: udx/reusable-workflows/.github/workflows/context7-ops.yml@master with: library_name: "/udx/reusable-workflows" secrets: context7_api_key: ${{ secrets.CONTEXT7_API_KEY }} ``` -------------------------------- ### Call npm-release-ops with Keyless Publishing Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Use declared inputs and keyless publishing for `npm-release-ops`. The release version is derived from the repository's `package.json`. Static npm publish tokens are legacy and not supported. ```yaml jobs: publish: permissions: contents: write id-token: write uses: udx/reusable-workflows/.github/workflows/npm-release-ops.yml@master with: release_branch: latest dist_dir: dist provenance: true enable_gh_release: true secrets: gh_token: ${{ secrets.GH_TOKEN }} ``` -------------------------------- ### Configure Subdirectory Repository Release Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Use 'working_directory' when your repository contains multiple functions or services, and each has its own package.json, changes.md, and Docker build context. 'dockerfile_path' is resolved from 'working_directory' when you pass a relative path. ```yaml jobs: release: permissions: contents: write id-token: write uses: udx/reusable-workflows/.github/workflows/docker-ops.yml@master with: image_name: sql-ops working_directory: functions/sqlOps dockerfile_path: Dockerfile docker_login: myusername docker_org: myorg docker_repo: sql-ops secrets: docker_token: ${{ secrets.DOCKER_TOKEN }} ``` -------------------------------- ### GCP Service Account Creation Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Create a dedicated service account in GCP for GitHub Actions to use. This service account will be granted necessary permissions. ```bash gcloud iam service-accounts create github-actions \ --project="my-project" \ --display-name="GitHub Actions" ``` -------------------------------- ### Sync on Release Tags Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/context7-ops.md Configures the workflow to trigger automatically whenever a new release tag is pushed to the repository. Ensures versioned documentation stays in sync. ```yaml on: push: tags: - 'v*' jobs: release-sync: uses: udx/reusable-workflows/.github/workflows/context7-ops.yml@master with: library_name: "/my-org/my-repo" branch: ${{ github.ref_name }} secrets: context7_api_key: ${{ secrets.CONTEXT7_API_KEY }} ``` -------------------------------- ### Multi-Registry Deployment (Docker Hub, GCP, ACR) Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Deploy to multiple registries including Docker Hub, Google Container Registry (GCP), and Azure Container Registry (ACR). Requires specific credentials and configuration for each registry. ```yaml jobs: release: uses: udx/reusable-workflows/.github/workflows/docker-ops.yml@master with: image_name: my-app docker_login: myusername docker_org: myorg docker_repo: my-app gcp_region: us-central1 gcp_project_id: my-project gcp_repo: docker-images gcp_workload_identity_provider: projects/123456789/locations/global/workloadIdentityPools/github/providers/github-provider gcp_service_account: github-actions@my-project.iam.gserviceaccount.com acr_registry: myregistry.azurecr.io acr_repository: my-app azure_client_id: 12345678-90ab-cdef-1234-567890abcdef azure_tenant_id: 87654321-fedc-ba09-8765-4321fedcba09 azure_subscription_id: a1b2c3d4-e5f6-7890-abcd-ef1234567890 secrets: docker_token: ${{ secrets.DOCKER_TOKEN }} slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} ``` -------------------------------- ### JS Ops Workflow with Build Environment File Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/js-ops.md Specify a build environment file for the js-ops workflow. This is useful for managing complex build configurations or sensitive variables. ```yaml jobs: configured-release: uses: udx/reusable-workflows/.github/workflows/js-ops.yml@master with: build_env_file: apps/web/.env.build ``` -------------------------------- ### Docker Hub Deployment Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Configure Docker Hub login credentials and organization/repository details for pushing images. Requires `docker_token` secret. ```yaml jobs: release: uses: udx/reusable-workflows/.github/workflows/docker-ops.yml@master with: image_name: my-app docker_login: myusername docker_org: myorg docker_repo: my-app secrets: docker_token: ${{ secrets.DOCKER_TOKEN }} ``` -------------------------------- ### Configure Azure Federated Credential (Flexible Security - Pull Requests) Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Optionally, create a federated credential to allow authentication from pull requests. This provides additional flexibility for development workflows. ```bash az ad app federated-credential create \ --id 12345678-90ab-cdef-1234-567890abcdef \ --parameters '{ "name": "github-actions-pr", "issuer": "https://token.actions.githubusercontent.com", "subject": "repo:your-org/your-repo:pull_request", "audiences": ["api://AzureADTokenExchange"] }' ``` -------------------------------- ### Call wp-gh-release-ops with Tag Input Mapping Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Map caller variable names to the declared input `tag` when calling `wp-gh-release-ops`. Ensure necessary permissions like `contents: write` are granted. ```yaml jobs: release: permissions: contents: write uses: udx/reusable-workflows/.github/workflows/wp-gh-release-ops.yml@master with: tag: ${{ inputs.tag_name }} version: ${{ inputs.version }} prerelease: ${{ inputs.prerelease }} ``` -------------------------------- ### Configure Next.js Standalone Output Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/js-ops.md To ensure the workflow can process your Next.js application, configure the `standalone` output in your `next.config.*` file. ```javascript module.exports = { output: "standalone", }; ``` -------------------------------- ### Create Azure Service Principal Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Use this command to create an Azure service principal with the AcrPush role for ACR access. Note the appId and tenant from the output. ```bash az ad sp create-for-rbac --name "sp-github-actions-acr" \ --role "AcrPush" \ --scopes /subscriptions/a1b2c3d4-e5f6-7890-abcd-ef1234567890/resourceGroups/my-resource-group/providers/Microsoft.ContainerRegistry/registries/myregistry ``` -------------------------------- ### GCP Workload Identity Provider Configuration Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Configure an OIDC provider within the Workload Identity Pool to trust GitHub Actions tokens. Use `assertion.repository_owner == 'your-org'` for attribute condition. ```bash gcloud iam workload-identity-pools providers create-oidc "github-provider" \ --project="my-project" \ --location="global" \ --workload-identity-pool="github" \ --display-name="GitHub Provider" \ --attribute-mapping="google.subject=assertion.sub,attribute.actor=assertion.actor,attribute.repository=assertion.repository,attribute.repository_owner=assertion.repository_owner" \ --attribute-condition="assertion.repository_owner == 'your-org'" \ --issuer-uri="https://token.actions.githubusercontent.com" ``` -------------------------------- ### Call docker-ops for Monorepo/Subdirectory Function Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Use `working_directory` for the function folder and keep `dockerfile_path` relative to that directory when calling `docker-ops` for a function inside a monorepo or subdirectory. Ensure necessary permissions are granted. ```yaml jobs: release: permissions: contents: write id-token: write uses: udx/reusable-workflows/.github/workflows/docker-ops.yml@master with: image_name: sql-ops working_directory: functions/sqlOps dockerfile_path: Dockerfile docker_login: my-user docker_org: my-org docker_repo: sql-ops secrets: docker_token: ${{ secrets.DOCKER_TOKEN }} ``` -------------------------------- ### Define and pass workflow inputs Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Declare inputs in the reusable workflow using workflow_call and provide values in the caller workflow using the with block. ```yaml on: workflow_call: inputs: environment: required: true type: string ``` ```yaml jobs: call-reusable: uses: my-org/my-repo/.github/workflows/deploy.yml@main with: environment: production ``` -------------------------------- ### Workflow Permissions for OIDC Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Ensure your GitHub Actions workflow has the necessary `id-token: write` permission to obtain OIDC tokens for Azure authentication. ```yaml jobs: release: permissions: id-token: write contents: read ``` -------------------------------- ### Define Workflow Inputs Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Use stable, machine-friendly names following lower_snake_case for workflow inputs. ```yaml on: workflow_call: inputs: deploy_environment: description: "Target environment (dev|staging|production)" required: true type: string ``` -------------------------------- ### Invoke a reusable workflow Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Basic syntax for calling a reusable workflow from a job. ```yaml jobs: build: uses: my-org/my-repo/.github/workflows/build.yml@main ``` -------------------------------- ### Define Workflow Call Input Name Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Use `lower_snake_case` for naming new `workflow_call` inputs. ```yaml deploy_environment ``` -------------------------------- ### Disable Workflow Cache Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Use `enable_cache: "false"` when repository storage quotas are tight to prevent Buildx/Trivy cache usage. Requires `contents: write` and `id-token: write` permissions. ```yaml jobs: release: permissions: contents: write id-token: write uses: udx/reusable-workflows/.github/workflows/docker-ops.yml@master with: image_name: my-app enable_cache: "false" docker_login: myusername docker_org: myorg docker_repo: my-app secrets: docker_token: ${{ secrets.DOCKER_TOKEN }} ``` -------------------------------- ### Manual Trigger via Workflow Dispatch Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/context7-ops.md Enables manual execution of the sync workflow using the GitHub Actions UI. Allows users to specify a target branch for the refresh operation. ```yaml on: workflow_dispatch: inputs: target_branch: description: "Branch to refresh" required: true default: "master" jobs: manual-sync: uses: udx/reusable-workflows/.github/workflows/context7-ops.yml@master with: library_name: "/my-org/my-repo" branch: ${{ inputs.target_branch }} secrets: context7_api_key: ${{ secrets.CONTEXT7_API_KEY }} ``` -------------------------------- ### Call Workflows Across or Within Repositories Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Specify the path to the workflow file, using the full repository path for cross-repo calls or a relative path for same-repo calls. ```yaml jobs: build: uses: my-org/my-repo/.github/workflows/build.yml@main ``` ```yaml jobs: build: uses: ./.github/workflows/build.yml ``` -------------------------------- ### Pass npm_token and package_version to Custom Workflow Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md If your own reusable workflow declares `npm_token` and `package_version`, pass them through `secrets` and `with` respectively. ```yaml jobs: publish: uses: my-org/my-repo/.github/workflows/publish.yml@main with: package_version: ${{ inputs.package_version }} secrets: npm_token: ${{ secrets.NPM_TOKEN }} ``` -------------------------------- ### GCP Workload Identity Pool Creation Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Create a Workload Identity Pool in GCP for GitHub Actions integration. This is the first step in setting up keyless authentication. ```bash gcloud iam workload-identity-pools create "github" \ --project="my-project" \ --location="global" \ --display-name="GitHub Actions Pool" ``` -------------------------------- ### Consume Reusable Workflow Outputs Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Access outputs from a reusable workflow using the needs context. ```yaml jobs: build: uses: udx/reusable-workflows/.github/workflows/js-ops.yml@master with: release_branch: "" report: runs-on: ubuntu-latest needs: build steps: - run: echo "Version: ${{ needs.build.outputs.version }}" ``` -------------------------------- ### Pass registry_url to Custom Docker Workflow Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md If your own reusable workflow declares `registry_url`, pass it exactly as declared. ```yaml jobs: publish: uses: my-org/my-repo/.github/workflows/docker.yml@main with: image_name: my-app registry_url: ghcr.io/my-org ``` -------------------------------- ### JS Ops Workflow with Release Branch Gating Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/js-ops.md Control GitHub Release publishing by specifying a target release branch. Only pushes to this branch will trigger a release; other branches will perform verification only. ```yaml name: Verify + Release on release branch on: push: branches: - "**" pull_request: jobs: js-ops: permissions: contents: write uses: udx/reusable-workflows/.github/workflows/js-ops.yml@master with: release_branch: release ``` -------------------------------- ### JS Ops Workflow for Verify-Only Mode Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/js-ops.md Configure the js-ops workflow to only verify the JS app bundle without publishing a GitHub Release. This is useful for running checks on all branches and pull requests. ```yaml name: Verify JS App Bundle on: push: branches: - "**" pull_request: jobs: verify-only: permissions: contents: read uses: udx/reusable-workflows/.github/workflows/js-ops.yml@master with: release_branch: "" ``` -------------------------------- ### Allow GitHub Actions to Impersonate Service Account Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Grant the `roles/iam.workloadIdentityUser` role to the Workload Identity Pool provider, enabling GitHub Actions to impersonate the service account. ```bash gcloud iam service-accounts add-iam-policy-binding github-actions@my-project.iam.gserviceaccount.com \ --project="my-project" \ --role="roles/iam.workloadIdentityUser" \ --member="principalSet://iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/github/attribute.repository/your-org/your-repo" ``` -------------------------------- ### Pinning a Reusable Workflow Version Source: https://github.com/udx/reusable-workflows/blob/master/README.md Use this pattern to reference a specific version of a reusable workflow in your GitHub Actions job configuration. ```yaml jobs: build: uses: udx/reusable-workflows/.github/workflows/js-ops.yml@v1.0.1 ``` -------------------------------- ### Implement Conditional Workflow Calls Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Use trigger filters instead of job-level if conditions to control workflow execution. ```yaml on: pull_request: branches: [develop] types: [opened, synchronized] jobs: validate: uses: udx/reusable-workflows/.github/workflows/js-ops.yml@master with: release_branch: "" ``` -------------------------------- ### Grant Artifact Registry Writer Role to Service Account Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Assign the `roles/artifactregistry.writer` role to the GitHub Actions service account, allowing it to push images to Artifact Registry. ```bash gcloud projects add-iam-policy-binding my-project \ --member="serviceAccount:github-actions@my-project.iam.gserviceaccount.com" \ --role="roles/artifactregistry.writer" ``` -------------------------------- ### Workflow Parameters for Azure OIDC Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Provide the required Azure OIDC parameters to your reusable workflow for authentication with Azure services like ACR. ```yaml with: acr_registry: myregistry.azurecr.io acr_repository: my-app azure_client_id: 12345678-90ab-cdef-1234-567890abcdef azure_tenant_id: 87654321-fedc-ba09-8765-4321fedcba09 azure_subscription_id: a1b2c3d4-e5f6-7890-abcd-ef1234567890 ``` -------------------------------- ### Azure Container Registry Only Deployment Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/docker-ops.md Deploy Docker images exclusively to Azure Container Registry. Requires Azure credentials and ACR details. Requires `id-token: write` and `contents: read` permissions. ```yaml jobs: release: permissions: id-token: write contents: read uses: udx/reusable-workflows/.github/workflows/docker-ops.yml@master with: image_name: my-app acr_registry: myregistry.azurecr.io acr_repository: my-app azure_client_id: 12345678-90ab-cdef-1234-567890abcdef azure_tenant_id: 87654321-fedc-ba09-8765-4321fedcba09 azure_subscription_id: a1b2c3d4-e5f6-7890-abcd-ef1234567890 ``` -------------------------------- ### Consume Reusable Workflow Output Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Access outputs from a called reusable workflow using the `needs` context. Ensure the `needs` keyword correctly references the job that produces the output. ```yaml jobs: deploy: uses: my-org/my-repo/.github/workflows/deploy.yml@main notify: runs-on: ubuntu-latest needs: deploy steps: - run: echo "${{ needs.deploy.outputs.deployment_url }}" ``` -------------------------------- ### Pass NPM_TOKEN to a reusable workflow Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Use the secrets mapping to securely pass tokens. Never pass sensitive values through the with input block. ```yaml jobs: publish: uses: my-org/my-repo/.github/workflows/publish.yml@main secrets: npm_token: ${{ secrets.NPM_TOKEN }} ``` -------------------------------- ### Filter PR Events for Develop Branch Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Configure the workflow to trigger only for `opened` or `synchronized` pull request events on the `develop` branch. ```yaml on: pull_request: branches: [develop] types: [opened, synchronized] ``` -------------------------------- ### Set Caller Permissions for Reusable Workflow Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Ensure explicit caller permissions are set where the `uses:` call is made, including cross-repository calls. A reusable workflow can narrow permissions but cannot gain permissions the caller did not grant. ```yaml jobs: release: permissions: contents: write packages: write id-token: write uses: udx/reusable-workflows/.github/workflows/docker-ops.yml@master with: image_name: my-app ``` -------------------------------- ### Define Caller Permissions Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Set permissions at the job level to define the maximum scope available to the reusable workflow. ```yaml jobs: build-and-publish: permissions: contents: write packages: write id-token: write uses: udx/reusable-workflows/.github/workflows/docker-ops.yml@master with: image_name: my-app ``` ```yaml permissions: contents: read jobs: publish: permissions: contents: write ``` -------------------------------- ### Pass Secrets to Reusable Workflows Source: https://github.com/udx/reusable-workflows/blob/master/docs/CALLER_GUIDE.md Map secrets explicitly through the secrets key; do not pass values directly via with. ```yaml jobs: publish: uses: udx/reusable-workflows/.github/workflows/npm-release-ops.yml@master secrets: gh_token: ${{ secrets.GH_TOKEN }} ``` -------------------------------- ### Disable Concurrency for js-ops Job Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/js-ops.md Set `concurrency_enabled` to `false` in the workflow's `with` parameters to disable concurrency for the `js-ops` job. ```yaml jobs: js-ops: uses: udx/reusable-workflows/.github/workflows/js-ops.yml@master with: concurrency_enabled: false ``` -------------------------------- ### JS Ops Workflow with Disabled Concurrency Source: https://github.com/udx/reusable-workflows/blob/master/docs/workflows/js-ops.md Disable the default concurrency controls for the js-ops workflow. This allows all runs to execute simultaneously without canceling in-progress jobs. ```yaml jobs: js-ops: uses: udx/reusable-workflows/.github/workflows/js-ops.yml@master with: concurrency_cancel_in_progress: false ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.