|
1 | | -# shared-config |
| 1 | +# shared-config |
| 2 | + |
| 3 | +Shared reusable GitHub Actions workflows for [rubyatscale](https://github.com/rubyatscale) gems. |
| 4 | + |
| 5 | +## Workflows |
| 6 | + |
| 7 | +### Reusable workflows (`workflow_call`) |
| 8 | + |
| 9 | +These workflows are called from individual gem repos via `uses: rubyatscale/shared-config/.github/workflows/<name>.yml@main`. |
| 10 | + |
| 11 | +| Workflow | Description | |
| 12 | +|----------|-------------| |
| 13 | +| **CI** (`ci.yml`) | Runs tests across Ruby 3.2–4.0, Sorbet type checking, and linting (RuboCop). Test and linter commands are configurable via inputs. | |
| 14 | +| **CD** (`cd.yml`) | Publishes the gem to RubyGems and creates a GitHub Release on successful main builds. | |
| 15 | +| **Stale** (`stale.yml`) | Marks issues and PRs as stale after 180 days of inactivity, then closes them after 7 more days. | |
| 16 | +| **Triage** (`triage.yml`) | Labels new issues with `triage`. | |
| 17 | + |
| 18 | +### Repository workflows |
| 19 | + |
| 20 | +| Workflow | Description | |
| 21 | +|----------|-------------| |
| 22 | +| **zizmor** (`zizmor.yml`) | Runs the [zizmor](https://github.com/zizmorcore/zizmor) security linter against all workflow files on every push and PR. | |
| 23 | + |
| 24 | +## Usage |
| 25 | + |
| 26 | +In a gem repo, create a workflow that calls the shared workflow: |
| 27 | + |
| 28 | +```yaml |
| 29 | +# .github/workflows/ci.yml |
| 30 | +name: CI |
| 31 | + |
| 32 | +on: |
| 33 | + push: |
| 34 | + branches: [main] |
| 35 | + pull_request: |
| 36 | + |
| 37 | +jobs: |
| 38 | + ci: |
| 39 | + uses: rubyatscale/shared-config/.github/workflows/ci.yml@main |
| 40 | +``` |
| 41 | +
|
| 42 | +### CI inputs |
| 43 | +
|
| 44 | +| Input | Default | Description | |
| 45 | +|-------|---------|-------------| |
| 46 | +| `test-command` | `bundle exec rspec` | Command to run tests | |
| 47 | +| `linter-command` | `bundle exec rubocop` | Command to run the linter | |
| 48 | + |
| 49 | +### Required secrets |
| 50 | + |
| 51 | +The **CD** workflow requires the following secrets in the calling repo: |
| 52 | + |
| 53 | +- `GUSTO_GIT_EMAIL` / `GUSTO_GIT_NAME` — Git identity for tagging |
| 54 | +- `RUBYGEMS_API_KEY` — API key for publishing to RubyGems |
| 55 | +- `SLACK_WEBHOOK_URL` — Incoming webhook URL for failure notifications (used by both CI and CD) |
| 56 | + |
| 57 | +## Security |
| 58 | + |
| 59 | +- All action references are pinned to SHA hashes |
| 60 | +- [zizmor](https://github.com/zizmorcore/zizmor) runs on every PR to lint workflows for security issues |
| 61 | +- [Dependabot](https://docs.github.com/en/code-security/dependabot) is configured for monthly GitHub Actions updates |
0 commit comments