A comprehensive collection of reusable GitHub Actions workflows and composite actions for modern CI/CD pipelines. This repository provides battle-tested automation for PHP, Rust, JavaScript projects, Docker containerization, Helm deployments, and repository management.
- 26+ Reusable Workflows - Production-ready CI/CD pipelines
- Multi-Language Support - PHP 8.2, Rust, JavaScript/Node.js
- Container & Cloud Native - Docker build/push, Helm chart management
- Quality Assurance - Static analysis, testing, code coverage
- Documentation - TechDocs generation and deployment
- Repository Management - Template synchronization, bootstrapping
- Semantic Versioning - Automated releases with conventional commits
To use these workflows in your repository, reference them in your .github/workflows/ directory:
name: CI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
tests:
uses: webgrip/workflows/.github/workflows/tests.yml@main
static-analysis:
uses: webgrip/workflows/.github/workflows/static-analysis.yml@mainInstalls PHP dependencies using Composer with caching and authentication support.
Features:
- Composer 2.8.5 container
- Private Packagist authentication
- Dependency caching
- Safe directory configuration
Secrets:
COMPOSER_TOKEN(optional) - Packagist authentication token
Example:
jobs:
build:
uses: webgrip/workflows/.github/workflows/composer-install.yml@main
secrets:
COMPOSER_TOKEN: ${{ secrets.COMPOSER_TOKEN }}Runs PHP test suites (Unit, Integration, Functional) in parallel using PHPUnit.
Features:
- PHP 8.2-CLI container
- Matrix strategy for multiple test suites
- Fail-fast disabled for comprehensive testing
- Composer dependency caching
Generates and reports code coverage metrics for PHP projects.
Comprehensive PHP static analysis using multiple tools.
Tools Included:
- PHPStan - Static analysis
- PHPMD - Mess detection
- PHPCS - Code style checking
- Rector - Code modernization
Builds and pushes Docker images with configurable options.
Inputs:
docker-context- Build context directorydocker-file- Dockerfile pathdocker-tags- Image tagsdocker-target(optional) - Multi-stage build target
Secrets:
DOCKER_USERNAME- DockerHub usernameDOCKER_TOKEN- DockerHub token
Example:
jobs:
docker:
uses: webgrip/workflows/.github/workflows/docker-build-and-push.yml@main
with:
docker-context: "."
docker-file: "Dockerfile"
docker-tags: "myapp:latest,myapp:${{ github.sha }}"
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}Deploys Helm charts with detailed job summaries and secret management.
Features:
- SOPS encryption support
- DigitalOcean Kubernetes integration
- Environment-specific deployments
- Detailed deployment summaries
Packages and pushes Helm charts to registries.
Validates Helm chart syntax and best practices.
Runs Rust test suites with cargo.
Performs static analysis on Rust code using clippy and other tools.
Automated semantic releases for Rust projects.
Lints JavaScript/TypeScript code using ESLint and other tools.
Runs JavaScript/TypeScript test suites.
Generates documentation using MkDocs and TechDocs.
Deploys generated documentation to GitHub Pages.
Updates documentation dependencies and configurations.
Bootstraps new repositories with standard configurations.
Sets up GitHub Copilot configuration files.
Creates new repositories from templates.
Synchronizes template files across repositories.
Detects changed directories for monorepo workflows.
Automated semantic versioning and releases using conventional commits.
Features:
- GitHub App authentication support
- Conventional commit parsing
- Automated changelog generation
- Tag and release creation
Inputs:
release-type(optional) - Type of releaseuse-bot-to-commit- Use GitHub App for commits
Outputs:
version- Generated version number
Reusable composite action for building and pushing Docker images.
Composite action for semantic release automation with Node.js setup.
Specialized semantic release action for Rust projects.
name: PHP CI/CD
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
jobs:
composer-install:
uses: webgrip/workflows/.github/workflows/composer-install.yml@main
secrets:
COMPOSER_TOKEN: ${{ secrets.COMPOSER_TOKEN }}
static-analysis:
needs: composer-install
uses: webgrip/workflows/.github/workflows/static-analysis.yml@main
tests:
needs: composer-install
uses: webgrip/workflows/.github/workflows/tests.yml@main
coverage:
needs: composer-install
uses: webgrip/workflows/.github/workflows/tests-coverage.yml@main
docker-build:
needs: [static-analysis, tests]
if: github.ref == 'refs/heads/main'
uses: webgrip/workflows/.github/workflows/docker-build-and-push.yml@main
with:
docker-context: "."
docker-file: "Dockerfile"
docker-tags: "myapp:latest,myapp:${{ github.sha }}"
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
semantic-release:
needs: docker-build
if: github.ref == 'refs/heads/main'
uses: webgrip/workflows/.github/workflows/semantic-release.yml@main
with:
use-bot-to-commit: true
secrets:
WEBGRIP_CI_APP_ID: ${{ secrets.WEBGRIP_CI_APP_ID }}
WEBGRIP_CI_APP_PRIVATE_KEY: ${{ secrets.WEBGRIP_CI_APP_PRIVATE_KEY }}name: Rust CI
on: [push, pull_request]
jobs:
test:
uses: webgrip/workflows/.github/workflows/rust-tests.yml@main
static-analysis:
uses: webgrip/workflows/.github/workflows/rust-static-analysis.yml@main
release:
if: github.ref == 'refs/heads/main'
needs: [test, static-analysis]
uses: webgrip/workflows/.github/workflows/rust-semantic-release.yml@mainname: Deploy to Production
on:
push:
branches: [ main ]
jobs:
validate:
uses: webgrip/workflows/.github/workflows/helm-chart-validate.yml@main
deploy:
needs: validate
uses: webgrip/workflows/.github/workflows/helm-chart-deploy.yml@main
with:
environment: "production"
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
DIGITAL_OCEAN_API_KEY: ${{ secrets.DIGITAL_OCEAN_API_KEY }}
SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}Different workflows require different secrets. Here's a comprehensive list:
DOCKER_USERNAME- DockerHub usernameDOCKER_TOKEN- DockerHub access token
COMPOSER_TOKEN- Private Packagist authentication token
DIGITAL_OCEAN_API_KEY- DigitalOcean API key for KubernetesSOPS_AGE_KEY- Age private key for SOPS encryption
WEBGRIP_CI_APP_ID- GitHub App ID (numeric)WEBGRIP_CI_APP_PRIVATE_KEY- GitHub App private key
This repository includes specific support for:
- PHP 8.2 - Primary supported version
- Composer 2.8.5 - Dependency management
- PHPUnit - Testing framework
- Static Analysis Tools - PHPStan, PHPMD, PHPCS, Rector
Workflows are configured to use arc-runner-set for consistent execution environments.
We welcome contributions to improve these workflows! Please:
- Fork this repository
- Create a feature branch (
git checkout -b feature/amazing-workflow) - Commit your changes (
git commit -m 'Add amazing workflow') - Push to the branch (
git push origin feature/amazing-workflow) - Open a Pull Request
- Follow existing naming conventions
- Include comprehensive documentation
- Test workflows in your own repository first
- Update this README with new workflows
- Use semantic commit messages
This repository uses EditorConfig for consistent formatting:
- Charset: UTF-8
- Indentation: 4 spaces (2 for YAML/JSON/Markdown)
- Line Endings: LF
- Max Line Length: 150 characters
- Trim Trailing Whitespace: Yes
- Final Newline: Yes
This project is licensed under the MIT License - see the LICENSE file for details.
WebGrip is committed to providing high-quality, reusable automation solutions for modern software development. These workflows are used in production across multiple projects and are continuously improved based on real-world usage.
Need help? Open an issue or check our documentation for more information.