From 44b609d71e361e78cf5e3667ec61b901babd182d Mon Sep 17 00:00:00 2001 From: Anket Satbhai Date: Fri, 13 Mar 2026 23:57:29 +0530 Subject: [PATCH 1/4] docs: update docs with major version tag --- ...tag.yml => release-maintain-major-tag.yml} | 2 +- docs/aws-prowler.md | 2 +- docs/aws-remote-ssh-command.md | 2 +- docs/aws-ssm-send-command.md | 2 +- docs/cf-deploy-stackset.md | 2 +- docs/cf-deploy.md | 2 +- docs/cloudrun-rollback.md | 2 +- docs/docker-build-push.md | 8 ++--- docs/docker-scout.md | 2 +- docs/docker-smurf-helm.md | 2 +- docs/gcp-prowler.md | 2 +- docs/helm-deploy.md | 2 +- docs/infracost.md | 2 +- docs/notify-slack.md | 2 +- docs/pr-auto-assignee.md | 2 +- docs/pr-checks.md | 4 +-- docs/pr-claude-review.md | 2 +- docs/pr-gemini-review.md | 2 +- docs/pr-gitleaks-scan.md | 2 +- docs/pr-lock.md | 2 +- docs/pr-stale.md | 2 +- docs/readme.md | 2 +- docs/release-maintain-major-tag.md | 36 +++++++++++++++++++ docs/security-checkov.md | 2 +- docs/security-powerpipe.md | 8 ++--- docs/security-prowler.md | 6 ++-- docs/sst.md | 6 ++-- docs/stf-checks.md | 14 ++++---- docs/tf-checks.md | 14 ++++---- docs/tf-drift.md | 2 +- docs/tf-lint.md | 2 +- docs/tf-monorepo-tag-release.md | 2 +- docs/tf-pr-checks.md | 2 +- docs/tf-smurf.md | 2 +- docs/tf-tfsec.md | 4 +-- docs/tf-workflow.md | 10 +++--- docs/tfdrift.md | 2 +- docs/yml-lint-internal.md | 20 +++++------ docs/yml-lint.md | 16 ++++----- 39 files changed, 118 insertions(+), 82 deletions(-) rename .github/workflows/{release-major-tag.yml => release-maintain-major-tag.yml} (97%) create mode 100644 docs/release-maintain-major-tag.md diff --git a/.github/workflows/release-major-tag.yml b/.github/workflows/release-maintain-major-tag.yml similarity index 97% rename from .github/workflows/release-major-tag.yml rename to .github/workflows/release-maintain-major-tag.yml index da98c176..b14beba2 100644 --- a/.github/workflows/release-major-tag.yml +++ b/.github/workflows/release-maintain-major-tag.yml @@ -1,5 +1,5 @@ --- -name: Update Major Tag +name: Release - Maintain Major Tag on: release: diff --git a/docs/aws-prowler.md b/docs/aws-prowler.md index ad0d65b0..95b1004f 100644 --- a/docs/aws-prowler.md +++ b/docs/aws-prowler.md @@ -19,7 +19,7 @@ permissions: jobs: aws-assessment: name: Run prowler security - uses: clouddrove-sandbox/test-shared-workflow/.github/workflows/prowler.yml@2.0.0 + uses: clouddrove-sandbox/test-shared-workflow/.github/workflows/prowler.yml@v2 with: cloud_provider: 'aws' aws_region: ## aws region diff --git a/docs/aws-remote-ssh-command.md b/docs/aws-remote-ssh-command.md index 483715cf..9126e755 100644 --- a/docs/aws-remote-ssh-command.md +++ b/docs/aws-remote-ssh-command.md @@ -22,7 +22,7 @@ on: jobs: ssh-commands: - uses: clouddrove/github-shared-workflows/.github/workflows/RemoteSSHCommand.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/RemoteSSHCommand.yml@v2 with: port: # your_ssh_port timeout: # your_timeout_in_seconds diff --git a/docs/aws-ssm-send-command.md b/docs/aws-ssm-send-command.md index 03e61632..e84d6a47 100644 --- a/docs/aws-ssm-send-command.md +++ b/docs/aws-ssm-send-command.md @@ -28,7 +28,7 @@ on: jobs: bash-commands-without-ssh: - uses: clouddrove/github-shared-workflows/.github/workflows/aws-ssm-send-command.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/aws-ssm-send-command.yml@v2 with: working-directory: # Specify the working directory for the job slack_message: # Message to be sent to Slack diff --git a/docs/cf-deploy-stackset.md b/docs/cf-deploy-stackset.md index 44fc00c8..7b697304 100644 --- a/docs/cf-deploy-stackset.md +++ b/docs/cf-deploy-stackset.md @@ -30,7 +30,7 @@ permissions: jobs: deploy-cf-stackset: - uses: clouddrove/github-shared-workflows/.github/workflows/cf-deploy-stackset.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/cf-deploy-stackset.yml@v2 with: aws-region: # aws-configure region add, where you need stackset stackset-instance-region: # region add where you need stacks diff --git a/docs/cf-deploy.md b/docs/cf-deploy.md index 7827ac92..73d782fe 100644 --- a/docs/cf-deploy.md +++ b/docs/cf-deploy.md @@ -17,7 +17,7 @@ on: workflow_dispatch: jobs: cloudformation-stack-deploy: - uses: clouddrove/github-shared-workflows/.github/workflows/cf-deploy.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/cf-deploy.yml@v2 with: s3-bucket: # S3 Bucket name where code is stored bucket-prefix: # S3 Bucket prefix/folder name where you push the zip file diff --git a/docs/cloudrun-rollback.md b/docs/cloudrun-rollback.md index 1fe3a09f..a807e725 100644 --- a/docs/cloudrun-rollback.md +++ b/docs/cloudrun-rollback.md @@ -40,7 +40,7 @@ on: jobs: deploy-backend: - uses: clouddrove/github-shared-workflows/.github/workflows/cloudrun-rollback.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/cloudrun-rollback.yml@v2 with: gcp_registry_host: # GCP Artifact Registry host IMAGE_NAME: # Docker image name diff --git a/docs/docker-build-push.md b/docs/docker-build-push.md index 44be0973..e907acb4 100644 --- a/docs/docker-build-push.md +++ b/docs/docker-build-push.md @@ -23,14 +23,14 @@ on: jobs: docker-scanner: - uses: clouddrove/github-shared-workflows/.github/workflows/docker-scanner.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/docker-scanner.yml@v2 with: severity: # which vulnerability should disable the workflow before pusing image to registry. eg. 'HIGH,CRITICAL,MEDIUM,LOW' docker-push: needs: docker-scanner if: ${{ success() && needs.docker-scanner.result == 'success' }} # This condition start this docker push workflow on succesfull scanning of docker image - uses: clouddrove/github-shared-workflows/.github/workflows/docker-build-push.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/docker-build-push.yml@v2 secrets: DOCKERHUB_USERNAME: # Dockerhub username DOCKERHUB_PASSWORD: # Dockerhub password @@ -56,14 +56,14 @@ on: jobs: docker-scanner: - uses: clouddrove/github-shared-workflows/.github/workflows/docker-scanner.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/docker-scanner.yml@v2 with: severity: # which vulnerability should disable the workflow before pusing image to registry. eg. 'HIGH,CRITICAL,MEDIUM,LOW' docker-push: needs: docker-scanner if: ${{ success() && needs.docker-scanner.result == 'success' }} # This condition start this docker push workflow on succesfull scanning of docker image - uses: clouddrove/github-shared-workflows/.github/workflows/docker-build-push.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/docker-build-push.yml@v2 secrets: AWS_ACCESS_KEY_ID: # AWS Access Key ID AWS_SECRET_ACCESS_KEY: # AWS Secret Access Key ID diff --git a/docs/docker-scout.md b/docs/docker-scout.md index 34b1fe0c..2238f71f 100644 --- a/docs/docker-scout.md +++ b/docs/docker-scout.md @@ -21,7 +21,7 @@ on: jobs: docker-scout: - uses: clouddrove/github-shared-workflows/.github/workflows/docker-scout.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/docker-scout.yml@v2 with: IMAGES: # Specify the dockerhub repository name IMAGE_TAG: # Give the tag to the latest image you want to build diff --git a/docs/docker-smurf-helm.md b/docs/docker-smurf-helm.md index a6a23797..d7f85560 100644 --- a/docs/docker-smurf-helm.md +++ b/docs/docker-smurf-helm.md @@ -13,7 +13,7 @@ on: jobs: dev: - uses: clouddrove/github-shared-workflows/.github/workflows/docker-smurf-helm.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/docker-smurf-helm.yml@v2 with: docker_image_name: # Image Name docker_image_tag: # Image Tag diff --git a/docs/gcp-prowler.md b/docs/gcp-prowler.md index 1ea7ad0f..244bb62a 100644 --- a/docs/gcp-prowler.md +++ b/docs/gcp-prowler.md @@ -15,7 +15,7 @@ on: jobs: prowler-security: - uses: clouddrove/github-shared-workflows/.github/workflows/gcp-prowler.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/gcp-prowler.yml@v2 with: cloud_provider: 'gcp' gcp_project_ids: 'project-1,project-2' # Comma-separated GCP project IDs to scan diff --git a/docs/helm-deploy.md b/docs/helm-deploy.md index 728e1be3..680ad663 100644 --- a/docs/helm-deploy.md +++ b/docs/helm-deploy.md @@ -24,7 +24,7 @@ on: jobs: aws: - uses: clouddrove/github-shared-workflows/.github/workflows/helm-deploy.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/helm-deploy.yml@v2 secrets: BUILD_ROLE: # AWS OIDC role for authentication AWS_ACCESS_KEY_ID: # AWS access key diff --git a/docs/infracost.md b/docs/infracost.md index f4e68b5e..d8957308 100644 --- a/docs/infracost.md +++ b/docs/infracost.md @@ -30,7 +30,7 @@ on: branches: [ master ] jobs: infracost: - uses: clouddrove/github-shared-workflows/.github/workflows/infracost.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/infracost.yml@v2 with: working-directory: # Need to specify working-directory as that's where the terraform files live in the source code slack_notification: # If we need slack notification then its value is true else false diff --git a/docs/notify-slack.md b/docs/notify-slack.md index 3139738a..7113e1bc 100644 --- a/docs/notify-slack.md +++ b/docs/notify-slack.md @@ -26,7 +26,7 @@ on: jobs: notify-job-status: needs: test # Job name for which you wnat the stauus of that like is it completed or failed. - uses: clouddrove/github-shared-workflows/.github/workflows/notify-slack.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/notify-slack.yml@v2 with: channel: ${{ vars.SLACK_CHANNEL_ID }} # Slack id of channel where you want alerts to be setup so update this as per your channel-id. SLACK_CHANNEL_ID = C07XXXXXX title: "Workflow Run" # Title of alert like for which job its give the status as success or failed ex- terraform apply if workflow runs it gives status as terraform apply - success diff --git a/docs/pr-auto-assignee.md b/docs/pr-auto-assignee.md index 47575d8a..4092a2c7 100644 --- a/docs/pr-auto-assignee.md +++ b/docs/pr-auto-assignee.md @@ -16,7 +16,7 @@ on: workflow_dispatch: jobs: assign-pr: - uses: clouddrove/github-shared-workflows/.github/workflows/pr-auto-assignee.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/pr-auto-assignee.yml@v2 secrets: GITHUB: ${{ secrets.TOKEN_GITHUB }} with: diff --git a/docs/pr-checks.md b/docs/pr-checks.md index 768ab15c..40c890fc 100644 --- a/docs/pr-checks.md +++ b/docs/pr-checks.md @@ -94,7 +94,7 @@ This workflow triggers automatically on PR events and can be configured with inp name: 'PR Validation' on: - pull_request_target: + pull_request: types: - opened - edited @@ -103,7 +103,7 @@ on: jobs: pr-validation: - uses: clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml@v2 secrets: inherit with: types: | diff --git a/docs/pr-claude-review.md b/docs/pr-claude-review.md index b9421ba1..3ffd49e3 100644 --- a/docs/pr-claude-review.md +++ b/docs/pr-claude-review.md @@ -33,7 +33,7 @@ permissions: jobs: claude-feedback: - uses: clouddrove/github-shared-workflows/.github/workflows/claude-pr-review.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/claude-pr-review.yml@v2 secrets: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} # Secret API key used to authenticate with Claude (Anthropic) ``` diff --git a/docs/pr-gemini-review.md b/docs/pr-gemini-review.md index 03360f79..723c156d 100644 --- a/docs/pr-gemini-review.md +++ b/docs/pr-gemini-review.md @@ -68,7 +68,7 @@ on: jobs: call-gemini-review: name: 🤖 Run Gemini Code Review - uses: clouddrove/github-shared-workflows/.github/workflows/gemini-code-review.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/gemini-code-review.yml@v2 with: gemini_model: "gemini-2.5-pro" # ✨ optional, default already set github_token: ${{ github.TOKEN }} # 🔑 optional override diff --git a/docs/pr-gitleaks-scan.md b/docs/pr-gitleaks-scan.md index 7d01452b..a681348b 100644 --- a/docs/pr-gitleaks-scan.md +++ b/docs/pr-gitleaks-scan.md @@ -24,6 +24,6 @@ permissions: jobs: gitleaks: - uses: clouddrove/github-shared-workflows/.github/workflows/gitleaks-pr-scan.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/gitleaks-pr-scan.yml@v2 secrets: inherit ``` diff --git a/docs/pr-lock.md b/docs/pr-lock.md index efa1e025..eed7e1ca 100644 --- a/docs/pr-lock.md +++ b/docs/pr-lock.md @@ -38,7 +38,7 @@ on: jobs: lock: - uses: clouddrove/github-shared-workflows/.github/workflows/pr-lock.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/pr-lock.yml@v2 secrets: github-token: ${{ secrets.REPO_TOKEN }} ``` diff --git a/docs/pr-stale.md b/docs/pr-stale.md index 727564a3..24e5ce3c 100644 --- a/docs/pr-stale.md +++ b/docs/pr-stale.md @@ -35,7 +35,7 @@ on: jobs: stale-pr: - uses: clouddrove/github-shared-workflows/.github/workflows/stale_pr.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/stale_pr.yml@v2 with: days-before-issue-stale: 30 # Days until issue marked stale days-before-pr-stale: 30 # Days until PR marked stale diff --git a/docs/readme.md b/docs/readme.md index b56252a6..13376328 100644 --- a/docs/readme.md +++ b/docs/readme.md @@ -14,7 +14,7 @@ on: workflow_dispatch: jobs: assignee: - uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@v2 secrets: TOKEN : # Provide GitHub token SLACK_WEBHOOK_TERRAFORM: # Provide slack-webhook url diff --git a/docs/release-maintain-major-tag.md b/docs/release-maintain-major-tag.md new file mode 100644 index 00000000..bbcf353e --- /dev/null +++ b/docs/release-maintain-major-tag.md @@ -0,0 +1,36 @@ +# Release - Maintain Major Tag + +Automatically maintains a **major version tag (`vX`)** when a new semantic version release (`X.Y.Z`) is published. + +This workflow ensures that the major version tag always points to the **latest release of that major version**, making it easier for consumers to reference stable major versions. + +--- + +## Overview + +When a new release is published: + +1. The workflow validates the release tag format. +2. Only **semantic version tags (`X.Y.Z`)** are processed. +3. The workflow extracts the **major version (`X`)**. +4. It updates or creates the corresponding **major tag (`vX`)**. +5. The major tag is force-pushed to point to the latest release. + +Example: + +| Release Tag | Updated Major Tag | +|-------------|------------------| +| `1.0.0` | `v1` → `1.0.0` | +| `1.2.3` | `v1` → `1.2.3` | +| `2.0.0` | `v2` → `2.0.0` | + +--- + +## Workflow Trigger + +The workflow runs when a **GitHub Release is published**. + +```yaml +on: + release: + types: [published] \ No newline at end of file diff --git a/docs/security-checkov.md b/docs/security-checkov.md index c46a9b4f..2b2fb02d 100644 --- a/docs/security-checkov.md +++ b/docs/security-checkov.md @@ -23,7 +23,7 @@ on: jobs: checkov: - uses: clouddrove/github-shared-workflows/.github/workflows/security-checkov.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/security-checkov.yml@v2 with: directory: '.' continue_on_error: 'true' diff --git a/docs/security-powerpipe.md b/docs/security-powerpipe.md index 4235bcd2..eb9f075b 100644 --- a/docs/security-powerpipe.md +++ b/docs/security-powerpipe.md @@ -36,7 +36,7 @@ on: jobs: powerpipe: - uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@v2 with: cloud_provider: 'AWS' mod_url: "https://github.com/turbot/steampipe-mod-terraform-aws-compliance" @@ -73,7 +73,7 @@ on: jobs: powerpipe: - uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@v2 with: cloud_provider: 'AWS' mod_url: "https://github.com/turbot/steampipe-mod-aws-thrifty" @@ -104,7 +104,7 @@ on: jobs: powerpipe: - uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@v2 with: cloud_provider: 'AZURE' mod_url: "https://github.com/turbot/steampipe-mod-azure-thrifty" @@ -138,7 +138,7 @@ on: jobs: powerpipe: - uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@v2 with: cloud_provider: 'AWS' secrets: diff --git a/docs/security-prowler.md b/docs/security-prowler.md index 9e22860a..f5451ce0 100644 --- a/docs/security-prowler.md +++ b/docs/security-prowler.md @@ -19,7 +19,7 @@ jobs: contents: 'read' id-token: 'write' - uses: clouddrove/github-shared-workflows/.github/workflows/security-prowler.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/security-prowler.yml@v2 with: cloud_provider: aws aws_region: ## AWS Region @@ -47,7 +47,7 @@ jobs: contents: 'read' id-token: 'write' - uses: clouddrove/github-shared-workflows/.github/workflows/security-prowler.yml@feat/master + uses: clouddrove/github-shared-workflows/.github/workflows/security-prowler.yml@v2 with: cloud_provider: azure @@ -72,7 +72,7 @@ jobs: contents: 'read' id-token: 'write' - uses: clouddrove/github-shared-workflows/.github/workflows/security-prowler.yml@feat/master + uses: clouddrove/github-shared-workflows/.github/workflows/security-prowler.yml@v2 with: cloud_provider: gcp project_id: ## Your GCP Project ID diff --git a/docs/sst.md b/docs/sst.md index 434cbbab..dd6d91c1 100644 --- a/docs/sst.md +++ b/docs/sst.md @@ -25,19 +25,19 @@ Secrets: ```yaml staging-workflow: if: ${{ github.event.pull_request.base.ref == 'master' }} - uses: clouddrove/github-shared-workflows/.github/workflows/sst_workflow.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/sst_workflow.yml@v2 with: app-env: staging production-workflow: if: startsWith(github.event.ref, 'refs/tags/v') - uses: clouddrove/github-shared-workflows/.github/workflows/sst_workflow.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/sst_workflow.yml@v2 with: app-env: production ``` -##### Path: `clouddrove/github-shared-workflows/.github/workflows/sst_workflow.yml@master` +##### Path: `clouddrove/github-shared-workflows/.github/workflows/sst_workflow.yml@v2` Should be used with `on: pull_request`. Includes the following: 1. Adds SST Deployed application link into the description of a pull request. diff --git a/docs/stf-checks.md b/docs/stf-checks.md index b1a185fd..509985f4 100644 --- a/docs/stf-checks.md +++ b/docs/stf-checks.md @@ -24,7 +24,7 @@ on: jobs: terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/stf-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/stf-checks.yml@v2 with: working_directory: './examples/complete/' provider: 'azurerm' @@ -42,7 +42,7 @@ on: jobs: terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/stf-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/stf-checks.yml@v2 with: working_directory: './examples/complete/' provider: 'aws' @@ -66,7 +66,7 @@ on: jobs: terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/stf-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/stf-checks.yml@v2 with: working_directory: './examples/complete/' provider: 'aws' @@ -88,7 +88,7 @@ on: jobs: terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/stf-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/stf-checks.yml@v2 with: working_directory: './examples/complete/' provider: 'azurerm' @@ -108,7 +108,7 @@ on: jobs: terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/stf-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/stf-checks.yml@v2 with: working_directory: './examples/complete/' provider: 'aws' @@ -131,7 +131,7 @@ on: jobs: terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/stf-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/stf-checks.yml@v2 with: working_directory: './examples/complete/' provider: 'digitalocean' @@ -150,7 +150,7 @@ on: jobs: terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/stf-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/stf-checks.yml@v2 with: working_directory: './examples/complete/' provider: 'gcp' diff --git a/docs/tf-checks.md b/docs/tf-checks.md index 8b2b6336..268b37c1 100644 --- a/docs/tf-checks.md +++ b/docs/tf-checks.md @@ -24,7 +24,7 @@ on: jobs: terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v2 with: working_directory: './examples/complete/' provider: 'azurerm' @@ -42,7 +42,7 @@ on: jobs: terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v2 with: working_directory: './examples/complete/' provider: 'aws' @@ -66,7 +66,7 @@ on: jobs: terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v2 with: working_directory: './examples/complete/' provider: 'aws' @@ -88,7 +88,7 @@ on: jobs: terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v2 with: working_directory: './examples/complete/' provider: 'azurerm' @@ -108,7 +108,7 @@ on: jobs: terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v2 with: working_directory: './examples/complete/' provider: 'aws' @@ -131,7 +131,7 @@ on: jobs: terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v2 with: working_directory: './examples/complete/' provider: 'digitalocean' @@ -150,7 +150,7 @@ on: jobs: terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v2 with: working_directory: './examples/complete/' provider: 'gcp' diff --git a/docs/tf-drift.md b/docs/tf-drift.md index 53ce49f5..57e78531 100644 --- a/docs/tf-drift.md +++ b/docs/tf-drift.md @@ -16,7 +16,7 @@ on: workflow_dispatch: jobs: tf-lint: - uses: clouddrove/github-shared-workflows/.github/workflows/tfdrift.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/tfdrift.yml@v2 with: working_directory: #'./_example/complete/' provider: #aws diff --git a/docs/tf-lint.md b/docs/tf-lint.md index 0c3c3b1b..c69921bb 100644 --- a/docs/tf-lint.md +++ b/docs/tf-lint.md @@ -15,7 +15,7 @@ on: workflow_dispatch: jobs: tf-lint: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@v2 secrets: GITHUB: ${{ secrets.GITHUB }} ``` diff --git a/docs/tf-monorepo-tag-release.md b/docs/tf-monorepo-tag-release.md index a0104fb3..39f973b7 100644 --- a/docs/tf-monorepo-tag-release.md +++ b/docs/tf-monorepo-tag-release.md @@ -76,7 +76,7 @@ permissions: jobs: module-release: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-monorepo-tag-release.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-monorepo-tag-release.yml@v2 with: module_prefix: "" # Replace with your Module Prefix by deafult "terraform-aws-" ``` diff --git a/docs/tf-pr-checks.md b/docs/tf-pr-checks.md index 96aaa72e..7b409cb7 100644 --- a/docs/tf-pr-checks.md +++ b/docs/tf-pr-checks.md @@ -25,7 +25,7 @@ on: jobs: complete-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-pr-checks.yaml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-pr-checks.yaml@v2 with: provider: 'azurerm' terraform_directory: 'examples/complete' diff --git a/docs/tf-smurf.md b/docs/tf-smurf.md index d8df1dd4..30c6c698 100644 --- a/docs/tf-smurf.md +++ b/docs/tf-smurf.md @@ -14,7 +14,7 @@ on: jobs: dev: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-smurf.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-smurf.yml@v2 with: terraform_directory: # Terraform Directory aws_auth_method: # AWS auth method to use like oidc and keys diff --git a/docs/tf-tfsec.md b/docs/tf-tfsec.md index 6913a39c..ffff3326 100644 --- a/docs/tf-tfsec.md +++ b/docs/tf-tfsec.md @@ -28,7 +28,7 @@ on: jobs: tfsec-scan: - uses: clouddrove/github-shared-workflows/.github/workflows/security-tfsec.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/security-tfsec.yml@v2 secrets: GITHUB: ${{ secrets.GITHUB_TOKEN }} ``` @@ -44,7 +44,7 @@ on: jobs: tfsec-scan: - uses: clouddrove/github-shared-workflows/.github/workflows/security-tfsec.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/security-tfsec.yml@v2 secrets: GITHUB: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/docs/tf-workflow.md b/docs/tf-workflow.md index 5815555c..0000e26c 100644 --- a/docs/tf-workflow.md +++ b/docs/tf-workflow.md @@ -38,7 +38,7 @@ on: workflow_dispatch: jobs: prod: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-workflow.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-workflow.yml@v2 with: provider: # aws working_directory: # Specify terraform code directory in repo, eg. './_example/complete/' @@ -70,7 +70,7 @@ on: workflow_dispatch: jobs: prod: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-workflow.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-workflow.yml@v2 with: provider: # azurerm working_directory: # Specify terraform code directory in repo @@ -97,7 +97,7 @@ on: workflow_dispatch: jobs: prod: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-workflow.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tf-workflow.yml@v2 with: provider: # digitalocean working_directory: # Specify terraform code directory in repo @@ -124,7 +124,7 @@ on: workflow_dispatch: jobs: prod: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-workflow.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tf-workflow.yml@v2 with: provider: # gcp working_directory: # Specify terraform code directory in repo @@ -151,7 +151,7 @@ on: workflow_dispatch: jobs: prod: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-workflow.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tf-workflow.yml@v2 with: provider: # aws working_directory: # Specify terraform code directory in repo diff --git a/docs/tfdrift.md b/docs/tfdrift.md index 53e31e20..d6b49369 100644 --- a/docs/tfdrift.md +++ b/docs/tfdrift.md @@ -16,7 +16,7 @@ on: workflow_dispatch: jobs: tf-lint: - uses: clouddrove/github-shared-workflows/.github/workflows/tfdrift.yml@main + uses: clouddrove/github-shared-workflows/.github/workflows/tf-drift.yml@v2 with: working_directory: #'./_example/complete/' provider: #aws diff --git a/docs/yml-lint-internal.md b/docs/yml-lint-internal.md index f9b6f9d2..98cf72a6 100644 --- a/docs/yml-lint-internal.md +++ b/docs/yml-lint-internal.md @@ -25,7 +25,7 @@ on: [pull_request] jobs: YAML-LINTER: - uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@v2 ``` #### Complete Example @@ -39,7 +39,7 @@ on: jobs: YAML-LINTER: - uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@v2 ``` ### When to Use @@ -71,17 +71,17 @@ on: jobs: # YAML validation yaml-lint: - uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint-internal.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint-internal.yml@v2 # Terraform validation terraform-checks: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v2 with: working_directory: terraform/ # Security scanning security-scan: - uses: clouddrove/github-shared-workflows/.github/workflows/security-checkov.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/security-checkov.yml@v2 ``` ### Customization @@ -100,7 +100,7 @@ on: jobs: yaml-lint: - uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@v2 # Add any custom steps or configuration here ``` @@ -116,7 +116,7 @@ on: jobs: YAML-LINTER: - uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@v2 # Add additional steps if needed ``` @@ -132,7 +132,7 @@ name: YAML-LINTER on: [pull_request] jobs: YAML-LINTER: - uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@v2 ``` #### 2. Configuration Files Validation @@ -144,7 +144,7 @@ name: YAML-LINTER on: [pull_request] jobs: YAML-LINTER: - uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@v2 ``` #### 3. Documentation Validation @@ -156,7 +156,7 @@ name: YAML-LINTER on: [pull_request] jobs: YAML-LINTER: - uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@v2 ``` ### Troubleshooting diff --git a/docs/yml-lint.md b/docs/yml-lint.md index 694716ae..7261a34d 100644 --- a/docs/yml-lint.md +++ b/docs/yml-lint.md @@ -60,7 +60,7 @@ on: jobs: yaml-lint: - uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@2.0.0 + uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@v2 ``` #### With Custom File/Directory @@ -75,10 +75,10 @@ on: jobs: lint-config: - uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@v2 lint-workflows: - uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@v2 ``` ### Integration Examples @@ -96,12 +96,12 @@ on: jobs: # Lint YAML files yaml-lint: - uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@v2 # Other validation steps terraform-validate: needs: yaml-lint - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v2 with: working_directory: terraform/ ``` @@ -117,17 +117,17 @@ on: jobs: # Validate workflow files lint-workflows: - uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/yml-lint.yml@v2 # Validate Terraform terraform-checks: needs: lint-workflows - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v2 # Security scan security-scan: needs: lint-workflows - uses: clouddrove/github-shared-workflows/.github/workflows/security-checkov.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/security-checkov.yml@v2 ``` ### Customization From c3b78a3a594127706a39bb9c7dfd497f75074256 Mon Sep 17 00:00:00 2001 From: Anket Satbhai Date: Sat, 14 Mar 2026 00:03:23 +0530 Subject: [PATCH 2/4] docs: update docs with major version tag --- QUICKSTART.md | 10 +++++----- README.md | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/QUICKSTART.md b/QUICKSTART.md index daf34edc..8735a21f 100644 --- a/QUICKSTART.md +++ b/QUICKSTART.md @@ -16,7 +16,7 @@ on: [pull_request] jobs: validate: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v2 with: working_directory: './terraform' provider: 'aws' @@ -33,7 +33,7 @@ on: [push] jobs: docker: - uses: clouddrove/github-shared-workflows/.github/workflows/docker-build-push.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/docker-build-push.yml@v2 with: provider: 'aws' ECR_REPOSITORY: 'my-app' @@ -51,7 +51,7 @@ on: [pull_request] jobs: validate: - uses: clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml@v2 ``` ## Common Patterns @@ -61,7 +61,7 @@ jobs: Instead of `@master`, use version tags for stability: ```yaml -uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v1.2.0 +uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v2 ``` ### Environment-Specific Workflows @@ -69,7 +69,7 @@ uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v1.2.0 ```yaml jobs: deploy: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-workflow.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tf-workflow.yml@v2 with: target_environment: 'production' ``` diff --git a/README.md b/README.md index fe771822..8316de0a 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,7 @@ See our [Quick Start Guide](./QUICKSTART.md) for common use cases and examples. ```yaml jobs: staging: # Job name - uses: clouddrove/github-shared-workflows/.github/workflows/example.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/example.yml@v2 secrets: SECRET_1: SECRET_2: From c4b8216fb306cdeefab04c8ed7eafb3529f16e4a Mon Sep 17 00:00:00 2001 From: Anket Satbhai Date: Mon, 16 Mar 2026 16:05:22 +0530 Subject: [PATCH 3/4] fix: fix file path and docs name --- docs/aws-prowler.md | 2 +- docs/aws-remote-ssh-command.md | 2 +- docs/pr-claude-review.md | 2 +- docs/pr-gemini-review.md | 2 +- docs/pr-gitleaks-scan.md | 2 +- docs/pr-stale.md | 2 +- docs/{tf-tfsec.md => security-tfsec.md} | 0 docs/tf-drift.md | 2 +- docs/tfdrift.md | 28 ------------------------- 9 files changed, 7 insertions(+), 35 deletions(-) rename docs/{tf-tfsec.md => security-tfsec.md} (100%) delete mode 100644 docs/tfdrift.md diff --git a/docs/aws-prowler.md b/docs/aws-prowler.md index 95b1004f..7e8f0122 100644 --- a/docs/aws-prowler.md +++ b/docs/aws-prowler.md @@ -19,7 +19,7 @@ permissions: jobs: aws-assessment: name: Run prowler security - uses: clouddrove-sandbox/test-shared-workflow/.github/workflows/prowler.yml@v2 + uses: clouddrove/github-shared-workflows/.github/workflows/aws-prowler.yml@v2 with: cloud_provider: 'aws' aws_region: ## aws region diff --git a/docs/aws-remote-ssh-command.md b/docs/aws-remote-ssh-command.md index 9126e755..e4f15ae0 100644 --- a/docs/aws-remote-ssh-command.md +++ b/docs/aws-remote-ssh-command.md @@ -22,7 +22,7 @@ on: jobs: ssh-commands: - uses: clouddrove/github-shared-workflows/.github/workflows/RemoteSSHCommand.yml@v2 + uses: clouddrove/github-shared-workflows/.github/workflows/aws-remote-ssh-command.yml@v2 with: port: # your_ssh_port timeout: # your_timeout_in_seconds diff --git a/docs/pr-claude-review.md b/docs/pr-claude-review.md index 3ffd49e3..24913162 100644 --- a/docs/pr-claude-review.md +++ b/docs/pr-claude-review.md @@ -33,7 +33,7 @@ permissions: jobs: claude-feedback: - uses: clouddrove/github-shared-workflows/.github/workflows/claude-pr-review.yml@v2 + uses: clouddrove/github-shared-workflows/.github/workflows/pr-claude-review.yml@v2 secrets: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} # Secret API key used to authenticate with Claude (Anthropic) ``` diff --git a/docs/pr-gemini-review.md b/docs/pr-gemini-review.md index 723c156d..f968082d 100644 --- a/docs/pr-gemini-review.md +++ b/docs/pr-gemini-review.md @@ -68,7 +68,7 @@ on: jobs: call-gemini-review: name: 🤖 Run Gemini Code Review - uses: clouddrove/github-shared-workflows/.github/workflows/gemini-code-review.yml@v2 + uses: clouddrove/github-shared-workflows/.github/workflows/pr-gemini-review.yml@v2 with: gemini_model: "gemini-2.5-pro" # ✨ optional, default already set github_token: ${{ github.TOKEN }} # 🔑 optional override diff --git a/docs/pr-gitleaks-scan.md b/docs/pr-gitleaks-scan.md index a681348b..1f8a0083 100644 --- a/docs/pr-gitleaks-scan.md +++ b/docs/pr-gitleaks-scan.md @@ -24,6 +24,6 @@ permissions: jobs: gitleaks: - uses: clouddrove/github-shared-workflows/.github/workflows/gitleaks-pr-scan.yml@v2 + uses: clouddrove/github-shared-workflows/.github/workflows/pr-gitleaks-scan.yml@v2 secrets: inherit ``` diff --git a/docs/pr-stale.md b/docs/pr-stale.md index 24e5ce3c..0d9bc588 100644 --- a/docs/pr-stale.md +++ b/docs/pr-stale.md @@ -35,7 +35,7 @@ on: jobs: stale-pr: - uses: clouddrove/github-shared-workflows/.github/workflows/stale_pr.yml@v2 + uses: clouddrove/github-shared-workflows/.github/workflows/pr-stale.yml@v2 with: days-before-issue-stale: 30 # Days until issue marked stale days-before-pr-stale: 30 # Days until PR marked stale diff --git a/docs/tf-tfsec.md b/docs/security-tfsec.md similarity index 100% rename from docs/tf-tfsec.md rename to docs/security-tfsec.md diff --git a/docs/tf-drift.md b/docs/tf-drift.md index 57e78531..d6b49369 100644 --- a/docs/tf-drift.md +++ b/docs/tf-drift.md @@ -16,7 +16,7 @@ on: workflow_dispatch: jobs: tf-lint: - uses: clouddrove/github-shared-workflows/.github/workflows/tfdrift.yml@v2 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-drift.yml@v2 with: working_directory: #'./_example/complete/' provider: #aws diff --git a/docs/tfdrift.md b/docs/tfdrift.md deleted file mode 100644 index d6b49369..00000000 --- a/docs/tfdrift.md +++ /dev/null @@ -1,28 +0,0 @@ -## [terraform drifts Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/.github/workflows/tfdrifts.yml) - -This workflow automates Terraform configuration drift detection by running terraform init/plan against your live infrastructure and signaling when resources have changed outside of code. The reusable workflow is stored at `.github/workflows/tfdrifts.yml` in the shared repo. - -**Key capabilities**: -- Detect drift via terraform plan. -- Works with AWS, Azure, or GCP (select with provider). - -#### Example -```yaml -name: TF-Drift -on: - push: - branches: [ master, main ] - pull_request: - workflow_dispatch: -jobs: - tf-lint: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-drift.yml@v2 - with: - working_directory: #'./_example/complete/' - provider: #aws - aws_region: # AWS region - secrets: - AWS_ACCESS_KEY_ID: # Specify AWS Access key ID - AWS_SECRET_ACCESS_KEY: # Specify AWS Secret Access key ID - AWS_SESSION_TOKEN: # Specify Session ID -``` \ No newline at end of file From 29bc9aa1f350c05759b85bf7c3cac717fdcfe15f Mon Sep 17 00:00:00 2001 From: Anket Satbhai Date: Mon, 16 Mar 2026 16:14:54 +0530 Subject: [PATCH 4/4] fix: update docs file in readme file --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8316de0a..dad31299 100644 --- a/README.md +++ b/README.md @@ -273,7 +273,7 @@ Please review our [Security Policy](./.github/SECURITY.md) before reporting secu - [Security Checkov](./docs/security-checkov.md) - IaC security scanning - [Security Prowler](./docs/security-prowler.md) - Cloud security assessment - [Security Powerpipe](./docs/security-powerpipe.md) - Compliance checking -- [Security TFSec](./docs/tf-tfsec.md) - Terraform security scanner +- [Security TFSec](./docs/security-tfsec.md) - Terraform security scanner