clouddrove · pendharevaibhav-cd · Mar 16, 2026 · Mar 13, 2026 · Mar 13, 2026 · Mar 16, 2026
@@ -1,5 +1,5 @@
 ---
-name: Update Major Tag
+name: Release - Maintain Major Tag
 
 on:
   release:

@@ -16,7 +16,7 @@ on: [pull_request]
 
 jobs:
   validate:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v2
     with:
       working_directory: './terraform'
       provider: 'aws'
@@ -33,7 +33,7 @@ on: [push]
 
 jobs:
   docker:
-    uses: clouddrove/github-shared-workflows/.github/workflows/docker-build-push.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/docker-build-push.yml@v2
     with:
       provider: 'aws'
       ECR_REPOSITORY: 'my-app'
@@ -51,7 +51,7 @@ on: [pull_request]
 
 jobs:
   validate:
-    uses: clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml@v2
 ```
 
 ## Common Patterns
@@ -61,15 +61,15 @@ jobs:
 Instead of `@master`, use version tags for stability:
 
 ```yaml
-uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v1.2.0
+uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@v2
 ```
 
 ### Environment-Specific Workflows
 
 ```yaml
 jobs:
   deploy:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-workflow.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-workflow.yml@v2
     with:
       target_environment: 'production'
 ```

@@ -77,7 +77,7 @@ See our [Quick Start Guide](./QUICKSTART.md) for common use cases and examples.
 ```yaml
 jobs:
   staging: # Job name
-    uses: clouddrove/github-shared-workflows/.github/workflows/example.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/example.yml@v2
     secrets:
       SECRET_1:
       SECRET_2: 
@@ -273,7 +273,7 @@ Please review our [Security Policy](./.github/SECURITY.md) before reporting secu
 - [Security Checkov](./docs/security-checkov.md) - IaC security scanning
 - [Security Prowler](./docs/security-prowler.md) - Cloud security assessment
 - [Security Powerpipe](./docs/security-powerpipe.md) - Compliance checking
-- [Security TFSec](./docs/tf-tfsec.md) - Terraform security scanner
+- [Security TFSec](./docs/security-tfsec.md) - Terraform security scanner
 
 </details>
 

@@ -19,7 +19,7 @@ permissions:
 jobs:
   aws-assessment:
     name: Run prowler security
-    uses: clouddrove-sandbox/test-shared-workflow/.github/workflows/prowler.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/aws-prowler.yml@v2
     with:
       cloud_provider: 'aws'
       aws_region: ## aws region

@@ -22,7 +22,7 @@ on:
 
 jobs:
   ssh-commands:
-    uses: clouddrove/github-shared-workflows/.github/workflows/RemoteSSHCommand.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/aws-remote-ssh-command.yml@v2
     with:
       port: # your_ssh_port
       timeout: # your_timeout_in_seconds

@@ -28,7 +28,7 @@ on:
 
 jobs:
   bash-commands-without-ssh:
-    uses: clouddrove/github-shared-workflows/.github/workflows/aws-ssm-send-command.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/aws-ssm-send-command.yml@v2
     with:
       working-directory: # Specify the working directory for the job
       slack_message: # Message to be sent to Slack

@@ -30,7 +30,7 @@ permissions:
 
 jobs:
   deploy-cf-stackset:
-    uses: clouddrove/github-shared-workflows/.github/workflows/cf-deploy-stackset.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/cf-deploy-stackset.yml@v2
     with:
       aws-region:                         # aws-configure region add, where you need stackset 
       stackset-instance-region:           # region add where you need stacks

@@ -17,7 +17,7 @@ on:
   workflow_dispatch:
 jobs:
   cloudformation-stack-deploy:
-    uses: clouddrove/github-shared-workflows/.github/workflows/cf-deploy.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/cf-deploy.yml@v2
     with:  
       s3-bucket:               # S3 Bucket name where code is stored
       bucket-prefix:           # S3 Bucket prefix/folder name where you push the zip file

@@ -40,7 +40,7 @@ on:
 
 jobs:
   deploy-backend:
-    uses: clouddrove/github-shared-workflows/.github/workflows/cloudrun-rollback.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/cloudrun-rollback.yml@v2
     with:
       gcp_registry_host:     # GCP Artifact Registry host
       IMAGE_NAME:            # Docker image name

@@ -23,14 +23,14 @@ on:
 
 jobs:
   docker-scanner:
-    uses: clouddrove/github-shared-workflows/.github/workflows/docker-scanner.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/docker-scanner.yml@v2
     with:
       severity: # which vulnerability should disable the workflow before pusing image to registry. eg. 'HIGH,CRITICAL,MEDIUM,LOW'
 
   docker-push:
     needs: docker-scanner  
     if: ${{ success() && needs.docker-scanner.result == 'success' }}   # This condition start this docker push workflow on succesfull scanning of docker image
-    uses: clouddrove/github-shared-workflows/.github/workflows/docker-build-push.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/docker-build-push.yml@v2
     secrets:
       DOCKERHUB_USERNAME: # Dockerhub username
       DOCKERHUB_PASSWORD: # Dockerhub password
@@ -56,14 +56,14 @@ on:
 
 jobs:
   docker-scanner:
-    uses: clouddrove/github-shared-workflows/.github/workflows/docker-scanner.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/docker-scanner.yml@v2
     with:
       severity: # which vulnerability should disable the workflow before pusing image to registry. eg. 'HIGH,CRITICAL,MEDIUM,LOW'
 
   docker-push:
     needs: docker-scanner
     if: ${{ success() && needs.docker-scanner.result == 'success' }}   # This condition start this docker push workflow on succesfull scanning of docker image
-    uses: clouddrove/github-shared-workflows/.github/workflows/docker-build-push.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/docker-build-push.yml@v2
     secrets:
       AWS_ACCESS_KEY_ID: # AWS Access Key ID
       AWS_SECRET_ACCESS_KEY: # AWS Secret Access Key ID

@@ -21,7 +21,7 @@ on:
 
 jobs:
   docker-scout:
-    uses: clouddrove/github-shared-workflows/.github/workflows/docker-scout.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/docker-scout.yml@v2
     with:
       IMAGES:             # Specify the dockerhub repository name
       IMAGE_TAG:          # Give the tag to the latest image you want to build

@@ -13,7 +13,7 @@ on:
 
 jobs:
   dev:
-    uses: clouddrove/github-shared-workflows/.github/workflows/docker-smurf-helm.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/docker-smurf-helm.yml@v2
     with:
       docker_image_name: # Image Name
       docker_image_tag: # Image Tag

@@ -15,7 +15,7 @@ on:
 
 jobs:
   prowler-security:
-    uses: clouddrove/github-shared-workflows/.github/workflows/gcp-prowler.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/gcp-prowler.yml@v2
     with:
       cloud_provider: 'gcp'
       gcp_project_ids: 'project-1,project-2'  # Comma-separated GCP project IDs to scan

@@ -24,7 +24,7 @@ on:
 
 jobs:
   aws:
-    uses: clouddrove/github-shared-workflows/.github/workflows/helm-deploy.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/helm-deploy.yml@v2
     secrets:
       BUILD_ROLE:                             # AWS OIDC role for authentication
       AWS_ACCESS_KEY_ID:                      # AWS access key

@@ -30,7 +30,7 @@ on:
      branches: [ master ]
 jobs:
   infracost:
-    uses: clouddrove/github-shared-workflows/.github/workflows/infracost.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/infracost.yml@v2
     with:
       working-directory:   # Need to specify working-directory as that's where the terraform files live in the source code
       slack_notification:  # If we need slack notification then its value is true else false

@@ -26,7 +26,7 @@ on:
 jobs:
   notify-job-status:
     needs: test # Job name for which you wnat the stauus of that like is it completed or failed.
-    uses: clouddrove/github-shared-workflows/.github/workflows/notify-slack.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/notify-slack.yml@v2
     with:
       channel: ${{ vars.SLACK_CHANNEL_ID }}   # Slack id of channel where you want alerts to be setup so update this as per your channel-id. SLACK_CHANNEL_ID = C07XXXXXX
       title: "Workflow Run"  # Title of alert like for which job its give the status as success or failed ex- terraform apply  if workflow runs it gives status as terraform apply - success 

@@ -16,7 +16,7 @@ on:
   workflow_dispatch:
 jobs:
   assign-pr:
-      uses: clouddrove/github-shared-workflows/.github/workflows/pr-auto-assignee.yml@2.0.0
+      uses: clouddrove/github-shared-workflows/.github/workflows/pr-auto-assignee.yml@v2
       secrets:
         GITHUB: ${{ secrets.TOKEN_GITHUB }}
       with:  

@@ -94,7 +94,7 @@ This workflow triggers automatically on PR events and can be configured with inp
 name: 'PR Validation'
 
 on:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - edited
@@ -103,7 +103,7 @@ on:
 
 jobs:
   pr-validation:
-    uses: clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/pr-checks.yml@v2
     secrets: inherit
     with:
       types: |

@@ -33,7 +33,7 @@ permissions:
 
 jobs:
   claude-feedback:
-    uses: clouddrove/github-shared-workflows/.github/workflows/claude-pr-review.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/pr-claude-review.yml@v2
     secrets:
       ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} # Secret API key used to authenticate with Claude (Anthropic)
 ```

@@ -68,7 +68,7 @@ on:
 jobs:
   call-gemini-review:
     name: 🤖 Run Gemini Code Review
-    uses: clouddrove/github-shared-workflows/.github/workflows/gemini-code-review.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/pr-gemini-review.yml@v2
     with:
       gemini_model: "gemini-2.5-pro"   # ✨ optional, default already set
       github_token: ${{ github.TOKEN }}   # 🔑 optional override

@@ -24,6 +24,6 @@ permissions:
 
 jobs:
   gitleaks:
-    uses: clouddrove/github-shared-workflows/.github/workflows/gitleaks-pr-scan.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/pr-gitleaks-scan.yml@v2
     secrets: inherit
 ```
@@ -38,7 +38,7 @@ on:
 
 jobs:
   lock:
-    uses: clouddrove/github-shared-workflows/.github/workflows/pr-lock.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/pr-lock.yml@v2
     secrets:
       github-token: ${{ secrets.REPO_TOKEN }}
 ```

@@ -35,7 +35,7 @@ on:
 
 jobs:
   stale-pr:
-    uses: clouddrove/github-shared-workflows/.github/workflows/stale_pr.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/pr-stale.yml@v2
     with:
       days-before-issue-stale: 30  # Days until issue marked stale
       days-before-pr-stale: 30     # Days until PR marked stale

@@ -14,7 +14,7 @@ on:
   workflow_dispatch:
 jobs:
   assignee:
-    uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@v2
     secrets:
       TOKEN :                  # Provide GitHub token 
       SLACK_WEBHOOK_TERRAFORM: # Provide slack-webhook url

@@ -0,0 +1,36 @@
+# Release - Maintain Major Tag
+
+Automatically maintains a **major version tag (`vX`)** when a new semantic version release (`X.Y.Z`) is published.
+
+This workflow ensures that the major version tag always points to the **latest release of that major version**, making it easier for consumers to reference stable major versions.
+
+---
+
+## Overview
+
+When a new release is published:
+
+1. The workflow validates the release tag format.
+2. Only **semantic version tags (`X.Y.Z`)** are processed.
+3. The workflow extracts the **major version (`X`)**.
+4. It updates or creates the corresponding **major tag (`vX`)**.
+5. The major tag is force-pushed to point to the latest release.
+
+Example:
+
+| Release Tag | Updated Major Tag |
+|-------------|------------------|
+| `1.0.0` | `v1` → `1.0.0` |
+| `1.2.3` | `v1` → `1.2.3` |
+| `2.0.0` | `v2` → `2.0.0` |
+
+---
+
+## Workflow Trigger
+
+The workflow runs when a **GitHub Release is published**.
+
+```yaml
+on:
+  release:
+    types: [published]
@@ -23,7 +23,7 @@ on:
 
 jobs:
   checkov:
-    uses: clouddrove/github-shared-workflows/.github/workflows/security-checkov.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/security-checkov.yml@v2
     with:
       directory: '.'
       continue_on_error: 'true'

@@ -36,7 +36,7 @@ on:
 
 jobs:
   powerpipe:
-    uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@2.0.0
+    uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@v2
     with:
       cloud_provider: 'AWS'
       mod_url: "https://github.com/turbot/steampipe-mod-terraform-aws-compliance"
@@ -73,7 +73,7 @@ on:
 
 jobs:
   powerpipe:
-    uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@v2
     with:
       cloud_provider: 'AWS'
       mod_url: "https://github.com/turbot/steampipe-mod-aws-thrifty"
@@ -104,7 +104,7 @@ on:
 
 jobs:
   powerpipe:
-    uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@v2
     with:
       cloud_provider: 'AZURE'
       mod_url: "https://github.com/turbot/steampipe-mod-azure-thrifty"
@@ -138,7 +138,7 @@ on:
 
 jobs:
   powerpipe:
-    uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/security-powerpipe.yml@v2
     with:
       cloud_provider: 'AWS'
     secrets: