Professional automation components for enterprise-grade CI/CD workflows
This directory contains modular, reusable GitHub Actions designed for enterprise environments. Each action follows industry best practices for security, reliability, and maintainability.
💡 Empfehlung: Nutze die neuen modularen Workflows für noch bessere Komposition und Wiederverwendbarkeit! Diese Actions werden als Bausteine in den modularen Workflows verwendet.
| Action | Purpose | Engine | Performance | Modularer Workflow |
|---|---|---|---|---|
security-scan |
Comprehensive secrets detection | Gitleaks + GitGuardian | ⚡⚡⚡ | modules-security-scan.yml |
security-scan-meta |
Advanced multi-engine scanning | Gitleaks + GitGuardian | ⚡⚡⚡ | Erweiterte Sicherheitsanalyse |
gitguardian-scan |
ML-based policy enforcement | GitGuardian | ⚡⚡ | GitGuardian-spezifisch |
gitleaks-scan |
Fast secrets detection | Gitleaks | ⚡⚡⚡ | Gitleaks-spezifisch |
license-compliance |
SPDX license validation | FOSSA + SPDX | ⚡⚡⚡ | modules-license-compliance.yml |
labeler-triage |
PR labeling & triage | GitHub API | ⚡⚡⚡ | modules-pr-labeler.yml |
| Action | Purpose | Integration | Modularer Workflow |
|---|---|---|---|
semantic-release |
Semantic release automation | Semantic Release | modules-semantic-release.yml |
generate-changelog |
Changelog generation | Git History | Manual releases & documentation |
auto-merge |
Intelligent PR merging | GitHub API | PR-Automatisierung |
artifact-generator |
Multi-format artifact creation | GitHub Releases | modules-artifact-generation.yml |
| Action | Purpose | Engine | Modularer Workflow |
|---|---|---|---|
claude-code |
AI-powered code assistant | Claude AI (Opus) | claude-code.yml |
| Action | Purpose | Scope | Modularer Workflow |
|---|---|---|---|
readme-generate |
Dynamic documentation | Repository-wide | readme.yml |
Neu: Python-Funktionalität wurde in die Workflows integriert:
- Anwendungen: python-build.yml - Inline-Implementation aller Python-Actions
- Packages: python-semantic-release.yml - Moderne semantic versioning
💪 Empfehlung: Verwende die modularen Workflows für optimale Komposition!
Einfacher Security Scan:
jobs:
security:
uses: bauer-group/automation-templates/.github/workflows/modules-security-scan.yml@main
with:
scan-engine: both
secrets:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}Release Management:
jobs:
release:
uses: bauer-group/automation-templates/.github/workflows/modules-semantic-release.yml@main
with:
target-branch: 'main'
secrets: inheritRelease Management mit Extra-Plugins (z.B. npm):
jobs:
release:
uses: bauer-group/automation-templates/.github/workflows/modules-semantic-release.yml@main
with:
target-branch: 'main'
extra-plugins: '@semantic-release/npm'
secrets: inheritPython Development (Modern):
# Für Anwendungen (Django, FastAPI, ML, etc.)
jobs:
python-ci:
uses: bauer-group/automation-templates/.github/workflows/python-build.yml@main
with:
python-version: '3.12'
run-tests: true
collect-coverage: true
run-security-scan: true
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
# Für Packages (PyPI Publishing mit Semantic Versioning)
jobs:
python-release:
uses: bauer-group/automation-templates/.github/workflows/python-semantic-release.yml@main
with:
python-version: '3.12'
skip-pypi: false
secrets: inheritSecurity Scanning:
- name: 🛡️ Security Scan
uses: bauer-group/automation-templates/.github/actions/security-scan@main
with:
scan-engine: both
scan-type: all
fail-on-findings: true
token: ${{ secrets.GITHUB_TOKEN }}
gitguardian-api-key: ${{ secrets.GITGUARDIAN_API_KEY }}Release Management:
- name: 📦 Semantic Release
uses: bauer-group/automation-templates/.github/actions/semantic-release@main
with:
dry-run: false
branches: main
token: ${{ secrets.GITHUB_TOKEN }}Auto-Merge:
- name: 🔄 Auto-Merge PR
uses: bauer-group/automation-templates/.github/actions/auto-merge@main
with:
pr-number: ${{ github.event.number }}
merge-method: squash
required-checks: ''
token: ${{ secrets.GITHUB_TOKEN }}Python Development:
# Für Anwendungen (Django, FastAPI, ML, etc.)
jobs:
python-ci:
uses: bauer-group/automation-templates/.github/workflows/python-build.yml@main
with:
python-version: '3.12'
run-tests: true
collect-coverage: true
run-security-scan: true
# Für Packages (PyPI Publishing mit Semantic Versioning)
jobs:
python-release:
uses: bauer-group/automation-templates/.github/workflows/python-semantic-release.yml@main
with:
python-version: '3.12'
skip-pypi: false
secrets: inheritVon direkten Actions zu modularen Workflows:
# Alt: Direkte Action-Verwendung
- - name: Security Scan
- uses: ./.github/actions/security-scan
# Neu: Modularer Workflow
+ jobs:
+ security:
+ uses: bauer-group/automation-templates/.github/workflows/modules-security-scan.yml@mainVorteile der modularen Workflows:
- ✅ Bessere Komposition und Wiederverwendbarkeit
- ✅ Integrierte Error-Handling und Reporting
- ✅ Vordefinierte Best-Practice-Konfigurationen
- ✅ Einfachere Wartung und Updates
secrets:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Always available
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }} # For GitGuardian scanning
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} # For license compliancepermissions:
contents: write
pull-requests: write
security-events: write
packages: write
actions: read- Dual-engine approach: Gitleaks (speed) + GitGuardian (accuracy)
- Custom rule sets: Organization-specific security policies
- SARIF integration: Native GitHub Security tab integration
- False positive management: Intelligent filtering and allowlists
- Semantic versioning: Automated version calculation
- Conventional commits: Enforced commit message standards
- Branch protection: Automated security and quality gates
- Artifact management: Multi-format release assets
- License scanning: SPDX-compliant license detection
- SBOM generation: Software Bill of Materials
- Audit trails: Comprehensive action logging
- Policy enforcement: Configurable compliance rules
jobs:
security:
uses: bauer-group/automation-templates/.github/workflows/modules-security-scan.yml@main
with:
scan-engine: both
secrets:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
compliance:
needs: security
uses: bauer-group/automation-templates/.github/workflows/modules-license-compliance.yml@main
secrets:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
release:
needs: [security, compliance]
uses: bauer-group/automation-templates/.github/workflows/modules-release-management.yml@main
with:
release-type: simple
secrets:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}jobs:
pr-security:
if: github.event_name == 'pull_request'
uses: bauer-group/automation-templates/.github/workflows/modules-pr-validation.yml@main
secrets:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
release:
if: github.ref == 'refs/heads/main'
uses: bauer-group/automation-templates/.github/workflows/modules-release-management.yml@main
with:
release-type: simple
secrets:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}| Action | Average Runtime | Resource Usage | Success Rate |
|---|---|---|---|
| security-scan | ~45s | Low | 99.8% |
| semantic-release | ~1m | Low | 99.9% |
| auto-merge | ~15s | Low | 99.7% |
| license-compliance | ~30s | Low | 99.5% |
# Install act for local testing
npm install -g @nektos/act
# Test specific action
act -j test-security-scan --secret-file .env- Idempotency: Actions must be safe to run multiple times
- Error handling: Comprehensive error messages and recovery
- Logging: Structured logging with appropriate log levels
- Security: No secret leakage, minimal permissions
- Performance: Optimize for speed and resource usage
- Security Scanning Action
- Semantic Release Action
- Changelog Generator Action
- Auto-Merge Action
- License Compliance Action
- Artifact Generator Action
- README Generator Action
- Modulare Workflow-Komponenten
- Workflow-Beispiele
- Security-Scan Workflow
- Release-Management Workflow
- License-Compliance Workflow
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Enterprise Support: Contact your GitHub Enterprise administrator
This documentation is automatically maintained and reflects the current state of all available actions.