This repository contains centralized workflows that are re-used across the organization's repositories.
This repository also hosts the daily Renovate workflow for the whole workleap GitHub organization.
Repositories must opt-in to Renovate automated dependency updates by providing their own configuration file. Repositories without a Renovate configuration file will be ignored.
This workflow runs the semgrep security scanner against the given repo.
This workflow creates links between jira cards and pull requests based on branch names.
This workflow will create a deployment entry in LinearB and Cortex for the provided environment. Example usage in a workflow:
jobs:
deploy-<your_environment>:
uses: workleap/wl-reusable-workflows/.github/workflows/linearb-deployment.yml@main
with:
environment: "<your_environment>" # development, staging or release
cortexEntityIdOrTag: "service-dummy" # (optional) entity tag or id like "service-dummy" or "en307ab223af38dc0e"
secrets: inheritjobs:
sample:
steps:
- uses: workleap/wl-reusable-workflows/send-slack-notification@main
with:
webhook_url: ${{secrets.SLACK_WEBHOOK_URL_IDP_DEV_ALERTS}}
# Use either text or messageTemplate
text: Sample message
messageTemplate: "FailedJob" # Support "", "FailedJob"This workflow requires two secrets to be set:
CHECKLY_API_KEY: The API key to access the Checkly APICHECKLY_ACCOUNT_ID: The ID of the Checkly account
jobs:
main:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: workleap/wl-reusable-workflows/checkly@main
with:
account-id: "your-checkly-account-id"
api-key: "your-checkly-api-key"
private-location-name: "your-private-location-name"This workflow runs TF-Lint to find issues in the code, Terraform-Docs to create a README and Terraform FMT to format the code.
This workflow creates a new Git tag.
This reusable workflow is useful because we often forget to create new GitHub releases for libraries after merging pull requests. It is intended to be used with a schedule. It requires a secret named token that contains a personal access token with permissions to create GitHub releases on the targeted repo (contents: write).
If any commit message contains the following keywords, it will create a new release with the corresponding version bump:
#major: bump the major version,#minor: bump the minor version,#patch: bump the patch version (default behavior).
Additional features and behaviors:
- Supports new repos without tags (will create
0.0.1). - Gracefully exits if there's no commits since the last stable tag.
- Automatically generates the release notes.
- Only supports creating tags from the main branch of the targeted repo.
Here's how to use it:
name: Create stable release
on:
schedule:
- cron: "0 3 * * 0" # At 03:00 on Sunday (that's an example)
jobs:
create-release:
permissions:
contents: write
uses: workleap/wl-reusable-workflows/.github/workflows/create-stable-release.yml
secrets:
token: ${{ secrets.SOME_PAT }}This workflow automatically synchronizes template files (.github folder, CONTRIBUTING.md, SECURITY.md, renovate.json) from a template repository to all downstream repositories with a specified prefix. It's useful for maintaining consistent configurations and documentation across multiple repositories.
Example usage in a workflow:
name: Sync from Template Repo
on:
workflow_dispatch:
push:
branches: [ main ]
paths:
- '.github/**'
- 'CONTRIBUTING.md'
- 'SECURITY.md'
- 'renovate.json'
jobs:
update-downstream-repositories:
uses: workleap/wl-reusable-workflows/.github/workflows/github-template-update-downstream.yml@main
with:
templateRepoName: 'terraform-template'
repoPrefix: 'terraform-'
secrets: inheritCopyright © 2025, Workleap. This code is licensed under the Apache License, Version 2.0. You may obtain a copy of this license at https://github.com/workleap/gsoft-license/blob/master/LICENSE.