Skip to content

kreuzberg-dev/actions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

85 Commits
.ai-rulez
.ai-rulez
 
 
.github
.github
 
 
build-and-cache-binding
build-and-cache-binding
 
 
build-homebrew-bottle
build-homebrew-bottle
 
 
build-node-napi
build-node-napi
 
 
build-php-extension
build-php-extension
 
 
build-python-wheels
build-python-wheels
 
 
build-ruby-gem
build-ruby-gem
 
 
build-rust-cli
build-rust-cli
 
 
build-rust-ffi
build-rust-ffi
 
 
build-wasm-package
build-wasm-package
 
 
cache-binding-artifact
cache-binding-artifact
 
 
check-registry
check-registry
 
 
cleanup-rust-cache
cleanup-rust-cache
 
 
free-disk-space-linux
free-disk-space-linux
 
 
generate-elixir-checksums
generate-elixir-checksums
 
 
install-alef
install-alef
 
 
install-task
install-task
 
 
install-wasi-sdk
install-wasi-sdk
 
 
package-php-pie
package-php-pie
 
 
prepare-release-metadata
prepare-release-metadata
 
 
publish-crates
publish-crates
 
 
publish-github-release
publish-github-release
 
 
publish-gleam
publish-gleam
 
 
publish-hex
publish-hex
 
 
publish-homebrew
publish-homebrew
 
 
publish-maven-gradle
publish-maven-gradle
 
 
publish-maven
publish-maven
 
 
publish-npm
publish-npm
 
 
publish-nuget
publish-nuget
 
 
publish-packagist
publish-packagist
 
 
publish-pub
publish-pub
 
 
publish-pypi
publish-pypi
 
 
publish-rubygems
publish-rubygems
 
 
publish-swift
publish-swift
 
 
publish-zig
publish-zig
 
 
restore-cargo-cache
restore-cargo-cache
 
 
retag-for-republish
retag-for-republish
 
 
setup-elixir
setup-elixir
 
 
setup-go-cgo-env
setup-go-cgo-env
 
 
setup-maven
setup-maven
 
 
setup-node-workspace
setup-node-workspace
 
 
setup-openssl
setup-openssl
 
 
setup-php
setup-php
 
 
setup-python-env
setup-python-env
 
 
setup-r
setup-r
 
 
setup-rust
setup-rust
 
 
test-java-ffi
test-java-ffi
 
 
tests
tests
 
 
validate-versions
validate-versions
 
 
wait-for-package
wait-for-package
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
README.md
README.md
 
 
Taskfile.yml
Taskfile.yml
 
 
pyproject.toml
pyproject.toml
 
 
uv.lock
uv.lock
 
 

Repository files navigation

kreuzberg-dev/actions

Shared GitHub Actions composite actions and reusable workflows for the kreuzberg-dev polyrepo.

Actions

Setup

Action Description
setup-rust Rust toolchain with sccache, llvm-cov, cross-compilation targets
setup-python-env Python environment with uv and caching
setup-node-workspace Node.js workspace with pnpm
setup-openssl Cross-platform OpenSSL (Linux, macOS, Windows)
setup-maven Maven 3.x with settings.xml
setup-go-cgo-env Go CGO environment for FFI builds
setup-r R environment
install-task Task runner
install-wasi-sdk WASI SDK for WebAssembly

Build

Action Description
build-rust-ffi Rust FFI library (cdylib) with error diagnostics
build-and-cache-binding Language binding build with intelligent caching
build-python-wheels Python wheels via cibuildwheel/maturin
build-node-napi Node.js NAPI-RS native modules
build-ruby-gem Platform-specific Ruby gems
build-php-extension PHP extensions
build-wasm-package WebAssembly packages
build-rust-cli Rust CLI binaries
build-homebrew-bottle Homebrew bottle tarballs from CLI binaries
package-php-pie PIE-conventional binary archive from a built PHP extension

Publish

All publish actions are idempotent: re-running on an already-published version exits 0 (output skipped=true where applicable). Most accept dry-run: 'true' to print the command without executing.

Action Target Auth Description
publish-pypi PyPI OIDC trusted publisher Python packages via pypa/gh-action-pypi-publish
publish-npm npm NPM_TOKEN .tgz files from a directory or direct package-dir; supports npm-tag (latest/next/rc)
publish-crates crates.io OIDC (rust-lang/crates-io-auth-action) Rust crates with dependency-ordered publishing
publish-rubygems RubyGems.org GEM_HOST_API_KEY or trusted publisher Ruby gems
publish-maven Maven Central MAVEN_USERNAME + MAVEN_PASSWORD + GPG Java / pom.xml projects via mvn deploy
publish-maven-gradle Maven Central same as publish-maven Kotlin / Java-Gradle via gradle publishAndReleaseToMavenCentral (or any task); imports GPG into the agent
publish-nuget NuGet.org OIDC trusted publisher (preferred) or NUGET_API_KEY .NET .nupkg files
publish-packagist Packagist PACKAGIST_API_TOKEN Triggers re-index for PHP packages auto-discovered from Git tags
publish-hex Hex.pm HEX_API_KEY Elixir packages via mix hex.publish
publish-gleam Hex.pm HEX_API_KEY Gleam packages via gleam publish; reuses the same HEX_API_KEY as publish-hex
publish-pub pub.dev OIDC trusted publisher Dart packages; requires a one-time pub.dev claim of the package
publish-swift Swift Package Index none Validates Package.swift + tag, pings SPI to expedite re-index
publish-zig Git tag none Validates build.zig.zon + tag; emits the tarball SHA-256 downstream consumers need for build.zig.zon's hash field; can append a fetch snippet to the GH release notes
publish-homebrew Homebrew tap HOMEBREW_TOKEN Formula updates with bottle hashes
publish-github-release GitHub Releases GITHUB_TOKEN Release-asset uploads

Idempotency contract. Each publish-* action either:

  1. Detects "already published" output from the underlying tool (case-insensitive grep) and exits 0 with skipped=true, or
  2. Has no side effect to be idempotent about — publish-swift and publish-zig are Git-tag-only and re-running them is naturally a no-op.

Pair with check-registry to skip the publish step entirely when the version is already live (pre-flight gate; faster than relying on publish-time idempotency, since the build/auth steps are skipped too). check-registry covers pypi, npm, wasm, rubygems, hex, maven, nuget, cratesio, packagist, homebrew, and github-release (the last for swift/zig tag-based publishes).

Release Infrastructure

Action Description
prepare-release-metadata Extract tag/version/ref/targets from workflow events
validate-versions Cross-manifest version consistency checks
retag-for-republish Delete and recreate Git tags for republishing
generate-elixir-checksums RustlerPrecompiled NIF checksum generation
check-registry Check if a package version exists on any registry
wait-for-package Poll registries until a version becomes available

Utility

Action Description
free-disk-space-linux Free disk space on Linux runners
cache-binding-artifact Generic artifact caching for compiled bindings
cleanup-rust-cache Clean Rust build artifacts
restore-cargo-cache Restore Cargo cache
test-java-ffi Java Panama FFI test setup

Reusable Workflows

Workflow Description
reusable-validate-pr.yml PR title conventional commit validation
reusable-validate-issues.yml Issue title validation
reusable-check-registries.yml Matrix registry checks (replaces N separate check jobs)
reusable-python-publish.yml Python package build and PyPI publish
reusable-python-lint.yml Python linting via uv + prek

Usage

Composite actions

- uses: kreuzberg-dev/actions/setup-rust@v1
  with:
    use-sccache: "true"

- uses: kreuzberg-dev/actions/publish-npm@v1
  with:
    packages-dir: dist
    dry-run: "false"

Reusable workflows

jobs:
  validate-pr:
    uses: kreuzberg-dev/actions/.github/workflows/reusable-validate-pr.yml@main

  publish:
    uses: kreuzberg-dev/actions/.github/workflows/reusable-python-publish.yml@main
    with:
      package-name: my-package

Development

# Install dependencies
task setup

# Run tests (281 tests)
task test

# Lint
task lint

All action scripts are Python 3.10+ with full pytest coverage, ruff linting, and mypy strict type checking.

About

Shared GitHub actions

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

 
 
 

Contributors

Languages