This repository contains reusable GitHub Actions for common CI/CD workflows. These actions are designed to be used across multiple repositories to maintain consistency and reduce duplication.
Repository: settlemint/shared-actions
Auto-Merge Management - Automatically manages auto-merge functionality for pull requests based on approval status, QA status, and draft state.
Inputs:
pr_number(required): Pull request numberpr_author(required): Pull request authorpr_author_type(optional): Pull request author type (User or Bot), default: "User"has_approval(required): Whether PR has approvalqa_status(required): QA status (success, failed, running, pending)is_draft(required): Whether PR is a draftmerge_method(optional): Merge method (merge, squash, rebase), default: "squash"log_level(optional): Log verbosity (error, warn, info, debug), default: "error"
Usage:
- uses: settlemint/shared-actions/.github/actions/auto-merge@main
with:
pr_number: ${{ github.event.pull_request.number }}
pr_author: ${{ github.event.pull_request.user.login }}
has_approval: ${{ steps.check.outputs.has_approval }}
qa_status: ${{ steps.check.outputs.qa_status }}
is_draft: ${{ github.event.pull_request.draft }}Build Status Labeler - Updates build status labels on pull requests based on workflow status.
Inputs:
pr_number(required): Pull request numberworkflow_status(required): Status of the workflow (pending, running, success, failure)log_level(optional): Log verbosity (error, warn, info, debug), default: "error"
Usage:
- uses: settlemint/shared-actions/.github/actions/build-status-labeler@main
with:
pr_number: ${{ github.event.pull_request.number }}
workflow_status: ${{ job.status }}🔒 codeql
CodeQL Analysis - Runs CodeQL security analysis on the codebase.
Inputs:
language(required): Language to analyze (e.g., javascript-typescript, python, java)build_mode(optional): Build mode for CodeQL (none, autobuild, manual), default: "autobuild"queries(optional): CodeQL query suites to use, default: "security-extended,security-and-quality"
Usage:
- uses: settlemint/shared-actions/.github/actions/codeql@main
with:
language: javascript-typescript
build_mode: autobuild🏷️ pr-labeler
PR Labeler - Automatically labels pull requests based on conventional commit format in the PR title and body.
Inputs:
pr_number(required): Pull request numberpr_title(required): Pull request titlepr_body(optional): Pull request body, default: ""log_level(optional): Log verbosity (error, warn, info, debug), default: "error"
Usage:
- uses: settlemint/shared-actions/.github/actions/pr-labeler@main
with:
pr_number: ${{ github.event.pull_request.number }}
pr_title: ${{ github.event.pull_request.title }}
pr_body: ${{ github.event.pull_request.body }}PR Review Check - Checks PR approval status and determines QA status based on workflow results.
Inputs:
pr_number(required): Pull request numberpr_author(required): Pull request author loginevent_name(required): GitHub event nameqa_result(optional): QA job result (for pull_request events)secret_scanning_result(optional): Secret scanning job result (for pull_request events)log_level(optional): Log verbosity (error, warn, info, debug), default: "error"
Outputs:
has_approval: Whether PR has approvalqa_status: QA status (success, failed, running, pending)
Usage:
- uses: settlemint/shared-actions/.github/actions/pr-review-check@main
id: review_check
with:
pr_number: ${{ github.event.pull_request.number }}
pr_author: ${{ github.event.pull_request.user.login }}
event_name: ${{ github.event_name }}
qa_result: ${{ steps.qa.outcome }}
secret_scanning_result: ${{ steps.secret_scan.outcome }}
- run: echo "Has approval: ${{ steps.review_check.outputs.has_approval }}"PR Status Labeler - Updates PR status labels based on approval status, QA status, draft state, and merge status.
Inputs:
pr_number(required): Pull request numberis_draft(required): Whether the PR is a drafthas_approval(optional): Whether the PR has been approved, default: "false"qa_status(optional): The QA status (pending, running, success, failed), default: ""is_merged(optional): Whether the PR has been merged, default: "false"is_abandoned(optional): Whether the PR has been abandoned (closed without merging), default: "false"log_level(optional): Log verbosity (error, warn, info, debug), default: "error"
Usage:
- uses: settlemint/shared-actions/.github/actions/pr-status-labeler@main
with:
pr_number: ${{ github.event.pull_request.number }}
is_draft: ${{ github.event.pull_request.draft }}
has_approval: ${{ steps.check.outputs.has_approval }}
qa_status: ${{ steps.check.outputs.qa_status }}Secret Scanner - Scans the codebase for exposed secrets using Trivy.
Inputs:
trivy_config(optional): Path to Trivy configuration file, default: ""severity(optional): Severity levels to check (comma-separated), default: "HIGH,CRITICAL"exit_code(optional): Exit code when secrets are found, default: "1"log_level(optional): Log verbosity (error, warn, info, debug), default: "error"
Usage:
- uses: settlemint/shared-actions/.github/actions/secret-scanner@main
with:
severity: HIGH,CRITICAL
exit_code: 1Setup Dependencies - Sets up all common dependencies and tools for the project including Node.js, Bun, Foundry, Helm, Python, and chart-testing.
Inputs:
github_token(required): GitHub tokennpm_token(required): NPM registry tokendisable_node(optional): Disable Node.js installation, default: "false"
Usage:
- uses: settlemint/shared-actions/.github/actions/setup-dependencies@main
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
npm_token: ${{ secrets.NPM_TOKEN }}Slack PR Notifier - Sends or updates Slack notifications for PR events with labels and status information.
Inputs:
pr_number(required): Pull request numberpr_title(required): Pull request titlepr_url(required): Pull request URLpr_author(required): Pull request authorpr_author_type(optional): Pull request author type (User or Bot), default: "User"pr_author_avatar(required): Pull request author avatar URLslack_bot_token(required): Slack bot tokenslack_channel_id(required): Slack channel IDupdate_message(optional): Whether to update the message format, default: "false"is_abandoned(optional): Whether the PR was abandoned (closed without merging), default: "false"wait_time(optional): Time to wait for label propagation in milliseconds, default: "500"reaction_delay_ms(optional): Delay between Slack reaction operations in milliseconds, default: "50"verification_delay_ms(optional): Delay before verifying Slack state in milliseconds, default: "300"
Usage:
- uses: settlemint/shared-actions/.github/actions/slack-pr-notifier@main
with:
pr_number: ${{ github.event.pull_request.number }}
pr_title: ${{ github.event.pull_request.title }}
pr_url: ${{ github.event.pull_request.html_url }}
pr_author: ${{ github.event.pull_request.user.login }}
pr_author_avatar: ${{ github.event.pull_request.user.avatar_url }}
slack_bot_token: ${{ secrets.SLACK_BOT_TOKEN }}
slack_channel_id: ${{ secrets.SLACK_CHANNEL_ID }}To use these actions in your workflows, reference them from the shared repository:
- uses: settlemint/shared-actions/.github/actions/action-name@main
with:
# action-specific inputsYou can also pin to a specific version or branch:
@main- Latest from main branch@v1- Specific version tag (recommended for production)@sha:abc123- Specific commit SHA
When adding or modifying actions, ensure:
- Actions follow the composite action pattern
- All inputs are properly documented in
action.yml - Actions include appropriate error handling and logging
- Actions are tested before being merged