Skip to content

Commit c5716e9

Browse files
committed
feat: update README with GitHub Actions integration examples and improve script usage instructions
1 parent 35a40a1 commit c5716e9

1 file changed

Lines changed: 63 additions & 23 deletions

File tree

README.md

Lines changed: 63 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -837,7 +837,21 @@ print_status "Processing organization: ${ORG}"
837837

838838
## Using Scripts in GitHub Actions
839839

840-
All scripts can be easily integrated into GitHub Actions workflows. Here are practical examples:
840+
You can use these scripts in your own repository's workflows without copying or forking this repo. The pattern is to check out `locus313/github-api-scripts` as a step, then reference scripts from that path.
841+
842+
```yaml
843+
- name: Checkout github-api-scripts
844+
uses: actions/checkout@v4
845+
with:
846+
repository: locus313/github-api-scripts
847+
ref: main # Pin to a specific tag or SHA in production
848+
path: github-api-scripts
849+
```
850+
851+
> [!NOTE]
852+
> For production workflows, pin `ref` to a specific tag (e.g., `v1.0.0`) or commit SHA rather than a branch name to ensure reproducibility and prevent unexpected changes.
853+
854+
---
841855

842856
### Example 1: Grant Team Permissions on Repository Changes
843857

@@ -855,16 +869,21 @@ jobs:
855869
update-permissions:
856870
runs-on: ubuntu-latest
857871
steps:
858-
- uses: actions/checkout@v4
859-
872+
- name: Checkout github-api-scripts
873+
uses: actions/checkout@v4
874+
with:
875+
repository: locus313/github-api-scripts
876+
ref: main
877+
path: github-api-scripts
878+
860879
- name: Grant team permissions to all repos
861880
env:
862-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
881+
GITHUB_TOKEN: ${{ secrets.ORG_ADMIN_TOKEN }}
863882
ORG: my-org
864883
REPO_PUSH: developers maintainers
865884
REPO_TRIAGE: support-team
866885
run: |
867-
./org-admin/github-add-repo-permissions/github-add-repo-permissions.sh
886+
./github-api-scripts/org-admin/github-add-repo-permissions/github-add-repo-permissions.sh
868887
```
869888

870889
### Example 2: Archive Old Repositories Monthly
@@ -882,22 +901,27 @@ jobs:
882901
archive-old:
883902
runs-on: ubuntu-latest
884903
steps:
885-
- uses: actions/checkout@v4
886-
904+
- name: Checkout github-api-scripts
905+
uses: actions/checkout@v4
906+
with:
907+
repository: locus313/github-api-scripts
908+
ref: main
909+
path: github-api-scripts
910+
887911
- name: Archive repositories not updated in 5 years
888912
env:
889913
GITHUB_TOKEN: ${{ secrets.ORG_ADMIN_TOKEN }}
890914
ORG: my-org
891915
YEARS_THRESHOLD: 5
892916
run: |
893-
./org-admin/github-archive-old-repos/github-archive-old-repos.sh
894-
917+
./github-api-scripts/org-admin/github-archive-old-repos/github-archive-old-repos.sh
918+
895919
- name: Upload report as artifact
896920
if: always()
897921
uses: actions/upload-artifact@v4
898922
with:
899923
name: archive-report
900-
path: org-admin/github-archive-old-repos/reports/
924+
path: github-api-scripts/org-admin/github-archive-old-repos/reports/
901925
retention-days: 30
902926
```
903927

@@ -923,20 +947,25 @@ jobs:
923947
create-repo:
924948
runs-on: ubuntu-latest
925949
steps:
926-
- uses: actions/checkout@v4
927-
950+
- name: Checkout github-api-scripts
951+
uses: actions/checkout@v4
952+
with:
953+
repository: locus313/github-api-scripts
954+
ref: main
955+
path: github-api-scripts
956+
928957
- name: Create repository from template
929958
env:
930-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
959+
GITHUB_TOKEN: ${{ secrets.ORG_ADMIN_TOKEN }}
931960
ORG: my-org
932961
TEMPLATE_REPO: template-repo
933962
REPO_ADMIN: ${{ github.event.inputs.repo-owner }}
934963
REPO_WRITE: developers
935964
CD_USERNAME: github-actions[bot]
936965
CD_GITHUB_TOKEN: ${{ secrets.CD_TOKEN }}
937966
run: |
938-
./org-admin/github-repo-from-template/github-repo-from-template.sh "${{ github.event.inputs.repo-name }}"
939-
967+
./github-api-scripts/org-admin/github-repo-from-template/github-repo-from-template.sh "${{ github.event.inputs.repo-name }}"
968+
940969
- name: Log success
941970
if: success()
942971
run: |
@@ -945,7 +974,7 @@ jobs:
945974

946975
### Example 4: Weekly Dockerfile Discovery Report
947976

948-
Track base images across your enterprise:
977+
Track base images across your enterprise and commit reports back to your own repository:
949978

950979
```yaml
951980
name: Discover Dockerfiles in Enterprise
@@ -958,25 +987,33 @@ jobs:
958987
discover-dockerfiles:
959988
runs-on: ubuntu-latest
960989
steps:
961-
- uses: actions/checkout@v4
962-
990+
- name: Checkout your repository
991+
uses: actions/checkout@v4
992+
993+
- name: Checkout github-api-scripts
994+
uses: actions/checkout@v4
995+
with:
996+
repository: locus313/github-api-scripts
997+
ref: main
998+
path: .github-api-scripts
999+
9631000
- name: Discover Dockerfiles across enterprise
9641001
env:
9651002
GITHUB_TOKEN: ${{ secrets.ENTERPRISE_TOKEN }}
9661003
ENTERPRISE: my-enterprise
9671004
REPORT_DIR: ./reports
9681005
run: |
9691006
mkdir -p ./reports
970-
./enterprise/github-dockerfile-discovery/github-dockerfile-discovery.sh
971-
1007+
./.github-api-scripts/enterprise/github-dockerfile-discovery/github-dockerfile-discovery.sh
1008+
9721009
- name: Upload reports as artifacts
9731010
if: always()
9741011
uses: actions/upload-artifact@v4
9751012
with:
9761013
name: dockerfile-reports
9771014
path: reports/
9781015
retention-days: 60
979-
1016+
9801017
- name: Commit reports to repository
9811018
if: success()
9821019
run: |
@@ -989,6 +1026,9 @@ jobs:
9891026
)
9901027
```
9911028

1029+
> [!NOTE]
1030+
> Example 4 checks out your own repository at the workspace root (so `git push` commits to it), and places `github-api-scripts` in a hidden subdirectory (`.github-api-scripts`) to avoid conflicts with your repo's content.
1031+
9921032
### GitHub Actions Best Practices
9931033

9941034
**Use separate secrets for sensitive operations:**
@@ -1002,8 +1042,8 @@ env:
10021042
```yaml
10031043
- name: Run script with logging
10041044
run: |
1005-
./org-admin/github-add-repo-permissions/github-add-repo-permissions.sh 2>&1 | tee -a execution.log
1006-
1045+
./github-api-scripts/org-admin/github-add-repo-permissions/github-add-repo-permissions.sh 2>&1 | tee -a execution.log
1046+
10071047
- name: Upload execution log
10081048
if: always()
10091049
uses: actions/upload-artifact@v4

0 commit comments

Comments
 (0)