v1.0.0: Complete CI/CD Reusable Workflows

🚀 Complete CI/CD Reusable Workflows Suite

Production-ready GitHub Actions reusable workflows for Kubernetes GitOps infrastructure.

📦 Workflows Included (15)

Docker (1)

• docker/build-push.yml - Multi-platform builds, security scanning, signing, SBOM

Security (3)

• security/trivy-scan.yml - Comprehensive vulnerability scanning
• security/gitleaks-scan.yml - Secret detection and prevention
• security/sbom-generate.yml - Software Bill of Materials generation

Kubernetes (4)

• kubernetes/helm-lint.yml - Helm chart validation with kubeconform
• kubernetes/helm-test.yml - Helm unittest execution with JUnit reports
• kubernetes/helm-publish.yml - Chart publishing to OCI registries
• kubernetes/kyverno-test.yml - Kyverno policy testing with Chainsaw

Terraform (3)

• terraform/validate.yml - Validation, formatting, tfsec, Checkov scanning
• terraform/plan.yml - Plan with Infracost cost estimation & PR comments
• terraform/apply.yml - Apply with approval gates & state backup

GitOps (2)

• gitops/update-manifests.yml - Automated manifest updates (image tags, Helm values)
• gitops/argocd-sync.yml - ArgoCD application sync with health verification

Composite Actions (2)

• actions/setup-node-pnpm - Node.js with pnpm and caching
• actions/setup-kubernetes-tools - kubectl, Helm, ArgoCD, Cosign

📚 Documentation (4,030 lines)

• README.md (231 lines) - Quick start and overview
• USAGE.md (1,045 lines) - Complete parameter documentation
• EXAMPLES.md (1,467 lines) - 18 workflow examples
• MIGRATION.md (1,287 lines) - Before/after migration guide

✨ Key Features

• ✅ SHA-pinned GitHub Actions for security
• ✅ Renovate-powered automatic action updates
• ✅ Multi-platform Docker builds (amd64, arm64, arm/v7)
• ✅ Comprehensive security scanning (Trivy, Gitleaks, tfsec, Checkov)
• ✅ SBOM generation and vulnerability tracking
• ✅ Cosign keyless OIDC signing
• ✅ Terraform cost estimation with Infracost
• ✅ ArgoCD integration for GitOps automation
• ✅ Complete CI → GitOps → CD pipelines

📖 Usage

# Example: Docker build with security scanning
jobs:
  build:
    uses: samuelho-dev/git-flow/.github/workflows/docker/build-push.yml@v1
    with:
      image: my-app
      platforms: linux/amd64,linux/arm64
      scan: true
      sign: true
      sbom: true
    secrets: inherit

🔄 Migration Benefits

Average 60% code reduction compared to inline commands:

• Docker workflows: 67-71% reduction
• Security workflows: 56-61% reduction
• Kubernetes workflows: 50-60% reduction
• Terraform workflows: 54-56% reduction

📋 Version References

• @v1 - Latest stable v1.x.x (automatically updates)
• @v1.0.0 - Pinned version (no automatic updates)
• @650b85e - Specific commit SHA (maximum stability)

Recommendation: Use @v1 for latest features and security updates.

---

Documentation: README | Usage Guide | Examples | Migration Guide