Action Catalogue¶

These reusable workflows can be composed in any order that fits your project. See the sample action file for pushing a Docker image, updating a Lambda function or maintaining a Terraform project for examples of how to compose these workflows.

ecr-push¶

Source

This workflow will build a Docker image and then push the image up to an ECR in the Northern Lights account.

Inputs¶

Name	Description	Type	Required
IMAGE_NAME	Name of the image to build	string	true
IMAGE_TAG	Tag of the image to build	string	true
DOCKERFILE_DIR	Location of the Dockerfile to build, relative to the repository root directory. Do not include trailing slash.	string	true
DOCKER_BUILD_CONTEXT	Location of the Docker build context, relative to the repository root directory. Do not include trailing slash.	string	true

gh-pages¶

Source

This workflow will compile documentation into the gh-pages branch of the repository. Based on the files it finds in your repository, it will attempt to construct the documentation through different methods. For example, if your repository has a .terraform-docs.yml, it will use tf-docs to process the .tf files into .md files.

This workflow uses a Python library, Sphinx, to transpile .md markdown files into web-hostable .html files. The result of this transpilation is pushed to the gh-pages and hosted using the Github Pages functionality.

Secrets¶

This job gets additional, optional secrets injected into its environment.

Name	Description	Type	Required	Default
ACTIONS_BOT_USERNAME	Username of the bot that pushes commits to the “gh-pages” branch	string	true	github-slave-bot
ACTIONS_BOT_EMAIL	Email of the bot that pushes commits to the “gh-pages” branch	string	true	slave@github.com

lambda-update¶

Source

This workflow performs an update on existing Lambda function using an ECR image and tag.

Inputs¶

Name	Description	Type	Required
FUNCTION_NAME	Name of the function to deploy	string	true
IMAGE_NAME	Name of the ECR repo where the function’s image is hosted	string	true
IMAGE_TAG	Tag in the ECR to deploy	string	true

py-lint¶

Source

The workflow lints Python

Inputs¶

Name	Description	Type	Required
SRC_DIR	Path, relative to the repository root directory, where the source code is located. Defaults to the repository root directory.	string	false

tf-lint¶

Source

This workflow runs tf-lint from the repository’s root directory. It requires a .tflint.hcl file to be located in the root directory to configure its execution. See documentation for more information on setting up this file.

tf-scan¶

Source

This workflow runs tf-sec and checkov from the repository’s root directory. It requires a .terraform-security.yml located in the root directory to configure its execution. See documentation for more information on setting up this file.

tf-release¶

Source

This workflow runs terraform plan and, if TF_APPLY is set to true, it will then await for manual approval. If approved, the workflow will resume and input the generated plan file into terraform apply. Each step is dependent on the success of the previous step.

The terraform.tfvars file found in the repository root directory will be passed into each of these commands to provide parameter values. See documentation for more information on setting up this file.

However, do not add secret information to this file, as it gets committed to version control. Instead, use a Github Secret. In addition to the terraform.tfvars file, parameter values can also be specified through secret environment variables. See TF_ENV for more information and an example of setting up a new secret.

Inputs¶

Name	Description	Type	Required
TF_STATE_KEY	Path, including filename, of the Terraform state file to use.	String	Yes
TF_APPLY	Path, including filename, of the Terraform state file to use.	String	Yes

Secrets¶

Name	Description	Type	Required
TF_ENV	JSON string with key-value pairs representing TF_VAR_* environment variables.	String	No