Skip to content

qntx/workflows

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

98 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Workflows

Reusable GitHub Actions workflows distributed across QNTX repositories.

All workflows are invoked via workflow_call and share a common hardening baseline:

  • Minimal top-level permissions (contents: read by default).
  • Explicit concurrency groups (CI cancels in-flight runs, CD/Publish/Release/Deploy queue).
  • Explicit timeout-minutes on every job.
  • actions/checkout runs with persist-credentials: false unless a push is required.
  • Third-party actions pinned to major tags and auto-updated by Dependabot.

Catalogue

CI (continuous integration)

Workflow Purpose
ci-bun.yml Bun install/lint/build/test for monorepo-aware Bun projects.
ci-cpp.yml CMake + ccache build with optional ctest, parameterised apt packages.
ci-dart.yml dart format/analyze --fatal-infos/test.
ci-foundry.yml Foundry fmt --check/build --sizes/test -vvv with the ci profile.
ci-go.yml go mod tidy drift check, vet, optional golangci-lint, race tests.
ci-node.yml Matrix build across configurable Node.js versions; npm/pnpm/yarn auto-detect.
ci-python.yml uv-powered install with ruff + pytest; supports pyproject.toml or requirements.txt.
ci-rust.yml fmt/clippy -D warnings/build/test with Swatinem/rust-cache.

Publish (package registries)

Workflow Purpose
publish-npm.yml npm OIDC Trusted Publishing with provenance; falls back to NPM_TOKEN if supplied.
publish-npm-bun.yml Same as above but builds and tests with Bun.
publish-pypi.yml PyPI OIDC Trusted Publishing with attestations via pypa/gh-action-pypi-publish.
publish-crates.yml cargo publish with sparse-index polling (no hard-coded sleep).

Release (GitHub Release + changelog)

Workflow Purpose
release.yml Generic tag → GitHub Release with git-cliff changelog. Optional asset upload via files glob or download-artifacts. Suitable for any repository.
release-rust.yml Cross-platform Rust binary matrix (Linux x86_64/arm64, macOS arm64, Windows x86_64/arm64) with git-cliff changelog and softprops/action-gh-release.

Deploy (hosted sites)

Workflow Purpose
deploy-pages.yml Bun build + actions/deploy-pages for SPA/static sites. PR runs build only.
deploy-mkdocs.yml uv-installed MkDocs deployed via mkdocs gh-deploy --force.

Containers

Workflow Purpose
container-build.yml Multi-arch (linux/amd64, linux/arm64) OCI build with SBOM, provenance, and actions/attest-build-provenance. Auto-detects Dockerfile or Containerfile.

Code generation

Workflow Purpose
gen-openapi-client.yml Unified OpenAPI client generator. Select via generator input (go, python, rust, typescript-axios, dart-dio, c, cpp-qt-client).

Repository tooling

Workflow Purpose
repo-stale.yml Closes stale issues/PRs via actions/stale.
repo-sync-folder.yml Mirrors a folder from another repository with protected-path guards.

Usage

Invoke a workflow from any consumer repository via uses::

jobs:
  ci:
    uses: qntx/workflows/.github/workflows/ci-node.yml@main
    with:
      node-versions: '["22", "24"]'
jobs:
  deploy:
    uses: qntx/workflows/.github/workflows/deploy-pages.yml@main
    with:
      path: dist
jobs:
  publish:
    uses: qntx/workflows/.github/workflows/publish-npm.yml@main
    secrets:
      NPM_TOKEN: ${{ secrets.NPM_TOKEN }} # optional, OIDC is used when omitted
jobs:
  regen-go:
    uses: qntx/workflows/.github/workflows/gen-openapi-client.yml@main
    with:
      generator: go
      spec-path: apis/spec/openapi.yaml
      client-repo: qntx/my-api-go
      package-name: my-api
    secrets:
      PAT_TOKEN: ${{ secrets.PAT_TOKEN }}

A generic tag-triggered release (works for docs, libraries, contracts, anything):

on:
  push:
    tags: ['v*']

jobs:
  release:
    uses: qntx/workflows/.github/workflows/release.yml@main
    # Optional: attach build outputs to the release.
    # with:
    #   files: |
    #     dist/*.tar.gz
    #     dist/*.whl

See each workflow's inputs: and secrets: blocks for the full parameter list.

License

This project is licensed under the MIT License.


A QNTX open-source project.

QNTX

Code is law. We write both.

About

Automatically distribute GitHub Actions workflow across repositories.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Sponsor this project

  •  

Contributors