This repository contains reusable GitHub Actions workflow templates for CI/CD pipelines.
workflow-templates/ # Workflow template definitions
.github/workflows/ # Active workflow implementations
Makefile # Build and tagging automation
format-on-label- Automatically format code when a label is applied to pull requestsjs-ci-defaults- Default CI configuration for JavaScript projectsjs-react-to-s3-deploy- Deploy React applications to AWS S3js-update-browserlist- Automatically update browserlist configurationsnpm-monorepo-publishing- Publishing workflows for npm monorepossonar-qube- SonarQube code quality analysis integration
Automatically formats code in pull requests when a specific label is applied. Useful for enforcing code style consistency without blocking PRs on formatting issues.
Features:
- Triggers on PR label events (default label:
needs formatting) - Supports customizable format scripts (default:
npm run format) - Dry-run mode for testing without committing/pushing changes
- Configurable Node.js version and npm scope
- Automatically removes the label after formatting completes
Usage:
Add the workflow to your repository via GitHub's workflow templates UI, or manually create .github/workflows/auto-format.yml:
name: Auto-format on Label
on:
pull_request:
types: [labeled]
permissions:
contents: write
pull-requests: write
jobs:
format:
uses: ucm-it/.github/.github/workflows/format-on-label.yml@format-on-label/v1
with:
format-script: "npm run format"
label-name: "needs formatting"
secrets:
github-token: ${{ secrets.GITHUB_TOKEN }}
node-auth-token: ${{ secrets.GH_PKG_READ }}Configuration:
| Parameter | Type | Default | Description |
|---|---|---|---|
format-script |
string | The command to run for formatting | |
label-name |
string | "needs formatting" |
The label that triggers formatting |
node-version |
string | "24.x" |
Node.js version to use |
dry-run |
boolean | false |
Skip commit/push (formatter still runs) |
setup-node |
boolean | true |
Whether to set up Node.js environment |
node-auth-scope |
string | "@ucm-it" |
npm scope for registry authentication |
Secrets:
| Secret | Required | Description |
|---|---|---|
github-token |
Yes | GitHub token with contents (commit/push) and pull-requests (remove label) write access |
node-auth-token |
Conditional | Required only if setup-node: true AND your dependencies include private npm packages from the configured scope. Use ${{ secrets.GH_PKG_READ }} or similar. |
Caution
The dry-run option will only skip the commit + push functionality of this workflow, it will still remove the label from a PR on formatting success.
This repository includes GitHub ruleset configurations for branch and tag protection strategies.
Protect Main Branch- Enforces protection rules for the main branch
Enforce SemVer Tags- Ensures all tags follow semantic versioning format prefixed with av.Enforce Prefixed SemVer Tags- Ensures all tags follow prefixed semantic versioning format (e.g.,project/v1.0.0)
make formatFormats all markdown (.md), YAML (.yml), and JSON (.json) files in the repository using Prettier.
make tag <workflow-name>/<version>Creates a semantic version tag for a workflow and automatically updates the major version tag.
Example:
make tag common-ci-js/v1.0.7This will:
- Validate that
.github/workflows/common-ci-js.ymlexists - Create a tag
common-ci-js/v1.0.7 - Force update the major version tag
common-ci-js/v1to point to the same commit
make push-tagsSyncs all local tags with the remote repository.
Behavior:
- New tags (exist locally but not remotely) → pushed normally with
git push origin <tag> - Outdated tags (exist both locally and remotely but point to different commits) → force pushed with
git push -f origin <tag> - Synchronized tags (identical on local and remote) → skipped
This is useful when you've updated major version tags (like common-ci-js/v1) locally and need to push those changes along with any new patch version tags.
Example:
make tag common-ci-js/v1.0.7
make push-tagsThis creates and pushes both common-ci-js/v1.0.7 and updates common-ci-js/v1 to the same commit.