FSH github-actions¶
Centrally-managed GitHub Actions for the FSH org: composite actions
(reusable step bundles) and reusable workflows (callable jobs). Consumer
repos reference these instead of carrying their own copies, so a change is made
once here and rolled out everywhere via the moving @v1 tag.
What’s here¶
Composite actions — drop into a job’s steps:
Action |
Purpose |
|---|---|
uv + pinned Python, with |
|
Node from |
|
install project deps ( |
|
generic task runner — |
|
install pinned |
|
cache + sync + |
|
buildx + gha layer cache → push an image to ECR |
|
run the one-off migrate task, fail on nonzero exit |
|
gate standby deploys on ECR cross-region replication |
|
|
Reusable workflows — call from a job’s uses:
Workflow |
Purpose |
|---|---|
Conventional-Commit PR-title validation |
|
release-please + build + publish to CodeArtifact (pypi) |
|
release-please + build + publish |
|
build a static site and deploy to Cloudflare Pages |
|
build + push images, run migrations, redeploy ECS per region |
New here? Start with Getting started. The full list of repo expectations these bake in is in Conventions.
What’s not centralised¶
Some things are deliberately left in each repo because they’re too repo-specific to share cleanly:
lint.ymlas a whole workflow. Every repo’s lint job graph differs (simple python lint; multi-sidebe/fe/opa/renderapp gates; templatebootstrapgates), so the orchestration stays per-repo — but it’s built from the actions above: a python repo’s lint job issetup-python→uv-sync→just-run(plus apre-commitjob); a node repo issetup-node→just-run; app gates addsetup-opa. The recipes themselves live in each repo’sjustfile.A docs build that needs a service container (e.g. codegen-database’s Sphinx build talks to postgres) keeps a local docs workflow, since
services:can’t pass throughworkflow_call.