Skip to content

aligent/workflows

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

138 Commits
.github/workflows
.github/workflows
 
 
README.md
README.md
 
 

Repository files navigation

Aligent GitHub Workflows

A collection of GitHub action workflows. Built using the reusable workflows guide from GitHub.

Workflows

AWS CDK Deployment

A streamlined AWS CDK deployment workflow supporting multi-environment infrastructure deployments with automatic package manager detection and Node.js version management.

Features

  • CDK synth → diff → deploy workflow: Complete infrastructure deployment pipeline
  • Multi-environment support: development, staging, and production deployments
  • Bootstrap validation: Automatic CDK environment preparation and validation
  • Infrastructure validation: Comprehensive stack validation and drift detection
  • Changeset preview: CloudFormation diff analysis before deployment
  • Rollback capabilities: Support for stack destruction and rollback operations
  • Smart Node.js setup: Automatic detection from .nvmrc file with dependency caching
  • Package manager detection: Automatic support for npm, yarn (classic/berry), and pnpm
  • Debug support: Verbose logging and debug output for troubleshooting

Inputs

Name Required Type Default Description
Core Configuration
aws-region string ap-southeast-2 AWS region for deployment
cdk-stack-name string CDK stack name to deploy (required)
environment-target string development Target environment (staging/production/development)
Deployment Control
bootstrap-stack boolean false Bootstrap CDK environment before deployment
Advanced Configuration
context-values string {} CDK context values as JSON object
debug boolean false Enable verbose logging and debug output

Secrets

Name Required Description
aws-access-key-id AWS access key ID
aws-secret-access-key AWS secret access key
cfn-execution-role CloudFormation execution role ARN (optional, for cross-account deployments)

Outputs

Name Description
stack-outputs CloudFormation stack outputs as JSON
deployment-status Deployment status (success/failed)

Example Usage

Basic Development Deployment:

jobs:
  deploy-dev:
    uses: aligent/workflows/.github/workflows/aws-cdk-deploy.yml@main
    with:
      cdk-stack-name: my-app-dev
      environment-target: development
    secrets:
      aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
      aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

Production Deployment:

jobs:
  deploy-prod:
    uses: aligent/workflows/.github/workflows/aws-cdk-deploy.yml@main
    with:
      cdk-stack-name: my-app-prod
      environment-target: production
      debug: true
    secrets:
      aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
      aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      cfn-execution-role: ${{ secrets.CFN_EXECUTION_ROLE }}

Bootstrap New Environment:

jobs:
  bootstrap-staging:
    uses: aligent/workflows/.github/workflows/aws-cdk-deploy.yml@main
    with:
      cdk-stack-name: my-app-staging
      environment-target: staging
      bootstrap-stack: true
      aws-region: us-east-1
    secrets:
      aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
      aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

Custom CDK Context:

jobs:
  deploy-custom:
    uses: aligent/workflows/.github/workflows/aws-cdk-deploy.yml@main
    with:
      cdk-stack-name: my-app-custom
      environment-target: staging
      context-values: '{"vpc-id": "vpc-12345", "environment": "staging"}'
    secrets:
      aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
      aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

Node Pull Request Checks

Inputs

Name Required Type Default Description
package-manager string yarn Node package manager to use
has-env-vars boolean false Whether environment variables are provided via ENV_VARS secret
is-yarn-classic boolean false When package-manager is yarn, this can be used to indicate that the project uses a pre-Berry version of Yarn, which changes what flags we can pass to the command
skip-cache boolean false When package-manager is yarn, this can be used to indicate that we should use the --force flag to tell Yarn to ignore cache and fetch dependencies from the package repository
pre-install-commands string Commands to run before dependency installation (e.g., configure registries, auth tokens)
build-command string build Command to override the build command
test-command string test Command to override the test command
lint-command string lint Command to override the lint command
format-command string format Command to override the format command
test-storybook-command string test-storybook Command to override the test-storybook command
check-types-command string check-types Command to override the check-types command
skip-build boolean false If the build step should be skipped
skip-test boolean false If the test step should be skipped
skip-lint boolean false If the lint step should be skipped
skip-format boolean false If the format step should be skipped
skip-test-storybook boolean false If the test-storybook step should be skipped
skip-check-types boolean false If the check-types step should be skipped
debug boolean false If debug flags should be set

Secrets

Name Required Description
NPM_TOKEN NPM authentication token for private registries
ENV_VARS Additional environment variables as key=value pairs (one per line)

Example Usage

Basic usage:

jobs:
  pr-checks:
    uses: aligent/workflows/.github/workflows/node-pr.yml@main
    with:
      skip-format: false

With private registry configuration:

jobs:
  pr-checks:
    uses: aligent/workflows/.github/workflows/node-pr.yml@main
    with:
      package-manager: yarn
      pre-install-commands: |
        yarn config set npmScopes.aligent.npmRegistryServer "https://npm.corp.aligent.consulting"
        yarn config set npmScopes.aligent.npmAuthToken "$NPM_TOKEN"
    secrets:
      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

Multiple registry scopes:

jobs:
  pr-checks:
    uses: aligent/workflows/.github/workflows/node-pr.yml@main
    with:
      package-manager: yarn
      pre-install-commands: |
        yarn config set npmScopes.aligent.npmRegistryServer "https://npm.corp.aligent.consulting"
        yarn config set npmScopes.aligent.npmAuthToken "$NPM_TOKEN"
        yarn config set npmScopes.internal.npmRegistryServer "https://npm.internal.company.com"
        yarn config set npmScopes.internal.npmAuthToken "$NPM_TOKEN"
    secrets:
      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

With additional environment variables:

jobs:
  pr-checks:
    uses: aligent/workflows/.github/workflows/node-pr.yml@main
    with:
      package-manager: yarn
      has-env-vars: true
    secrets:
      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
      ENV_VARS: |
        BACKEND_URL=${{ secrets.BACKEND_URL }}
        API_KEY=${{ secrets.API_KEY }}
        NODE_ENV=test

S3 Deployment

Inputs

Name Required Type Default Description
aws-region string ap-southeast-2 AWS region
s3-bucket string Name of the S3 bucket
s3-path string Path in the S3 bucket
local-path string Path to deploy
delete-flag boolean true Enable --delete flag
cache-control string Cache control headers
extra-args string Additional AWS CLI args

Secrets

Name Required Description
aws-access-key-id AWS Access Key ID
aws-secret-access-key AWS Secret Access Key

Example Usage

jobs:
  deploy-to-s3:
    uses: aligent/workflows/.github/workflows/s3-deploy.yml@main
    with:
      s3-bucket: my-bucket
      local-path: ./dist
      s3-path: /public
      cache-control: "max-age=3600"
    secrets:
      aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
      aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

Magento Cloud Deployment

A simple Magento Cloud deployment workflow that pushes code to your Magento Cloud git repository with optional NewRelic monitoring and CST reporting.

Features

  • Multi-environment support: integration, staging, and production deployments
  • Simple git push: No composer install, patching, or building - just pushes code
  • NewRelic integration: Optional deployment markers for tracking deployment lifecycle (start/complete)
  • CST system integration: Optional composer.lock reporting to Confidentiality and Security Team
  • Environment protection: Uses GitHub environment protection rules for deployment gates
  • Full git history support: Required for Magento Cloud deployment requirements
  • Parallel post-deployment: NewRelic completion and CST reporting run in parallel for efficiency

Inputs

Name Required Type Default Description
Magento Cloud Configuration
magento-cloud-project-id string Magento Cloud project ID (required)
environment string integration Target environment (integration/staging/production)
Monitoring and Reporting
newrelic-app-id string NewRelic application ID for deployment markers (optional)
CST Reporting Configuration
cst-endpoint string CST endpoint base URL (optional, overrides workspace variable)
cst-project-key string CST project key (optional, overrides workspace variable)
Advanced Configuration
debug boolean false Enable verbose logging and debug output

Secrets

Name Required Description
magento-cloud-cli-token Magento Cloud CLI token for authentication
newrelic-api-key NewRelic API key for deployment markers (optional)
cst-reporting-token CST reporting token (workspace-level secret, optional)

Workspace Variables (Optional)

Name Description
CST_ENDPOINT CST endpoint base URL (e.g., https://package.report.aligent.consulting)
CST_PROJECT_KEY CST project identifier for your organization

Outputs

Name Description
deployment-url URL of the deployed Magento application
deployment-id Magento Cloud deployment ID

Example Usage

Basic Integration Deployment:

jobs:
  deploy-integration:
    uses: aligent/workflows/.github/workflows/magento-cloud-deploy.yml@main
    with:
      magento-cloud-project-id: abc123def456
      environment: integration
    secrets:
      magento-cloud-cli-token: ${{ secrets.MAGENTO_CLOUD_CLI_TOKEN }}

Production Deployment with NewRelic Monitoring:

jobs:
  deploy-production:
    uses: aligent/workflows/.github/workflows/magento-cloud-deploy.yml@main
    with:
      magento-cloud-project-id: abc123def456
      environment: production
      newrelic-app-id: "123456789"
    secrets:
      magento-cloud-cli-token: ${{ secrets.MAGENTO_CLOUD_CLI_TOKEN }}
      newrelic-api-key: ${{ secrets.NEWRELIC_API_KEY }}

Staging Deployment with CST Reporting:

jobs:
  deploy-staging:
    uses: aligent/workflows/.github/workflows/magento-cloud-deploy.yml@main
    with:
      magento-cloud-project-id: abc123def456
      environment: staging
      debug: true
    secrets:
      magento-cloud-cli-token: ${{ secrets.MAGENTO_CLOUD_CLI_TOKEN }}

Deployment with CST Reporting Override:

jobs:
  deploy-with-cst:
    uses: aligent/workflows/.github/workflows/magento-cloud-deploy.yml@main
    with:
      magento-cloud-project-id: abc123def456
      environment: staging
      cst-endpoint: "https://package.report.aligent.consulting"
      cst-project-key: "your-project-key"
    secrets:
      magento-cloud-cli-token: ${{ secrets.MAGENTO_CLOUD_CLI_TOKEN }}
      cst-reporting-token: ${{ secrets.CST_REPORTING_TOKEN }}

CST Reporting Configuration

The CST (Confidentiality and Security Team) reporting feature can be configured in two ways:

  1. Workspace-level configuration (recommended):

    • Set CST_ENDPOINT as a repository/organization variable (base URL, e.g., https://package.report.aligent.consulting)
    • Set CST_PROJECT_KEY as a repository/organization variable (your project identifier)
    • Set CST_REPORTING_TOKEN as a repository/organization secret
    • The workflow will automatically use these when available

  2. Input overrides (optional):

    • Use cst-endpoint input to override the workspace variable (base URL)
    • Use cst-project-key input to override the workspace variable (project identifier)
    • Use cst-reporting-key input to override the workspace secret
    • Useful for testing or special deployments

The workflow constructs the full CST URL as: {endpoint}/{project-key}/adobe-commerce

CST reporting only runs when endpoint, project key, and auth key are all configured. If any are missing, the step is skipped with an informational message.

Nx Serverless Deployment

Inputs

Name Required Type Default Description
aws-access-key-id string AWS Access Key
aws-secret-access-key string AWS Secret Access Key
cfn-role string AWS CFN Role to assume
aws-profile string AWS Profile
aws-region string ap-southeast-2 AWS Region to deploy to
stage string Stage to deploy to
environment string The GitHub environment to run in
command string build Command to run during the deploy step
package-manager string yarn Node package manager to use
build-command string build Command to override the build command
debug boolean false If verbose logging should be enabled

Example Usage

jobs:
  deploy-serverless:
    uses: aligent/workflows/.github/workflows/nx-serverless-deployment.yml@main
    with:
      aws-profile: my-profile
      stage: dev
      environment: development
      debug: true
    secrets:
      aws-access-key-id: '123'
      aws-secret-access-key: '456'

PHP Quality Checks

A comprehensive PHP quality assurance workflow supporting static analysis, coding standards validation, and testing with coverage reporting across multiple PHP versions.

Features

  • PHPStan static analysis: Configurable levels (1-9) with intelligent configuration detection
  • PHP CodeSniffer: Support for Magento2, PSR12, and PSR2 coding standards
  • PHPUnit testing: Full test suite execution with coverage threshold enforcement
  • Multi-PHP support: Compatible with PHP 8.1, 8.2, and 8.3
  • Smart caching: Optimized Composer and analysis result caching
  • Parallel execution: Concurrent quality checks for maximum efficiency
  • Flexible configuration: Skip individual checks and customize tool behavior

Inputs

Name Required Type Default Description
PHP Configuration
php-version string PHP version to use (8.1, 8.2, 8.3)
memory-limit string 512M PHP memory limit for analysis tools
PHPStan Configuration
phpstan-level string 6 PHPStan analysis level (1-9)
skip-phpstan boolean false Skip PHPStan static analysis
Code Style Configuration
coding-standard string Magento2 Coding standard (Magento2, PSR12, PSR2)
skip-phpcs boolean false Skip PHP CodeSniffer checks
Testing Configuration
coverage-threshold string 80 Code coverage threshold percentage (0-100)
skip-tests boolean false Skip PHP unit testing
Composer Configuration
composer-args string Additional composer install arguments
Advanced Configuration
debug boolean false Enable verbose logging and debug output

Example Usage

Basic Quality Checks:

jobs:
  quality-check:
    uses: aligent/workflows/.github/workflows/php-quality-checks.yml@main
    with:
      php-version: "8.2"
      phpstan-level: "7"

Magento 2 Project with Custom Standards:

jobs:
  magento-quality:
    uses: aligent/workflows/.github/workflows/php-quality-checks.yml@main
    with:
      php-version: "8.1"
      coding-standard: "Magento2"
      phpstan-level: "6"
      coverage-threshold: "75"
      memory-limit: "1G"
      debug: true

Skip Specific Checks:

jobs:
  custom-checks:
    uses: aligent/workflows/.github/workflows/php-quality-checks.yml@main
    with:
      php-version: "8.3"
      skip-phpcs: true
      skip-tests: true
      phpstan-level: "9"

PSR Standards with High Coverage:

jobs:
  strict-quality:
    uses: aligent/workflows/.github/workflows/php-quality-checks.yml@main
    with:
      php-version: "8.2"
      coding-standard: "PSR12"
      phpstan-level: "8"
      coverage-threshold: "90"
      composer-args: "--no-dev"

About

Collection of GitHub actions

Resources

Readme

Code of conduct

Code of conduct

Contributing

Contributing
Activity
Custom properties

Stars

1 star

Watchers

9 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6