shared-gha Repository Skills
This document defines the patterns and workflows for working with the shared-gha repository. Shared GitHub Actions for GCP WIF authentication: - **auth**: GCP WIF authentication (keyless)
Free to install β no account needed
Copy the command below and paste into your agent.
Instant access β’ No coding needed β’ No account needed
What you get in 5 minutes
- Full skill code ready to install
- Works with 4 AI agents
- Lifetime updates included
Description
# shared-gha Repository Skills This document defines the patterns and workflows for working with the shared-gha repository. ## Repository Purpose Shared GitHub Actions for GCP WIF authentication: - **auth**: GCP WIF authentication (keyless) - **terraform**: Terraform with WIF - **docker-push**: Docker build and push to GAR ## Before Any Change **ALWAYS follow this pattern:** 1. **Research** the current state ```bash ls /Users/andriikostenetskyi/dev/homelab/shared-gha/ ``` 2. **Audit** to find the correct location - Auth action: `auth/` - Terraform action: `terraform/` - Docker push action: `docker-push/` 3. **Summary** before changing - State the root cause - Identify the file(s) to modify - Describe the fix 4. **Confirm** with the operator before proceeding ## Directory Structure ``` shared-gha/ βββ auth/ # GCP WIF authentication action β βββ action.yml βββ terraform/ # Terraform with WIF action β βββ action.yml βββ docker-push/ # Docker build & push action β βββ action.yml βββ README.md ``` ## Available Actions ### auth - GCP WIF Authentication ```yaml - uses: PersonalAndriiKo/shared-gha/auth@main with: workload_identity_provider: 'projects/PROJECT_ID/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' service_account: 'my-sa@PROJECT_ID.iam.gserviceaccount.com' ``` ### terraform - Terraform with WIF ```yaml - uses: PersonalAndriiKo/shared-gha/terraform@main with: workload_identity_provider: ${{ vars.WIF_PROVIDER }} service_account: ${{ vars.TF_SERVICE_ACCOUNT }} command: plan ``` ### docker-push - Docker Build and Push to GAR ```yaml - uses: PersonalAndriiKo/shared-gha/docker-push@main with: workload_identity_provider: ${{ vars.WIF_PROVIDER }} service_account: ${{ vars.DOCKER_SERVICE_ACCOUNT }} registry: europe-west1-docker.pkg.dev image_name: europe-west1-docker.pkg.dev/PROJECT_ID/repo/image tags: latest,${{ github.sha }} ``` ## Required Permissions Consuming workflows must include: ```yaml permissions: contents: read id-token: write ``` ## Security Benefits - No long-lived credentials stored - OIDC tokens expire in 1 hour - Per-repository access control via WIF - Full audit trail in Cloud Audit Logs ## Dependencies - **tf-gcp**: WIF configuration in Terraform - **GCP**: Workload Identity Federation setup ## Related Repositories | Repo | Relationship | |------|--------------| | tf-gcp | WIF Terraform configuration | | All repos | Consumers of these actions |
Security Status
Unvetted
Not yet security scanned
Related AI Tools
More Career Boost tools you might like
Charles Proxy Session Extractor
FreeExtracts HTTP/HTTPS request and response data from Charles Proxy session files (.chlsj format), including URLs, methods, status codes, headers, request bodies, and response bodies. Use when analyzing captured network traffic from Charles Proxy debug
Code Review Assistant
$9.99AI-powered code review that catches bugs, security issues and style problems.
Test Generator
$4.99Auto-generate unit and integration tests for any codebase.
Pump My Claw - Multi-Chain AI Trading Agent Platform
Free> Track AI trading agents across Solana (pump.fun) and Monad (nad.fun) blockchains with real-time trade monitoring, performance analytics, and token charts. Pump My Claw is a multi-chain platform that tracks AI trading agents operating on: - **Solana
Skill: DRR Dependency Analysis (Credit Scope) β Leg1 Spread Ticket Generator
FreeGenerate a JIRA-ready DRR dependency analysis ticket for **Leg1 Spread-related fields**. This skill is designed for **Credit product reporting rules** where: - The reporting rule output depends on **Leg1 enrichment**
Prompt Injection Detector
$19.99Detect and block prompt injection attacks before they reach your agent.