Organization-wide reusable workflow templates for the iits-consulting GitHub organization.
These templates appear in the Actions tab when creating a new workflow in any repository within the organization.
| Template | Description |
|---|---|
| docker-on-merge-to-main | Build and push a stable Docker image on merge to the default branch, with semver tagging based on PR labels |
| docker-any-branch | Build and push a pre-release Docker image on feature branch pushes |
| helm-on-merge-to-main | Lint, version-bump, and push a stable Helm chart to ACR on merge to the default branch |
| helm-any-branch-push | Lint, validate, and push a pre-release Helm chart to ACR on feature branch pushes |
| enforce-pr-labels | Require major, minor, or patch labels on pull requests |
| Workflow | Description |
|---|---|
| enforce-branch-protection | Automatically enforce branch protection rules on newly created repositories (runs hourly) |
workflow-templates/ # Starter workflow YAML files
properties/ # Metadata JSON for each template (shown in GitHub UI)
docker-icon-color.svg # Icon for Docker templates
helm-icon-color.svg # Icon for Helm templates
.github/workflows/ # Org-level automation workflows
All workflow templates follow GitHub's security hardening guidelines:
- SHA-pinned actions — Every third-party action is pinned to a full commit SHA to prevent supply chain attacks
- Least-privilege permissions — Explicit
permissions:blocks grant only the minimumGITHUB_TOKENscopes needed - No script injection — Step outputs are passed via
env:mappings, never interpolated directly inrun:blocks - Verified tool installs — Binary downloads (e.g., kubeconform) are version-pinned with SHA-256 checksum verification
- Secret hygiene — Secrets are passed through environment variables, never expanded inline in shell commands
AZURE_CREDENTIALS— Azure service principal credentialsAZURE_DOCKER_USERNAME— ACR usernameAZURE_DOCKER_PASSWORD— ACR password
ACR_RELEASER_TOKEN— ACR token for Helm registry push
ORG_ADMIN_TOKEN— GitHub PAT with org admin permissions