Reusable GitHub composite actions for authentication, secret loading, and git automation.
Path: auth-checkout
Authenticates via GitHub App credentials (loaded from 1Password), creates an installation token, and checks out the repository.
Inputs:
op_service_account_token(required): 1Password service account token.fetch-depth(optional, default0): Depth foractions/checkout.
Path: gh-app-creds
Loads GitHub App credentials from 1Password.
Inputs:
op_service_account_token(required): 1Password service account token.
Outputs:
gh_app_idgh_app_private_key
Path: tfx-creds
Loads TFX token from 1Password.
Inputs:
op_service_account_token(required): 1Password service account token.
Outputs:
tfx_token
Path: nuget-creds
Loads NuGet API key from 1Password.
Inputs:
op_service_account_token(required): 1Password service account token.
Outputs:
nuget_api_key
Path: choco-creds
Loads Chocolatey API key from 1Password.
Inputs:
op_service_account_token(required): 1Password service account token.
Outputs:
choco_api_key
Path: dockerhub-creds
Loads DockerHub credentials from 1Password.
Inputs:
op_service_account_token(required): 1Password service account token.
Outputs:
docker_usernamedocker_password
Path: git-commit-push
Adds all changes, commits with the provided message, and force-pushes.
Inputs:
message(required): Commit message.
name: CI
on:
workflow_dispatch:
jobs:
demo:
runs-on: ubuntu-latest
steps:
- name: Checkout with GitHub App auth
uses: gittools/cicd/auth-checkout@main
with:
op_service_account_token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
- name: Load TFX token
id: tfx
uses: gittools/cicd/tfx-creds@main
with:
op_service_account_token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
- name: Load DockerHub credentials
id: dockerhub
uses: gittools/cicd/dockerhub-creds@main
with:
op_service_account_token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}- These actions depend on
1password/load-secrets-action@v3where applicable. - Prefer version tags (for example
@v1) in production workflows once releases are cut.