Continuous Integration - GitHub - Container

---

Overview

Opinionated GitHub Actions and reusable workflows to build, test, sign, and distribute container images and Helm charts. The goal is to offer a consistent supply-chain friendly pipeline for OCI assets managed within GitHub Actions.

Actions

Docker

Actions that operate on OCI images across their build, metadata, and lifecycle management phases.

- Build image

- Clean images

- Create images manifests

- Get image metadata

- Get image name

- Prune pull requests image tags

- Sign images

Helm

Actions dedicated to packaging, validating, and publishing Helm charts for Kubernetes deployments.

- Generate chart documentation

- Parse chart URI

- Release chart

- Test chart

Reusable Workflows

Orchestrated workflows you can plug directly into repositories to automate container-focused CI routines.

- Docker build images

- Prune pull requests images tags

Contributing

Contributions are welcome! Please review the contributing guidelines before opening a PR.

Action Structure Pattern

All actions follow a consistent layout:

actions/{category}/{action-name}/
├── action.yml          # Action definition with inputs/outputs
├── README.md           # Usage documentation and examples
└── index.js / scripts  # Optional Node.js helpers (when required)

Development Standards

Action Definition Standards

1. Consistent branding: Use author: hoverkraft with color: blue and a meaningful icon.
2. Pinned dependencies: Reference third-party actions via exact SHAs to guarantee reproducibility.
3. Input validation: Validate critical inputs early within composite steps or supporting scripts.
4. Idempotent steps: Ensure actions can run multiple times without leaving residual state in the workspace.
5. Multi-platform support: Test actions in both ubuntu-latest and windows-latest runners when applicable.
6. Cross-platform compatibility: Uses actions/github-script steps for cross-platform compatibility. Avoid run steps.
7. Logging: Use structured logs with clear prefixes ([build-image], [helm-test-chart], …) to simplify debugging.
8. Security: Avoid shell interpolation with untrusted inputs; prefer parameterized commands or set -euo pipefail wrappers.

File Conventions

• Dockerfile: Provides the Super Linter environment with UID/GID passthrough for local dev parity.
• Tests: Located in tests/ with fixtures for container builds and chart-testing scenarios.
• Workflows: Reusable definitions live in .github/workflows/; internal/private workflows are prefixed with __.

JavaScript Development Patterns

• Encapsulate reusable logic in modules under the action directory (for example, actions/my-action/index.js).
• Prefer async/await with explicit error handling when interacting with the GitHub API or filesystem.
• Centralize environment variable parsing and validation to keep composite YAML lean.

Container Delivery Patterns

• Prefer multi-architecture builds via docker buildx build with explicit --platform lists.
• Surface provenance metadata through outputs (image-name, digest, etc.) to unblock downstream jobs.
• Keep secrets and registry credentials in GitHub environments or organization secrets—never hardcode them.

Helm Testing Patterns

• Use the chart fixtures under tests/charts/ to exercise Helm-focused actions.
• Maintain Chart.lock files alongside Chart.yaml to document dependency revisions.
• Commit ci/empty-values.yaml templates for creating scenario-specific overrides.

Development Workflow

Linting & Testing

make lint                 # Run the dockerized Super Linter
make lint-fix             # Attempt auto-fixes for lint findings

# Container & Helm validation helpers
make test-build-application  # Build and push the sample test application image
make test-ct-install         # Validate Helm charts via chart-testing

Author

🏢 Hoverkraft [email protected]

• Site: https://hoverkraft.cloud
• GitHub: @hoverkraft-tech

License

This project is licensed under the MIT License.

SPDX-License-Identifier: MIT

Copyright © 2025 hoverkraft-tech

For more details, see the license.