The repo-context-analyser
repository hosts a collection of tools and GitHub Actions workflows designed to automate and enhance CI/CD processes across multiple projects. It provides reusable scripts and workflows that perform various analysis and reporting tasks.
- Reusable CI Workflows: Centralized GitHub Actions workflows to promote consistency and efficiency in CI processes across multiple projects.
- Comprehensive Analysis Scripts: Includes Python scripts for parsing Docker images, analyzing dependencies, and generating security and compliance reports.
The main workflow includes several tasks:
- Setting up a Python environment.
- Installing necessary dependencies.
- Executing multiple Python scripts to:
- Parse Docker images.
- Analyze image dependencies.
- Fetch detailed image information from Docker Hub.
- Identify programming languages in repositories.
- Perform security and compliance checks.
- Generate dependency and compliance reports.
- Comment on pull requests with the results of these analyses.
Workflows in this repository can be initiated in two primary ways:
- Pull Requests: Automatically triggers on pull requests to the
main
branch. - Manual Dispatch: Available for manual activation through the GitHub Actions interface.
To utilize the workflows from this repository in another repository, include the following in your GitHub Actions workflow file:
jobs:
trigger-central-workflow:
uses: Max3kkk/repo-context-analyzer/.github/workflows/ci-pipeline.yml@main
secrets:
MY_GITHUB_TOKEN: ${{ secrets.MY_GITHUB_TOKEN }}