CloudDrove Shared Workflows
CloudDrove maintains a library of 44 reusable GitHub Actions workflows that you can call from any repository. They cover everything from Terraform deployments to Docker builds, security scanning, PR automation, and release management.
Repository: clouddrove/github-shared-workflows
How to use a shared workflow​
Reference any workflow using the uses keyword in your GitHub Actions job:
jobs:
terraform:
uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
with:
working_directory: ./
provider: aws
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
Workflow categories​
| Category | Workflows | Description |
|---|---|---|
| Terraform | 9 | Plan, apply, lint, drift detection, cost analysis |
| Docker & Kubernetes | 5 | Build, scan, push images; Helm chart deployments |
| Security Scanning | 7 | Checkov, Prowler, tfsec, Powerpipe, secret detection |
| Pull Request Automation | 7 | Checks, reviews, assignees, stale management |
| CloudFormation | 3 | Deploy stacks and StackSets, lint templates |
| AWS Utilities | 3 | SSM commands, SSH, Prowler on AWS |
| GCP | 2 | Cloud Run deployments, GCP Prowler scanning |
| Release & Notifications | 5 | Changelog, semantic tags, Slack notifications |
| Code Quality | 3 | YAML linting, README generation, CI pipeline |
All workflows at a glance​
| Workflow file | Purpose |
|---|---|
| aws-prowler.yml | AWS security scan with Prowler |
| aws-remote-ssh-command.yml | Run commands on remote servers via SSH |
| aws-ssm-send-command.yml | Run commands on EC2 via SSM |
| cf-deploy-stackset.yml | Deploy CloudFormation StackSets |
| cf-deploy.yml | Deploy CloudFormation stacks |
| cf-lint.yml | Lint CloudFormation templates |
| ci.yml | Validate workflows, YAML, security |
| cloudrun-rollback.yml | Deploy to GCP Cloud Run |
| docker-build-push.yml | Build and push Docker images |
| docker-scanner.yml | Scan Docker images with Trivy |
| docker-scout.yml | Scan Docker images with Docker Scout |
| docker-smurf-helm.yml | Build, scan, push, and deploy with Helm |
| gcp-prowler.yml | GCP security scan with Prowler |
| helm-deploy.yml | Deploy Helm charts to EKS or AKS |
| infracost.yml | Terraform cost estimation |
| notify-slack.yml | Send Slack notifications |
| pr-auto-assignee.yml | Auto-assign reviewers to PRs |
| pr-auto-merge.yml | Auto-merge Dependabot PRs |
| pr-checks.yml | Validate PR titles and commit messages |
| pr-claude-review.yml | AI code review with Claude |
| pr-gemini-review.yml | AI code review with Gemini |
| pr-gitleaks-scan.yml | Detect secrets in PRs |
| pr-lock.yml | Lock inactive issues and PRs |
| pr-stale.yml | Mark and close stale issues/PRs |
| readme.yml | Generate and publish README docs |
| release-changelog.yml | Generate changelog and GitHub release |
| release-tag.yml | Semantic version tagging |
| security-checkov.yml | Scan IaC with Checkov |
| security-powerpipe.yml | Multi-cloud compliance checks |
| security-prowler.yml | Multi-cloud security with Prowler |
| security-tfsec.yml | Terraform security scanning |
| sst_workflow.yml | Deploy SST serverless apps to AWS |
| stf-checks.yml | Terraform format, init, validate |
| tf-checks.yml | Full Terraform validation pipeline |
| tf-drift.yml | Detect infrastructure drift |
| tf-lint.yml | Lint Terraform with TFLint |
| tf-monorepo-tag-release.yml | Tag module releases in monorepos |
| tf-pr-checks.yml | Terraform plan comparison on PRs |
| tf-smurf.yml | Terraform deploy with approval gates |
| tf-workflow.yml | Terraform workflow with target support |
| yml-lint.yml | Lint YAML files |