Central repository for organization-wide CI/CD governance workflows.
.github/workflows/required-zizmor.yml- Reusable workflow (
workflow_call) designed to be enforced through GitHub org rulesets. - Runs
zizmoragainst.github/workflowsin the caller repository.
- Reusable workflow (
.github/workflows/required-poutine.yml- Reusable workflow (
workflow_call) designed to be enforced through GitHub org rulesets. - Runs
boostsecurityio/poutine-actionand uploads SARIF to code scanning.
- Reusable workflow (
.github/workflows/reusable-claude-review.yml- Centralized manual PR review workflow using
anthropics/claude-code-action. - Supports Azure OIDC + Azure Key Vault secret retrieval in caller context.
- Centralized manual PR review workflow using
.github/workflows/reusable-opencode-review.yml- Centralized manual PR review workflow using
anomalyco/opencode/github. - Supports both single model and multi-model matrix runs in the same workflow:
- use
modelfor a single run - use
models(comma/newline list) for matrix fan-out
- use
- Centralized manual PR review workflow using
- Protected by a repository ruleset managed with Terraform.
- CODEOWNERS requires owner review for all changes.