System Templates
List of built-in templates provided by CollabOps and their input parameters
Built-in templates provided by CollabOps.
All Templates (26)
| Category | Template | Description |
|---|---|---|
| Core | collabops/checkout@v2 | Git repository checkout (auto-detects SSH/HTTPS from repo-url scheme) |
collabops/docker-login@v1 | Generic Docker registry authentication (Docker Hub, etc.) | |
collabops/docker-build-push@v1 | Docker image build and multi-tag push | |
collabops/cache@v2 | Platform storage-based dependency cache (airgapped On-Premise compatible) | |
collabops/upload-artifact@v2 | Upload build artifacts (airgapped On-Premise compatible) | |
collabops/download-artifact@v2 | Download build artifacts (airgapped On-Premise compatible) | |
| GCP | collabops/gcloud-auth@v1 | GCP service account authentication |
collabops/gcloud-docker-auth@v1 | GCP Artifact Registry authentication | |
collabops/gcloud-setup@v1 | GKE + kubectl configuration | |
| AWS | collabops/aws-auth@v1 | AWS credential configuration |
collabops/aws-ecr-auth@v1 | AWS ECR Docker authentication | |
collabops/aws-eks-setup@v1 | EKS cluster authentication and kubectl | |
| Code Quality | collabops/lint@v1 | MegaLinter multi-language code linting |
collabops/sast-scan@v1 | Semgrep-based SAST scanning | |
collabops/secret-detect@v1 | Gitleaks-based secret detection | |
collabops/sonar-scan@v1 | SonarQube external-server static code quality & security analysis (airgapped compatible) | |
| Hosting | collabops/vercel-deploy@v1 | Vercel project deployment |
collabops/firebase-deploy@v1 | Firebase resource deployment | |
collabops/fly-deploy@v1 | Fly.io app deployment | |
collabops/convex-deploy@v1 | Convex Functions deployment | |
collabops/ssh-exec@v1 | Run remote shell script over SSH | |
collabops/scp-upload@v1 | Upload file/directory via SCP | |
| Supabase | collabops/supabase-migration@v1 | Supabase DB migration |
collabops/supabase-functions-deploy@v1 | Supabase Edge Functions deployment | |
| Utilities | collabops/npm-publish@v1 | npm package build and publish |
collabops/slack-notify@v1 | Slack Incoming Webhook notification |
On-Premise Compatible Templates (9)
Templates usable in airgapped On-Premise environments without external SaaS connectivity.
| Category | Template | Description |
|---|---|---|
| Core | collabops/checkout@v2 | Git repository checkout (auto-detects SSH/HTTPS from repo-url scheme) |
collabops/docker-login@v1 | Generic Docker registry authentication (Docker Hub, etc.) | |
collabops/docker-build-push@v1 | Docker image build and multi-tag push | |
collabops/cache@v2 | Platform storage-based dependency cache (airgapped On-Premise compatible) | |
collabops/upload-artifact@v2 | Upload build artifacts (airgapped On-Premise compatible) | |
collabops/download-artifact@v2 | Download build artifacts (airgapped On-Premise compatible) | |
| Code Quality | collabops/sast-scan@v1 | Semgrep-based SAST scanning |
collabops/secret-detect@v1 | Gitleaks-based secret detection | |
collabops/sonar-scan@v1 | SonarQube external-server static code quality & security analysis (airgapped compatible) |
To help AI agents bootstrap quickly, the snippets below show the most common shape for each cluster. See the per-page docs for the full input schema.
Quick-start snippets
Core (checkout · build · cache · artifacts)
jobs:
build:
steps:
# Standard build chain: checkout → cache restore → build → cache save → upload artifact
- name: checkout
uses: "collabops/checkout@v2"
with:
repo-url: "https://<collabops-host>/<workspace>/<repository>.git"
- name: cache-restore
uses: "collabops/cache@v2"
with:
action: restore
path: node_modules
key: "pnpm-${{ collabops.ref_name }}"
- name: install-and-build
run: |
corepack enable
pnpm install --frozen-lockfile && pnpm build
image: node:22-alpine
- name: cache-save
uses: "collabops/cache@v2"
with:
action: save
path: node_modules
key: "pnpm-${{ collabops.ref_name }}"
- name: upload-dist
uses: "collabops/upload-artifact@v2"
with:
name: dist
path: dist
AWS (auth → ECR/EKS)
jobs:
aws-deploy:
services:
- docker
steps:
# Always authenticate first; credentials are scoped to the Job.
- name: aws-auth
uses: "collabops/aws-auth@v1"
with:
access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
region: ap-northeast-2
- name: ecr-auth
uses: "collabops/aws-ecr-auth@v1"
with:
region: ap-northeast-2
- name: eks-setup
uses: "collabops/aws-eks-setup@v1"
with:
region: ap-northeast-2
cluster-name: prod-cluster
GCP (auth → AR/GKE)
jobs:
gcp-deploy:
services:
- docker
steps:
- name: gcloud-auth
uses: "collabops/gcloud-auth@v1"
with:
project-id: my-gcp-project
credentials: ${{ secrets.GCP_SA_KEY }} # full service-account JSON
- name: gcloud-docker-auth
uses: "collabops/gcloud-docker-auth@v1"
with:
registry: asia-northeast3-docker.pkg.dev # host only, no path
- name: gke-setup
uses: "collabops/gcloud-setup@v1"
with:
project-id: my-gcp-project
cluster-name: prod
cluster-location: asia-northeast3
Code Quality (lint · SAST · secret)
jobs:
quality:
steps:
- name: checkout
uses: "collabops/checkout@v2"
with:
repo-url: "https://<collabops-host>/<workspace>/<repository>.git"
fetch-depth: "0" # secret-detect requires full history
- name: lint
uses: "collabops/lint@v1"
- name: sast-scan
uses: "collabops/sast-scan@v1"
with:
config: p/owasp-top-ten
severity: WARNING
- name: secret-detect
uses: "collabops/secret-detect@v1"
Hosting (Vercel / Firebase / Fly / Convex / SSH)
# Vercel: per-event Job branching. SSH server: scp + ssh-exec reload.
jobs:
vercel-prod:
if: "collabops.event_name == 'push'"
steps:
- name: deploy-prod
uses: "collabops/vercel-deploy@v1"
with:
vercel-token: ${{ secrets.VERCEL_TOKEN }}
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }}
production: "true"
ssh-release:
steps:
- name: upload-dist
uses: "collabops/scp-upload@v1"
with:
host: web1.prod
username: deploy
source: dist
target: /var/www/app/current
ssh-key: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
known-hosts: ${{ secrets.DEPLOY_KNOWN_HOSTS }}
- name: reload-nginx
uses: "collabops/ssh-exec@v1"
with:
host: web1.prod
username: deploy
ssh-key: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
known-hosts: ${{ secrets.DEPLOY_KNOWN_HOSTS }}
script: sudo systemctl reload nginx
Supabase (migration · functions)
jobs:
migrate:
steps:
- name: supabase-migrate-staging
uses: "collabops/supabase-migration@v1"
with:
access-token: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
project-ref: ${{ secrets.SUPABASE_PROJECT_REF_STAGING }}
db-password: ${{ secrets.SUPABASE_DB_PASSWORD_STAGING }}
dry-run: "true" # PRs run dry-run; apply in a separate Job after merge
deploy-functions:
needs: [migrate]
if: "collabops.event_name == 'push'"
steps:
- name: deploy-edge-functions
uses: "collabops/supabase-functions-deploy@v1"
with:
access-token: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
project-ref: ${{ secrets.SUPABASE_PROJECT_REF_PROD }}
Utilities (npm · Slack)
# Slack failure notifications live in a separate Job gated by a Job-level if.
jobs:
publish:
steps:
- name: publish-npm
uses: "collabops/npm-publish@v1"
with:
npm-token: ${{ secrets.NPM_TOKEN }}
provenance: "true"
notify-failure:
needs: [publish]
if: "failure()"
steps:
- name: slack-failed
uses: "collabops/slack-notify@v1"
with:
webhook-url: ${{ secrets.SLACK_WEBHOOK }}
title: "publish failed"
color: danger
Each snippet shows the most common path only. Refer to the per-category pages (Core / AWS / GCP / Code Quality / Hosting / Supabase / Utilities) for the full set of options. Notably unsupported: matrix, step-level if, hashFiles(), cancelled(), workflow-level if, workflow outputs, concurrency, defaults, permissions.