The shared GitHub automation control plane for the getnodus org.
Reusable workflows, the Renovate preset, and the repo standard — in one place, so the glue isn't rebuilt per repo.
This repo holds the reusable workflows, automation policy, and shared config that
other getnodus repos call or extend — kept in one place so the glue isn't
rebuilt per repo. Org identity (profile, issue templates, community health
files) stays in getnodus/.github, which
GitHub renders specially; automation lives here.
| Path | What it is |
|---|---|
.github/workflows/pr-autofix.yml |
Reusable (workflow_call) — Claude Code repairs failing/conflicted PRs. |
.github/workflows/claude.yml |
Reusable (workflow_call + direct) — @claude mention handler. Copy the caller into a repo to enable. |
.github/workflows/actionlint.yml |
Lints workflow files in this repo. |
WORKFLOW.md |
Automation control-plane policy and security posture. |
REPO_STANDARD.md |
Default shape for getnodus repos. |
default.json |
Shared Renovate preset. Repos extend it via github>getnodus/workflow. |
pre-commit/lefthook.yml |
Shared lefthook hooks (prettier + eslint + typecheck). |
Renovate — in renovate.json:
{ "extends": ["github>getnodus/workflow"] }Reusable workflow — e.g. pr-autofix:
jobs:
call:
uses: getnodus/workflow/.github/workflows/pr-autofix.yml@main
secrets:
CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}Pre-commit hooks — see pre-commit/README.md.
Read the header of each workflow file before wiring it up — they document the
security gating (author_association allowlists, no secrets: inherit,
untrusted-input handling).