Update workflows

.github/workflows/_update_terraform.yml

@@ -52,7 +52,7 @@ jobs:
           git add test/services/levriero/_levriero.auto.tfvars
           git commit -m "Adding levriero git variables for tag ${{ inputs.image_tag }}"
       - name: Push changes
-        uses: ad-m/github-push-action@v0.6.0
+        uses: ad-m/github-push-action@v0.8.0
         with:
           github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
           repository: 'datacite/mastino'

.github/workflows/branch_to_staging.yml

@@ -2,6 +2,8 @@ name: Build/Deploy Branch to Staging
 on:
   workflow_dispatch:
 jobs:
+  lint:
+    uses: ./.github/workflows/rubocop.yml
   test:
     uses: ./.github/workflows/parallel_ci.yml
     secrets: inherit

.github/workflows/build.yml

@@ -22,7 +22,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Cache Docker layers
         uses: actions/cache@v4
         with:
@@ -31,18 +31,18 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-buildx-
       - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build and Push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           file: ./Dockerfile

.github/workflows/deploy.yml

@@ -1,144 +1,25 @@
-name: Deploy
+name: Deploy Main to Staging
 on:
   push:
     branches:
       - "master"
 jobs:
+  lint:
+    uses: ./.github/workflows/rubocop.yml
   test:
-    runs-on: ubuntu-latest
-    services:
-      memcached:
-        image: memcached:1.6.32
-        ports:
-          - 11211/udp
-    env:
-      MEMCACHE_SERVERS: "localhost:11211"
-      SECRET_KEY_BASE: ${{ secrets.SECRET_KEY_BASE }}
-      SESSION_ENCRYPTED_COOKIE_SALT: ${{ secrets.SESSION_ENCRYPTED_COOKIE_SALT }}
-      JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }}
-      JWT_PUBLIC_KEY: ${{ secrets.JWT_PUBLIC_KEY }}
-      AWS_REGION: ${{ secrets.AWS_REGION }}
-      CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: '3.2.10'
-      - uses: actions/cache@v4
-        with:
-          path: vendor/bundle
-          key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-gems-
-      - name: Install
-        run: |
-          cp .env.build .env
-          gem install bundler -v 2.6.9
-          bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3
-      - name: Lint and Test
-        env:
-          MEMCACHE_SERVERS: "localhost:11211"
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          STAFF_ADMIN_TOKEN: ${{ secrets.STAFF_ADMIN_TOKEN }}
-          STAFF_PROFILES_ADMIN_TOKEN: ${{ secrets.STAFF_PROFILES_ADMIN_TOKEN }}
-        run: |
-          # bundle exec rubocop
-          bundle exec rspec
-          echo $?
-
-  build:
+    uses: ./.github/workflows/parallel_ci.yml
+    secrets: inherit
+  call_build_and_push:
     needs: test
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      - name: Cache Docker layers
-        uses: actions/cache@v4
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-
-      - name: Login to DockerHub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: ./Dockerfile
-          push: true
-          tags: ${{ github.repository }}:latest
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
-      - name: Push to GitHub Packages
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: ./Dockerfile
-          push: true
-          tags: ghcr.io/${{ github.repository }}:latest
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
-
+    uses: ./.github/workflows/build.yml
+    with:
+      image_name: ${{ github.repository }}
+      image_tag: main
+    secrets: inherit
   deploy:
-    needs: [test, build]
-    runs-on: ubuntu-latest
-    env:
-      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Extract variables
-        shell: bash
-        run: |
-          echo "::set-output name=BRANCH::$(echo ${GITHUB_REF#refs/heads/} | sed 's/\//_/g')"
-          echo "::set-output name=TAG::$(git tag --points-at HEAD)"
-          echo "::set-output name=GIT_SHA::$(git rev-parse HEAD)"
-          echo "::set-output name=GIT_SHA_SHORT::$(git rev-parse --short HEAD)"
-          echo "::set-output name=MESSAGE::$(git log --format=%B -n 1 ${{ github.event.after }})"
-        id: extract_variables
-
-      - name: Checkout terraform config repo
-        uses: actions/checkout@v2
-        with:
-          # public repo with terraform configuration
-          repository: 'datacite/mastino'
-          persist-credentials: false
-      - name: Commit changes to terraform config repository
-        # use go template in terraform config repository to update git sha and tag
-        # commit and push changes to trigger terraform workflow
-        run: |
-          export GIT_SHA=${{ steps.extract_variables.outputs.GIT_SHA_SHORT }}
-          export GIT_TAG=${{ steps.extract_variables.outputs.TAG }}
-
-          export VERSION_FILENAME=stage/services/levriero/_levriero.auto.tfvars
-
-          sed -e "s/{{ .Env.GIT_SHA }}/$GIT_SHA/g" -e "s/{{ .Env.GIT_TAG }}/$GIT_TAG/g" $VERSION_FILENAME.tmpl > $VERSION_FILENAME
-
-          git config --local user.email "action@github.com"
-          git config --local user.name "GitHub Action"
-          git add $VERSION_FILENAME
-          git commit -m "Adding levriero git variables for commit ${{ steps.extract_variables.outputs.GIT_SHA }}"
-      - name: Push changes
-        uses: ad-m/github-push-action@v0.6.0
-        with:
-          github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-          repository: 'datacite/mastino'
-          branch: 'refs/heads/master'
-          tags: false
+    needs: [test, call_build_and_push]
+    uses: ./.github/workflows/_update_terraform.yml
+    with:
+      image_tag: main
+      deployment_environment: staging
+    secrets: inherit

.github/workflows/parallel_ci.yml

@@ -24,7 +24,7 @@ jobs:
             STAFF_PROFILES_ADMIN_TOKEN: ${{ secrets.STAFF_PROFILES_ADMIN_TOKEN }}
         steps:
             - name: Checkout Code
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
 
             - name: Set up Ruby
               uses: ruby/setup-ruby@v1

.github/workflows/pull_request.yml

@@ -1,10 +1,21 @@
 name: Test Pull Request
 on:
-    pull_request:
-        branches:
-            - master
-    workflow_dispatch:
+  pull_request:
+    branches:
+      - master
+  workflow_dispatch:
+    inputs:
+      fail-fast:
+        description: 'Stop all jobs if any job fails'
+        type: boolean
+        default: true
+        required: false
 jobs:
-    parallel-test:
-        uses: ./.github/workflows/parallel_ci.yml
-        secrets: inherit
+  lint:
+    uses: ./.github/workflows/rubocop.yml
+  parallel-test:
+    needs: lint
+    uses: ./.github/workflows/parallel_ci.yml
+    secrets: inherit
+    with:
+      fail-fast: ${{ github.event_name == 'workflow_dispatch' && inputs.fail-fast || !contains(github.event.pull_request.labels.*.name, 'run-all-tests') }}