ci: upgrade to github-workflows v2.0.0 (set-image-tags, sync-env pin)

[Andreas-Garcia]

Description

Upgrades both publish and sync-env workflows to BehindTheMusicTree/github-workflows@v2.0.0, adopting the new atomic set-image-tags-on-server workflow and removing the obsolete REDEPLOYMENT_ROOT variable.

Related Issue

N/A

Type of Change

• 🐛 Bug fix (non-breaking change which fixes an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 📚 Documentation update
• ♻️ Refactoring (no functional changes)
• ⚡ Performance improvement
• ✅ Test addition/update
• 🔧 Configuration change
• 🎨 Style/formatting changes
• 🧹 Chore/maintenance

Target Branch

• develop (for features, bug fixes, chores, dependency updates from Dependabot)
• main (for hotfixes only)

Changes Made

.github/workflows/publish.yml

• Replaced three separate set-image-tag-on-server.yml@main calls (API, DB, AFP) with a single set-image-tags-on-server.yml@v2.0.0 job using stack: btmt and a multiline tags block (HTMT_API_TAG, DB_TAG=16.4, AFP_TAG) plus release_id / release_sha metadata
• check-pinned-tags: replaced REDEPLOYMENT_ROOT, HTMT_API_APP_NAME, DB_APP_NAME_SUFFIX, AFP_APP_NAME env/validation with IMAGE_TAGS_POOL_DIR
• redeploy-webhook-call: pinned from @v1.0.4 → @v2.0.0; depends on set-image-tags instead of the three old jobs

.github/workflows/sync-env-to-server.yml

• Removed REDEPLOYMENT_ROOT from both fragment-building job env blocks and required var checks (no longer a workflow_call input in v2.0.0)
• Pinned all four shared workflow calls from @main → @v2.0.0

Testing

• All existing tests pass
• New tests added (if applicable)
• Manual testing completed (if applicable)

Publish workflow triggered on a prerelease tag — set-image-tags job wrote btmt-staging.tags.env on the server successfully after manually creating IMAGE_TAGS_POOL_DIR (mkdir -p /srv/btmt/image-tags).

Test commands:

# No automated tests for workflow changes — validate via GitHub Actions run

Checklist

Code Quality

• No debug statements or commented-out code

Tests

• All tests pass: pytest

Documentation

• CHANGELOG.md updated in [Unreleased] section

Git Hygiene

• Commit messages follow convention: <type>(<scope>): <summary>
• Branch is up to date with target branch
• Branch follows naming convention (feature/, chore/, dependabot/, hotfix/, release/)
• No accidental commits (large files, secrets, personal configs)

Breaking Changes

• This PR includes breaking changes

Breaking Changes:

• REDEPLOYMENT_ROOT GitHub Variable is no longer used and should be removed from STAGING/PROD environments
• AFP_APP_NAME GitHub Variable is no longer used by publish.yml and can be removed
• IMAGE_TAGS_POOL_DIR (e.g. /srv/btmt/image-tags) must be added to STAGING and PROD GitHub Environments before merging
• The directory IMAGE_TAGS_POOL_DIR must exist on the server (mkdir -p /srv/btmt/image-tags)

Additional Notes

The v2.0.0 set-image-tags-on-server workflow writes a single atomic manifest file per stack/env (<stack>-<env>.tags.env) rather than one file per service, aligning with how the infrastructure redeploy script reads image tags.

[Copilot]

Pull request overview

This PR upgrades the repository’s GitHub Actions integrations to BehindTheMusicTree/github-workflows@v2.0.0, removes the legacy REDEPLOYMENT_ROOT variable in favor of the new image-tag pool directory variable, and updates the release tooling/docs accordingly.

Changes:

• Update publish.yml to use set-image-tags-on-server.yml@v2.0.0 (single call for API/DB/AFP tags) and pin redeploy webhook to @v2.0.0; replace REDEPLOYMENT_ROOT with IMAGE_TAGS_POOL_DIR.
• Update sync-env-to-server.yml to pin the shared workflow to @v2.0.0 and remove REDEPLOYMENT_ROOT from fragment-building validation.
• Update release tooling to automatically remove prerelease/dev tags after bumping, and document workflow changes in the changelog/docs.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
scripts/prepare_release_bump.py	Adds a post-bump step to run remove_prerelease_tags.sh.
docs/workflows.md	Removes REDEPLOYMENT_ROOT mention in sync/publish documentation (but needs further updates for publish section accuracy).
CHANGELOG.md	Records the workflow v2.0.0 upgrade and release-script change under Unreleased.
.github/workflows/sync-env-to-server.yml	Removes REDEPLOYMENT_ROOT from required vars and pins reusable workflow calls to @v2.0.0.
.github/workflows/publish.yml	Switches from per-app tag setting to a single stack-based image-tag setting call; replaces REDEPLOYMENT_ROOT with IMAGE_TAGS_POOL_DIR; pins redeploy workflow to v2.0.0.
.github/actionlint.yaml	Removes REDEPLOYMENT_ROOT from the actionlint allowlist (but needs IMAGE_TAGS_POOL_DIR added).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Andreas-Garcia]

@copilot apply changes based on this feedback

[Copilot]

Applied in commit 84b9035. I updated docs/workflows.md so the Publish section now matches publish.yml (uses set-image-tags, call-redeployment-webhook@v2.0.0, and includes IMAGE_TAGS_POOL_DIR as a required STAGING/PROD environment variable).

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

[github-actions]

Test Results

1 113 tests   1 109 ✅  10m 40s ⏱️
    1 suites      4 💤
    1 files        0 ❌

Results for commit 84b9035.