use reusable workflows

David Cavazos · David Cavazos · commit 0ed3f9549108 · 2025-03-13T13:01:57.000-07:00
diff --git a/.github/workflows/custard-ci.yaml b/.github/workflows/custard-ci.yaml
@@ -22,48 +22,18 @@ on:
   #   # https://crontab.guru/#0_12_*_*_0
   #   - cron: 0 12 * * 0 # At 12:00 on Sunday
 
-env:
-  GO_VERSION: ^1.22.0
-
 jobs:
   affected:
-    name: Finding affected tests
-    runs-on: ubuntu-latest
-    timeout-minutes: 2
-    outputs:
-      nodejs-paths: ${{ steps.nodejs.outputs.paths }}
-      nodejs-setups: ${{ steps.nodejs.outputs.setups }}
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          fetch-depth: 0
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          repository: GoogleCloudPlatform/cloud-samples-tools
-          ref: v0.2.1
-          path: cloud-samples-tools
-      - name: Create `bin` directory for cloud-samples-tools binaries
-        run: mkdir bin
-        working-directory: cloud-samples-tools
-      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      - name: Build Custard (from cloud-samples-tools)
-        run: go build -o ../bin -v ./...
-        working-directory: cloud-samples-tools/custard
-      - name: Get diffs
-        run: git --no-pager diff --name-only HEAD origin/main | tee diffs.txt
-      - name: Find Node.js affected packages
-        id: nodejs
-        run: |
-          echo "paths=$(./cloud-samples-tools/bin/custard affected .github/config/nodejs-prod.jsonc diffs.txt paths.txt)" >> $GITHUB_OUTPUT
-          cat paths.txt
-          echo "setups=$(./cloud-samples-tools/bin/custard setup-files .github/config/nodejs-prod.jsonc paths.txt)" >> $GITHUB_OUTPUT
+    name: Find affected packages
+    # TODO: use version tag when available
+    uses: GoogleCloudPlatform/cloud-samples-tools/.github/workflows/find-affected.yaml@main
+    with:
+      config-file: .github/config/nodejs-prod.jsonc
+      paths: tpu # TODO: remove this
 
   lint:
     needs: affected
     runs-on: ubuntu-latest
-    timeout-minutes: 5
     steps:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
@@ -72,39 +42,12 @@ jobs:
         with:
           node-version: 20
       - run: npm install
-      - name: Run lint
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
+      - name: Run linter
+        # TODO: use version tag when available
+        uses: GoogleCloudPlatform/cloud-samples-tools/.github/map-run@main
         with:
-          script: |
-            const { execSync } = await import("node:child_process");
-
-            const cmd = 'npx gts lint';
-            const affected = ${{ needs.affected.outputs.nodejs-paths }};
-            if (affected.length === 0) {
-              console.log("No packages were affected, nothing to lint.")
-            }
-
-            let failed = [];
-            for (const path of affected) {
-              try {
-                execSync(cmd, {cwd: path});
-                console.log(`✅ [${path}]: ${cmd}`);
-              } catch (e) {
-                failed.push(path)
-                console.log(`❌ [${path}]: ${cmd} (exit code ${e.status})`);
-                core.error(e.message);
-                console.log('--- stdout ---');
-                console.log(e.stdout.toString("utf8"));
-                console.log('--- stderr ---');
-                console.log(e.stderr.toString("utf8"));
-              }
-            }
-            console.log("=== Summary ===")
-            console.log(`  Passed: ${affected.length - failed.length}`)
-            console.log(`  Failed: ${failed.length}`)
-            if (failed.length > 0) {
-              core.setFailed(`Failed '${cmd}' on: ${failed.join(', ')}`)
-            }
+          command: npx gts lint
+          paths: ${{ needs.affected.outputs.paths }}
 
   region-tags:
     name: region tags
@@ -122,53 +65,32 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 120 # 2 hours hard limit
     permissions:
-      id-token: write # needed for google-github-actions/auth
+      id-token: write # for google-github-actions/auth
     strategy:
       fail-fast: false
       matrix:
-        path: ${{ fromJson(github.event_name == 'pull_request' && needs.affected.outputs.nodejs-paths || '[]') }}
+        path: ${{ fromJson(needs.affected.outputs.paths) }}
     env:
       GOOGLE_SAMPLES_PROJECT: long-door-651
       GOOGLE_SERVICE_ACCOUNT: kokoro-system-test@long-door-651.iam.gserviceaccount.com
-      CI_SETUP: ${{ toJson(fromJson(needs.affected.outputs.nodejs-setups)[matrix.path])}}
     steps:
-      - name: CI Setup
-        run: echo "${{ env.CI_SETUP }}"
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-      - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4
+      - name: Setup Custard
+        # TODO: use version tag when available
+        uses: GoogleCloudPlatform/cloud-samples-tools/.github/setup-custard@main
         with:
-          node-version: ${{ fromJson(env.CI_SETUP).node-version }}
-      - uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2
-        id: auth
-        with:
-          project_id: ${{ env.GOOGLE_SAMPLES_PROJECT }}
-          workload_identity_provider: projects/1046198160504/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider
-          service_account: ${{ env.GOOGLE_SERVICE_ACCOUNT }}
-          access_token_lifetime: 600s # 10 minutes
-          token_format: 'id_token'
-          id_token_audience: 'https://action.test/' # service must have this custom audience
-          id_token_include_email: true
-      - name: Export environment variables
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
-        id: vars
-        with:
-          script: |
-            const { default: setupVars } = await import('${{ github.workspace }}/.github/scripts/setup-vars.js');
-            const projectId = '${{ env.GOOGLE_SAMPLES_PROJECT }}';
-            const setup = JSON.parse(process.env.CI_SETUP);
-            const serviceAccount = '${{ env.GOOGLE_SERVICE_ACCOUNT }}';
-            const idToken = '${{ steps.auth.outputs.id_token }}';
-            return await setupVars({projectId, core, setup, serviceAccount, idToken})
-      - uses: google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce # v2
-        if: ${{ fromJson(steps.vars.outputs.result).secrets }}
+          path: ${{ matrix.path }}
+          ci-setup: ${{ toJson(fromJson(needs.affected.outputs.ci-setups)[matrix.path]) }}
+          project-id: ${{ env.GOOGLE_SAMPLES_PROJECT }}
+          workload-identity-provider: projects/1046198160504/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider
+          service-account: ${{ env.GOOGLE_SERVICE_ACCOUNT }}
+
+      - name: Setup Node
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4
         with:
-          secrets: ${{ fromJson(steps.vars.outputs.result).secrets }}
-          export_to_environment: true
+          node-version: ${{ fromJson(needs.affected.outputs.ci-setups)[matrix.path].node-version }}
       - name: Run tests for ${{ matrix.path }}
         run: |
-          timeout ${{ fromJson(env.CI_SETUP).timeout-minutes }}m \
+          timeout ${{ fromJson(needs.affected.outputs.ci-setups)[matrix.path].timeout-minutes }}m \
             make test dir=${{ matrix.path }}
       # - name: Upload test results for FlakyBot workflow
       #   if: github.event.action == 'schedule' && always() # always() submits logs even if tests fail
