DCMAW-12245: github action versioning spike

Author: kikidawson-gds

.github/workflows/backend-api-post-merge.yml

@@ -26,15 +26,15 @@ jobs:
   ci-checks:
     name: Pre-deployment
     uses:
-      ./.github/workflows/job_ci-checks.yml
+      govuk-one-login/mobile-id-check-async/.github/workflows/jobs_ci-checks.yml@ci-checks/v1.0.0
     with:
       PRIVATE_PACKAGES_REQUIRED: true
       WORKING_DIRECTORY: backend-api
 
   run-test-suite:
     name: Pre-deployment
     uses:
-      ./.github/workflows/job_test-suite.yml
+      govuk-one-login/mobile-id-check-async/.github/workflows/jobs_test-suite.yml@test-suite/v1.0.0
     with:
       PRIVATE_PACKAGES_REQUIRED: true
       RUN_PACT_TESTS: true

.github/workflows/backend-api-pull-request.yml

@@ -27,7 +27,7 @@ jobs:
     name: CI checks
     if: github.event.pull_request.draft == false
     uses:
-      ./.github/workflows/job_ci-checks.yml
+      govuk-one-login/mobile-id-check-async/.github/workflows/jobs_ci-checks.yml@ci-checks/v1.0.0
     with:
       PRIVATE_PACKAGES_REQUIRED: true
       WORKING_DIRECTORY: backend-api
@@ -36,7 +36,7 @@ jobs:
     name: Run test suite
     needs: ci-checks
     uses:
-      ./.github/workflows/job_test-suite.yml
+      govuk-one-login/mobile-id-check-async/.github/workflows/jobs_test-suite.yml@test-suite/v1.0.0
     with:
       PRIVATE_PACKAGES_REQUIRED: true
       RUN_PACT_TESTS: true

.github/workflows/helper-scripts-pull-request.yml

@@ -22,6 +22,6 @@ jobs:
     name: CI checks
     if: github.event.pull_request.draft == false
     uses:
-      ./.github/workflows/job_ci-checks.yml
+      govuk-one-login/mobile-id-check-async/.github/workflows/jobs_ci-checks.yml@ci-checks/v1.0.0
     with:
       WORKING_DIRECTORY: helper-scripts

.github/workflows/initialise-job.yml

@@ -0,0 +1,19 @@
+name: Initialise New GitHub Actions Job
+
+on:
+  workflow_dispatch:
+    inputs:
+      JOB_NAME:
+        description: The Name of the New Job
+        type: string
+
+jobs:
+  create-tag:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Create Tag v0.0.1
+        run: |
+          $job_name=${{ inputs.JOB_NAME }}
+
+          git tag $job_name/v0.0.1
+          git push origin $job_name/v0.0.1

.github/workflows/job_ci-checks.yml

@@ -1,5 +1,12 @@
 name: CI Checks
 
+description: {
+  "name": "ci-checks",
+  "version": "v1.0.0",
+  "message":
+    "This update adds versioning to the ci-checks job."
+  }
+
 on:
   workflow_call:
     inputs:

.github/workflows/job_push-docker-image.yml

@@ -1,5 +1,12 @@
 name: Build, Push, Sign and Tag Test Image
 
+description: {
+  "name": "push-docker-image",
+  "version": "v1.0.0",
+  "message":
+    "This update adds versioning to the push-docker-image job."
+  }
+
 on:
   workflow_call:
     inputs:

.github/workflows/job_test-suite.yml

@@ -1,5 +1,12 @@
 name: Run Test Suite
 
+description: {
+  "name": "test-suite",
+  "version": "v1.0.0",
+  "message":
+    "This update adds versioning to the test-suite job."
+  }
+
 on:
   workflow_call:
     inputs:

.github/workflows/job_upload-sam-artifact.yml

@@ -1,5 +1,12 @@
 name: Validate, Build, and Upload Artifact to S3
 
+description: {
+  "name": "upload-sam-artifact",
+  "version": "v1.0.0",
+  "message":
+    "This update adds versioning to the upload-sam-artifact job."
+  }
+
 on:
   workflow_call:
     inputs:

.github/workflows/test-resources-post-merge.yml

@@ -1,92 +1,138 @@
-name: Test Resources Post Merge
+name: GitHub Jobs Post Merge
+
 on:
   push:
     branches:
       - main
     paths:
-      - "test-resources/**"
-      - ".github/workflows/job_push-docker-image.yml"
-      - ".github/workflows/job_upload-sam-artifact.yml"
-      - ".github/workflows/test-resources-post-merge.yml"
-      - "!test-resources/**/*.md"
-      - "!test-resources/**/*.png"
+      - ".github/workflows/job_**"
   workflow_dispatch:
 
 permissions:
-  contents: read
+  contents: write
   id-token: write
 
-defaults:
-  run:
-    shell: bash
-    working-directory: ./test-resources
-
 jobs:
-  ci-checks:
-    name: Pre-deployment
-    uses:
-      ./.github/workflows/job_ci-checks.yml
-    with:
-      WORKING_DIRECTORY: test-resources
-
-  run-test-suite:
-    name: Pre-deployment
-    needs: ci-checks
-    uses:
-      ./.github/workflows/job_test-suite.yml
-    with:
-      SONARQUBE_CONTINUE_ON_ERROR: true
-      WORKING_DIRECTORY: test-resources
-    secrets: inherit
-
-  push-docker-image-dev:
-    name: Dev
-    needs: 
-      - ci-checks
-      - run-test-suite
-    uses:
-      ./.github/workflows/job_push-docker-image.yml
-    with:
-      WORKING_DIRECTORY: test-resources
-    secrets:
-      CONTAINER_SIGN_KMS_KEY: ${{ secrets.DEV_CONTAINER_SIGN_KMS_KEY }}
-      GH_ACTIONS_ROLE_ARN: ${{ secrets.TEST_RESOURCES_DEV_GH_ACTIONS_ROLE_ARN }}
-      TEST_IMAGE_REPOSITORY_URI: ${{ secrets.TEST_RESOURCES_DEV_TEST_IMAGE_REPOSITORY_URI }}
-
-  upload-sam-artifact-dev:
-    name: Dev
-    needs: push-docker-image-dev
-    uses:
-      ./.github/workflows/job_upload-sam-artifact.yml
-    with:
-      WORKING_DIRECTORY: test-resources
-    secrets:
-      ARTIFACT_BUCKET: ${{ secrets.TEST_RESOURCES_DEV_ARTIFACT_BUCKET }}
-      GH_ACTIONS_ROLE_ARN: ${{ secrets.TEST_RESOURCES_DEV_GH_ACTIONS_ROLE_ARN }}
-      SIGNING_PROFILE_NAME: ${{ secrets.DEV_SIGNING_PROFILE_NAME }}
-
-  push-docker-image-build:
-    name: Build
-    needs: 
-      - ci-checks
-      - run-test-suite
-    uses:
-      ./.github/workflows/job_push-docker-image.yml
-    with:
-      WORKING_DIRECTORY: test-resources
-    secrets:
-      CONTAINER_SIGN_KMS_KEY: ${{ secrets.BUILD_CONTAINER_SIGN_KMS_KEY }}
-      GH_ACTIONS_ROLE_ARN: ${{ secrets.TEST_RESOURCES_BUILD_GH_ACTIONS_ROLE_ARN }}
-      TEST_IMAGE_REPOSITORY_URI: ${{ secrets.TEST_RESOURCES_BUILD_TEST_IMAGE_REPOSITORY_URI }}
-
-  upload-sam-artifact-build:
-    name: Build
-    needs: push-docker-image-build
-    uses:
-      ./.github/workflows/job_upload-sam-artifact.yml
-    with:
-      WORKING_DIRECTORY: test-resources
-    secrets:
-      ARTIFACT_BUCKET: ${{ secrets.TEST_RESOURCES_BUILD_ARTIFACT_BUCKET }}
-      GH_ACTIONS_ROLE_ARN: ${{ secrets.TEST_RESOURCES_BUILD_GH_ACTIONS_ROLE_ARN }}
-      SIGNING_PROFILE_NAME: ${{ secrets.BUILD_SIGNING_PROFILE_NAME }}
+  get-file-names:
+    name: Get Names of Files Changed
+    runs-on: ubuntu-24.04
+    env:
+      SAM_CLI_TELEMETRY: 0
+    defaults:
+      run:
+        shell: bash
+        working-directory: .
+    outputs:
+      FILE_NAMES: ${{ steps.get-files.outputs.NAMES }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+          fetch-depth: 0
+
+# This is ugly but can't get anything else to work
+      - name: Get File Names
+        id: get-files
+        run: |
+          files=$( git diff origin/main --name-only -- ./.github/workflows/job_** )
+
+          JSON="["
+          for file in ${files[@]}; do
+              echo $file
+              JSONline="\"$file\","
+              if [[ "$JSON" != *"$JSONline"* ]]; then
+                  JSON="$JSON$JSONline"
+              fi
+          done
+
+          if [[ $JSON == *, ]]; then
+              JSON="${JSON%?}"
+          fi
+          JSON="$JSON]"
+
+          echo $JSON
+          echo "NAMES=$( echo "$JSON" )" >> $GITHUB_OUTPUT
+
+  create-tags:
+    name: Validate Versions and Create Tags
+    runs-on: ubuntu-24.04
+    needs: get-file-names
+    strategy:
+      matrix:
+        file_name:  ${{ fromJSON(needs.get-file-names.outputs.FILE_NAMES) }}
+    env:
+      SAM_CLI_TELEMETRY: 0
+      FILE_NAME: ${{ matrix.file_name }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    defaults:
+      run:
+        shell: bash
+        working-directory: jobs
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Setup NodeJS
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          cache: npm
+          cache-dependency-path: jobs/package-lock.json
+          node-version-file: jobs/.nvmrc
+
+      - name: Install Dependencies
+        run: |
+          npm clean-install
+
+      - name: Validate Job Name
+        id: job-name
+        run: |
+          name=$( yq .description ../$FILE_NAME | jq .name | tr -d '"' )
+
+          if [[ $FILE_NAME == ".github/workflows/job_$name" ]]; then
+            echo "Error: Job name does not match file name."
+            exit 1
+          fi
+
+          if [[ "$name" =~ ^[a-z0-9-]+$ ]]; then
+            echo "Valid job name."
+            echo "NAME=$name" >> $GITHUB_OUTPUT
+          else
+            echo "Error: Invalid job name."
+            exit 1
+          fi
+
+      - name: Get Version
+        id: get-version
+        run: |
+          version=$( yq .description ../$FILE_NAME | jq .version | tr -d '"' )
+          echo "VERSION=$version" >> $GITHUB_OUTPUT
+
+      - name: Validate Version
+        run: |
+          npm run validate-version $FILE_NAME
+
+      - name: Get Message
+        id: get-message
+        run: |
+          message=$( yq .description ../$FILE_NAME | jq .message )
+          echo "MESSAGE=$message" >> $GITHUB_OUTPUT
+
+      - name: Create and Push Tag
+        run: |
+          job_name=${{ steps.job-name.outputs.NAME }}
+          new_version=${{ steps.get-version.outputs.VERSION }}
+          
+          git tag $job_name/$new_version
+          git push origin $job_name/$new_version
+
+      - name: Create GitHub Release
+        run: |
+          job_name=${{ steps.job-name.outputs.NAME }}
+          message=${{ steps.get-message.outputs.MESSAGE }}
+          new_version=${{ steps.get-version.outputs.VERSION }}
+
+          gh release create $job_name/$new_version --latest=false --notes "$message"