ci: better ci

Author: fredleger

.github/workflows/__shared-ci.yml

@@ -2,6 +2,14 @@ name: Internal - Common Continuous Integration tasks
 
 on:
   workflow_call:
+    inputs:
+      tag:
+        description: "Tag Version (semver - x.x.x)"
+        type: string
+        required: false
+    outputs:
+      built-images:
+        value: ${{ jobs.docker-build-images.outputs.built-images }}
 
 jobs:
 
@@ -101,3 +109,28 @@ jobs:
         if: steps.list-changed.outputs.changed == 'true'
         run: ct install --target-branch ${{ github.event.repository.default_branch }}
 
+  docker-build-images:
+    name: Docker Build Images
+    needs: [golangci-lint, go-test, go-coverage, chart-testing]
+    uses: hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml@0.14.4
+    permissions:
+      contents: read
+      id-token: write
+      issues: read
+      packages: write
+      pull-requests: read
+    secrets:
+      oci-registry-password: ${{ secrets.GITHUB_TOKEN }}
+    with:
+      runs-on: '["self-hosted"]'
+      oci-registry: "ghcr.io"
+      images: |
+        [{
+          "name": "app",
+          "tag": "${{ inputs.tag }}",
+          "dockerfile": "./Dockerfile",
+          "platforms": [
+            "linux/amd64",
+            "linux/arm64"
+          ]
+        }]

.github/workflows/main-ci.yml

@@ -39,45 +39,3 @@ jobs:
             "linux/arm64"
           ]
         }]
-
-  dockerhub-publish:
-    name: Dockerhub Publish
-    needs: docker-build-images
-    runs-on: self-hosted
-    steps:
-      - uses: docker/login-action@v3
-        with:
-          registry: "ghcr.io"
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - uses: docker/login-action@v3
-        with:
-          registry: "docker.io"
-          username: ${{ secrets.DOCKERHUB_REGISTRY_USER     }}
-          password: ${{ secrets.DOCKERHUB_REGISTRY_PASSWORD }}
-
-      - name: Push built images to Docker.io
-        run: |
-          APP_IMAGE="${{ fromJson(needs.docker-build-images.outputs.built-images).app.images[0] }}"
-          docker pull "$APP_IMAGE"
-          APP_TAG="${{ fromJson(needs.docker-build-images.outputs.built-images).APP.tags[0] }}"
-          APP_REGISTRY_PATH="docker.io/webofmars"
-          APP_DOCKERIO_IMAGE="${APP_REGISTRY_PATH}/http-header-authenticator:$APP_TAG"
-          docker tag "$APP_IMAGE" "$APP_DOCKERIO_IMAGE"
-          docker push "$APP_DOCKERIO_IMAGE"
-
-  update_release_draft:
-    # we want to publish a new tag only if ci succeeds
-    needs: ci
-    permissions:
-      contents: write
-      pull-requests: write
-    runs-on: self-hosted
-    steps:
-      - uses: release-drafter/release-drafter@v6
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          publish: true
-          disable-autolabeler: true

.github/workflows/release.yml

@@ -6,9 +6,6 @@ on:
       tagVersion:
         description: "Tag Version (semver - x.x.x)"
         required: true
-  push:
-    tags:
-      - '[0-9]+.[0-9]+.[0-9]+'
 
 jobs:
   check-branches:
@@ -27,6 +24,44 @@ jobs:
     name: Continuous Integration
     uses: ./.github/workflows/__shared-ci.yml
 
+  update_release_draft:
+    # we want to publish a new tag only if ci succeeds
+    needs: ci
+    permissions:
+      contents: write
+      pull-requests: write
+    runs-on: self-hosted
+    steps:
+      - id: update_release_draft
+        uses: release-drafter/release-drafter@v6
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          publish: true
+          disable-autolabeler: true
+
+      - uses: docker/login-action@v3
+        with:
+          registry: "ghcr.io"
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/login-action@v3
+        with:
+          registry: "docker.io"
+          username: ${{ secrets.DOCKERHUB_REGISTRY_USER     }}
+          password: ${{ secrets.DOCKERHUB_REGISTRY_PASSWORD }}
+
+      - name: Push built images to Docker.io
+        run: |
+          APP_IMAGE="${{ fromJson(needs.ci.outputs.built-images).app.images[0] }}"
+          docker pull "$APP_IMAGE"
+          APP_TAG="${{ steps.update_release_draft.outputs.tag_name }}"
+          APP_REGISTRY_PATH="docker.io/webofmars"
+          APP_DOCKERIO_IMAGE="${APP_REGISTRY_PATH}/http-header-authenticator:$APP_TAG"
+          docker tag "$APP_IMAGE" "$APP_DOCKERIO_IMAGE"
+          docker push "$APP_DOCKERIO_IMAGE"
+
   helm-push:
     name: 👷‍♂️ Run helm push
     needs: ci
@@ -64,36 +99,3 @@ jobs:
           update-dependencies: true
           version: ${{ github.event.inputs.tagVersion }}
           appVersion: ${{ github.event.inputs.tagVersion }}
-
-  release:
-    name: 📦 Release
-    needs:
-    - skaffold-build
-    - helm-push
-    runs-on: self-hosted
-    steps:
-      - uses: tibdex/github-app-token@v2
-        id: generate-token
-        with:
-          app_id: ${{ vars.CI_BOT_APP_ID }}
-          private_key: ${{ secrets.CI_BOT_APP_PRIVATE_KEY }}
-
-      # checkout code
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Generate changelog
-        id: changelog
-        uses: metcalfc/changelog-generator@v4.3.1
-        with:
-          myToken: ${{ steps.generate-token.outputs.token }}
-
-      - name: Create a GitHub release
-        uses: actions/create-release@v1
-        env:
-          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
-        with:
-          tag_name: ${{ github.event.inputs.tagVersion }}
-          release_name: Release ${{ github.event.inputs.tagVersion }}
-          body: ${{ steps.changelog.outputs.changelog }}