chore: Cleanup CI with unused triggers (#14)

* Cleanup CI with unused triggers

* Move root linter to pre-merge workflows

Author: daniele-moro

.github/workflows/auto-add-labels.yml

@@ -15,4 +15,4 @@ jobs:
   label:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/labeler@v5
+      - uses: actions/labeler@v5.0.0

.github/workflows/auto-close.yml

@@ -16,7 +16,7 @@ jobs:
   stale-auto-close:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v5.1.1
+      - uses: actions/stale@v9.1.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           stale-pr-message: 'This pull request is stale because it has been open 30 days with no activity. Make a comment or update the PR to avoid closing PR after 15 days.'

.github/workflows/post-merge-api.yml

@@ -11,7 +11,6 @@ on:
       - release-*
     paths:
       - 'api/**'
-  workflow_dispatch:
 
 jobs:
   post-merge-pipeline:

.github/workflows/post-merge-apiv2.yml

@@ -11,7 +11,6 @@ on:
       - release-*
     paths:
       - 'apiv2/**'
-  workflow_dispatch:
 
 jobs:
   post-merge-pipeline:

.github/workflows/post-merge-bulk-import-tools.yml

@@ -11,7 +11,6 @@ on:
       - release-*
     paths:
       - 'bulk-import-tools/**'
-  workflow_dispatch:
 
 jobs:
   post-merge-pipeline:
@@ -22,7 +21,6 @@ jobs:
       run_dep_version_check: true
       run_build: true
       run_docker_build: false
-      # TODO: add publish of binaries
       run_docker_push: false
       run_version_tag: true
       run_artifact: true

.github/workflows/post-merge-exporters-inventory.yml

@@ -11,7 +11,6 @@ on:
       - release-*
     paths:
       - 'exporters-inventory/**'
-  workflow_dispatch:
 
 jobs:
   post-merge-pipeline:

.github/workflows/post-merge-inventory.yml

@@ -11,7 +11,6 @@ on:
       - release-*
     paths:
       - 'inventory/**'
-  workflow_dispatch:
 
 jobs:
   post-merge-pipeline:

.github/workflows/post-merge-tenant-controller.yml

@@ -11,7 +11,6 @@ on:
       - release-*
     paths:
       - 'tenant-controller/**'
-  workflow_dispatch:
 
 jobs:
   post-merge-pipeline:

.github/workflows/pre-merge.yml

@@ -9,20 +9,22 @@ on:
     branches:
       - main
       - release-*
-  workflow_dispatch:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+env:
+  MARKDOWNLINT_CLI_VER: 0.44.0
+
 jobs:
   pre-checks:
     runs-on: ubuntu-latest
     outputs:
       filtered_projects: ${{ steps.filter-changes.outputs.filtered_projects }}
       other_changed_projects: ${{ steps.filter-changes.outputs.other_changed_projects }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4.2.2
       - name: "Verify Branch Name"
         uses: open-edge-platform/orch-ci/verify-branch-name@main
       - name: "Discover Changed Subfolders"
@@ -31,14 +33,40 @@ jobs:
       - name: "Filter Out Unwanted Changed Subfolders"
         id: filter-changes
         run: |
-          folders_to_remove='[".github",".reuse","LICENSES",".git","os-profiles"]'
+          folders_to_remove='[".github",".reuse","LICENSES",".git","os-profiles",""]'
           
           changed_projects='${{ steps.discover-changes.outputs.changed_projects }}'
           filtered_projects=$(echo "$changed_projects" | jq -cr --argjson folders_to_remove "$folders_to_remove" 'map(select(. as $item | $folders_to_remove | index($item) | not))')
           other_changed_projects=$(echo "$changed_projects" | jq -cr --argjson filtered_projects "$filtered_projects" 'map(select(. as $item | $filtered_projects | index($item) | not))')
 
           echo "filtered_projects=$filtered_projects" >> $GITHUB_OUTPUT
           echo "other_changed_projects=$other_changed_projects" >> $GITHUB_OUTPUT
+  pre-merge-root:
+    needs: pre-checks
+    if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, '.github') || contains(needs.pre-checks.outputs.other_changed_projects, '.reuse') || contains(needs.pre-checks.outputs.other_changed_projects, 'LICENSES') || contains(needs.pre-checks.outputs.other_changed_projects, '""')}}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4.2.2
+      - uses: actions/setup-node@v4.3.0
+        with:
+          node-version: '18'
+      - run: |
+          npm install -g \
+          "markdownlint-cli@${{ env.MARKDOWNLINT_CLI_VER }}"
+      - uses: actions/setup-python@v5.5.0
+        id: setup_python
+        with:
+          python-version: '3.13'
+      - name: Restore cached virtualenv
+        uses: actions/cache@v4.2.3
+        with:
+          key: venv-${{ runner.os }}-${{ steps.setup_python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}
+          path: venv_infra
+
+      - name: Run mdlint
+        run: make mdlint
+      - name: Run license check
+        run: make license
   pre-merge-pipeline:
     needs: pre-checks
     if: ${{ needs.pre-checks.outputs.filtered_projects != '[]' }}
@@ -86,15 +114,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v4.2.2
         with:
           # Checkout the branch that triggered the workflow to avoid detached HEAD
           ref: ${{ github.head_ref }}
       - uses: open-edge-platform/orch-ci/.github/actions/bootstrap@main
         with:
           bootstrap_tools: "yq,aws,oras"
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v4.1.0
         with:
           aws-access-key-id: ${{ secrets.NO_AUTH_S3_PUSH_USERNAME }}
           aws-secret-access-key: ${{ secrets.NO_AUTH_S3_PUSH_PASSWD }}
@@ -117,14 +145,14 @@ jobs:
           echo "PUBLISH=$PUBLISH" >> $GITHUB_ENV
       - name: Configure AWS credentials
         if: ${{ env.PUBLISH == 'true' }}
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v4.1.0
         with:
           aws-access-key-id: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }}
           aws-secret-access-key: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }}
           aws-region: us-west-2
       - name: Login to Amazon ECR
         if: ${{ env.PUBLISH == 'true' }}
-        uses: aws-actions/amazon-ecr-login@v2
+        uses: aws-actions/amazon-ecr-login@v2.0.1
         with:
           registries: "080137407410"
       - if: ${{ env.PUBLISH == 'true'}}
@@ -152,7 +180,7 @@ jobs:
   final-check:
     runs-on: ubuntu-latest
     if: ${{ always() }}
-    needs: [pre-merge-pipeline, pre-merge-os-profiles]
+    needs: [pre-merge-root, pre-merge-pipeline, pre-merge-os-profiles, pre-merge-os-profiles-2]
     steps:
       - name: Final Status Check
         run: |