chore: Modulesync (v1.2.0-13-g7e7e129)

.github/workflows/ci.yml

@@ -1,79 +1,103 @@
 ---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
 name: 🚦 CI
 
+# yamllint disable-line rule:truthy
 on:
   pull_request:
     branches:
       - main
   workflow_dispatch:
 
-jobs:
-  general_ci:
-    uses: voxpupuli/crafty/.github/workflows/general_ci.yaml@main
-    with:
-      shellcheck_scan_dir: '.'
+concurrency:
+  group: ci-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
 
+jobs:
   setup-matrix:
+    name: Set up build matrix
     runs-on: ubuntu-latest
     outputs:
-      build_matrix: ${{ steps.set-build-matrix.outputs.build_matrix }}
+      build-matrix: ${{ steps.build-matrix.outputs.build-matrix }}
     steps:
-      - name: Source checkout
+      - name: Checkout repository
         uses: actions/checkout@v7
 
-      - name: 'Setup yq'
+      - name: Install yq
         uses: dcarbone/install-yq-action@v1.3.1
 
-      - id: set-build-matrix
-        run: echo "build_matrix=$(bash matrix.sh build)" >> $GITHUB_OUTPUT
+      - name: Generate build matrix
+        id: build-matrix
+        run: echo "build-matrix=$(bash matrix.sh build)" >> "$GITHUB_OUTPUT"
 
-  build_test_container:
-    name: 'Build test container'
+  general-ci:
+    name: General CI
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    uses: voxpupuli/crafty/.github/workflows/general_ci.yaml@main
+    with:
+      shellcheck_scan_dir: '.'
+
+  build-container:
+    name: Build test container
     runs-on: ${{ matrix.runner }}
-    needs: setup-matrix
+    needs:
+      - setup-matrix
     strategy:
-      matrix: ${{ fromJson(needs.setup-matrix.outputs.build_matrix) }}
+      fail-fast: false
+      matrix: ${{ fromJSON(needs.setup-matrix.outputs.build-matrix) }}
+    permissions:
+      actions: read
+      contents: read
     steps:
       - name: Checkout repository
         uses: actions/checkout@v7
 
       - name: Build image
         uses: docker/build-push-action@v7
         with:
-          tags: 'ci/test:${{ matrix.source_webhook_go }}'
-          push: false
+          context: .
           file: Containerfile
+          tags: 'ci/r10k-webhook:${{ matrix.source_webhook_go }}'
+          push: false
+          platforms: linux/${{ matrix.platform }}
           build-args: |
             R10K_VERSION=${{ matrix.container_r10k }}
             WEBHOOK_GO_VERSION=${{ matrix.source_webhook_go }}
-          platforms: linux/${{ matrix.platform }}
 
   tests:
-    needs:
-      - general_ci
-      - build_test_container
-    runs-on: ubuntu-latest
     name: Test suite
+    if: always()
+    needs:
+      - setup-matrix
+      - general-ci
+      - build-container
+    runs-on: ubuntu-24.04
     steps:
-      - run: echo Test suite completed
+      - name: Verify required jobs
+        uses: re-actors/alls-green@release/v1
+        with:
+          jobs: ${{ toJSON(needs) }}
 
   dependabot:
-    permissions:
-      contents: write
-    name: 'Dependabot auto-merge'
+    name: Dependabot auto-merge
+    if: github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'
     needs:
       - tests
     runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}}
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
-      - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v3.1.0
-        with:
-          github-token: '${{ secrets.GITHUB_TOKEN }}'
-
-      - name: Enable auto-merge for Dependabot PRs
-        run: gh pr merge --auto --merge "$PR_URL"
+      - name: Enable auto-merge for Dependabot PR
         env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          GH_TOKEN: ${{ github.token }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: gh pr merge --auto --merge "$PR_URL"