ci: merge tester and tester-tag into a single parallel workflow

Consolidate tester.yml and tester-tag.yml into a single ci workflow
with two independent parallel jobs:

- test-instance-ids  — targets by explicit instance ID (existing behaviour)
- test-tag-targeting — targets by tag (Key=tag:env + Key=tag:role)

Both jobs run on push to develop/main and workflow_dispatch. The
dispatch input 'environment' controls the tag value for the tag job
(defaults to 'production' on push). Neither job depends on the other.

Delete tester-tag.yml.

Author: zAbuQasem

.github/workflows/tester-tag.yml

@@ -2,9 +2,17 @@ name: ci
 
 on:
   workflow_dispatch:
+    inputs:
+      environment:
+        description: "Tag-targeting environment (used by the tag-targeting job)"
+        required: false
+        default: production
+        type: choice
+        options: [staging, production]
   push:
     branches:
       - develop
+      - main
 
 env:
   MINIMUM_PACKAGE_AGE_HOURS: 0
@@ -17,8 +25,9 @@ permissions:
   contents: read
 
 jobs:
-  test:
-    name: Integration test
+  # ── Job 1: target by instance ID ─────────────────────────────────────────────
+  test-instance-ids:
+    name: Integration test — instance-ids
     runs-on: ubuntu-latest
 
     steps:
@@ -46,20 +55,69 @@ jobs:
           role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
           aws-region: ${{ secrets.AWS_REGION }}
 
-      - name: Run SSM command
-        id: deploy
+      - name: Run SSM command (instance-ids)
+        id: ssm
         uses: ./
         with:
           aws-region: ${{ secrets.AWS_REGION }}
           instance-ids: ${{ secrets.INSTANCE_ID }}
+          working-directory: /home/ec2-user
           wait-for-output: true
           wait-timeout: 180
-          working-directory: /home/ec2-user
-          comment: aws-ssm-action CI test
+          comment: ci — instance-ids — ${{ github.sha }}
           command: |
             echo "Hello from GitHub Actions!" >> logs.txt
             echo $(date) >> logs.txt
             cat logs.txt
 
       - name: Print output
-        run: echo "${{ steps.deploy.outputs.output }}"
+        run: echo "${{ steps.ssm.outputs.output }}"
+
+  # ── Job 2: target by tag ──────────────────────────────────────────────────────
+  test-tag-targeting:
+    name: Integration test — tag targeting
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2
+
+      - name: Install safe-chain
+        run: |
+          curl -fsSL "https://github.com/AikidoSec/safe-chain/releases/download/${SAFE_CHAIN_VERSION}/install-safe-chain.sh" \
+            -o install-safe-chain.sh
+          echo "${SAFE_CHAIN_SHA256}  install-safe-chain.sh" | sha256sum --check
+          sh install-safe-chain.sh --ci
+
+      - name: Install dependencies
+        run: bun install
+        env:
+          SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS: ${{ env.MINIMUM_PACKAGE_AGE_HOURS }}
+
+      - name: Configure AWS credentials (OIDC)
+        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Run SSM command (tag targeting)
+        id: ssm
+        uses: ./
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          targets: |
+            Key=tag:env,Values=${{ inputs.environment || 'production' }}
+            Key=tag:role,Values=web
+          working-directory: /home/ec2-user
+          wait-for-output: true
+          wait-timeout: 180
+          comment: ci — tags — ${{ github.sha }}
+          command: |
+            echo "$(date -u +%Y-%m-%dT%H:%M:%SZ) Hello from tag-targeting CI" >> logs.txt
+            cat logs.txt
+
+      - name: Print output
+        run: echo "${{ steps.ssm.outputs.output }}"