Update CI to reusable actions

5 files changed, 76 insertions, 76 deletions

diff --git a/.github/workflows/build.yaml b/.github/workflows/build-deploy.yaml
index 62c83b0a..398711a8 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build-deploy.yaml
@@ -1,42 +1,29 @@
-name: Build
+name: Build & Deploy
 
 on:
-  workflow_run:
-    workflows: ["Lint"]
-    branches:
-      - main
-    types:
-      - completed
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+  workflow_call:
+    inputs:
+      sha-tag:
+        description: "A short-form SHA tag for the commit that triggered this flow"
+        required: true
+        type: string
 
 jobs:
   build:
-    if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push'
     name: Build & Push
     runs-on: ubuntu-latest
 
     steps:
-      # Create a commit SHA-based tag for the container repositories
-      - name: Create SHA Container Tag
-        id: sha_tag
-        run: |
-          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
-          echo "::set-output name=tag::$tag"
 
       # Check out the current repository in the `sir-lancebot` subdirectory
       - name: Checkout code
-        uses: actions/checkout@v2
-        with:
-          path: sir-lancebot
+        uses: actions/checkout@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Login to Github Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -46,16 +33,16 @@ jobs:
       # Repository. The container will be tagged as "latest"
       # and with the short SHA of the commit.
       - name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
-          context: sir-lancebot/
-          file: sir-lancebot/Dockerfile
+          context: .
+          file: ./Dockerfile
           push: true
           cache-from: type=registry,ref=ghcr.io/python-discord/sir-lancebot:latest
           cache-to: type=inline
           tags: |
             ghcr.io/python-discord/sir-lancebot:latest
-            ghcr.io/python-discord/sir-lancebot:${{ steps.sha_tag.outputs.tag }}
+            ghcr.io/python-discord/sir-lancebot:${{ inputs.sha-tag }}
           build-args: |
             git_sha=${{ github.sha }}
 
@@ -66,31 +53,25 @@ jobs:
     environment: production
 
     steps:
-      # Create a commit SHA-based tag for the container repositories
-      - name: Create SHA Container Tag
-        id: sha_tag
-        run: |
-          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
-          echo "::set-output name=tag::$tag"
-
       # Check out the private "kubernetes" repository in the `kubernetes`
       # subdirectory using a GitHub Personal Access Token
-      - name: Checkout code
-        uses: actions/checkout@v2
+      - name: Checkout Kubernetes Repository
+        uses: actions/checkout@v3
         with:
           repository: python-discord/kubernetes
           path: kubernetes
 
+      - uses: azure/setup-kubectl@v3
+
       - name: Authenticate with Kubernetes
-        uses: azure/k8s-set-context@v1
+        uses: azure/k8s-set-context@v3
         with:
           method: kubeconfig
           kubeconfig: ${{ secrets.KUBECONFIG }}
 
       - name: Deploy to Kubernetes
-        uses: Azure/k8s-deploy@v1
+        uses: Azure/k8s-deploy@v4
         with:
           manifests: |
               kubernetes/namespaces/default/sir-lancebot/deployment.yaml
-          images: 'ghcr.io/python-discord/sir-lancebot:${{ steps.sha_tag.outputs.tag }}'
-          kubectl-version: 'latest'
+          images: 'ghcr.io/python-discord/sir-lancebot:${{ inputs.sha-tag }}'
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 0aa9e452..1a5e4bff 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -1,14 +1,6 @@
 name: Lint
 
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+on: workflow_call
 
 jobs:
   lint:
@@ -29,7 +21,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Install Python Dependencies
         uses: HassanAbouelela/actions/setup-python@setup-python_v1.4.0
@@ -87,7 +79,7 @@ jobs:
       - name: Upload a Build Artifact
         if: always() && steps.prepare-artifact.outcome == 'success'
         continue-on-error: true
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: pull-request-payload
           path: pull_request_payload.json
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
new file mode 100644
index 00000000..f71778a0
--- /dev/null
+++ b/.github/workflows/main.yaml
@@ -0,0 +1,43 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches: main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+
+  lint:
+    uses: ./.github/workflows/lint.yaml
+
+  generate-inputs:
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    outputs:
+      sha-tag: ${{ steps.sha-tag.outputs.sha-tag }}
+    steps:
+      - name: Create SHA Container Tag
+        id: sha-tag
+        run: |
+          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
+          echo "sha-tag=$tag" >> $GITHUB_OUTPUT
+
+  build-deploy:
+    if: github.ref == 'refs/heads/main'
+    uses: ./.github/workflows/build-deploy.yaml
+    needs:
+      - lint
+      - generate-inputs
+    with:
+      sha-tag: ${{ needs.generate-inputs.outputs.sha-tag }}
+    secrets: inherit
+
+  sentry-release:
+    if: github.ref == 'refs/heads/main'
+    uses: ./.github/workflows/sentry_release.yaml
+    needs: build-deploy
+    secrets: inherit
diff --git a/.github/workflows/sentry_release.yaml b/.github/workflows/sentry_release.yaml
index c1073386..f8b4a0ad 100644
--- a/.github/workflows/sentry_release.yaml
+++ b/.github/workflows/sentry_release.yaml
@@ -1,20 +1,13 @@
 name: Create Sentry release
 
-on:
-  push:
-    branches:
-      - main
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+on: workflow_call
 
 jobs:
   create_sentry_release:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@main
+        uses: actions/checkout@v3
 
       - name: Create a Sentry.io release
         uses: tclindner/[email protected]
diff --git a/.github/workflows/status_embed.yaml b/.github/workflows/status_embed.yaml
index 737efe00..e5bdc8e9 100644
--- a/.github/workflows/status_embed.yaml
+++ b/.github/workflows/status_embed.yaml
@@ -3,8 +3,7 @@ name: Status Embed
 on:
   workflow_run:
     workflows:
-      - Lint
-      - Build
+      - CI
     types:
       - completed
 
@@ -22,7 +21,7 @@ jobs:
     # - Always run for non-success workflows, as they
     #   terminate the workflow sequence.
     if: >-
-      (github.event.workflow_run.name == 'Build' && github.event.workflow_run.conclusion != 'skipped') ||
+      (github.event.workflow_run.name == 'Build & Deploy' && github.event.workflow_run.conclusion != 'skipped') ||
       github.event.workflow_run.event == 'pull_request' ||
       github.event.workflow_run.conclusion == 'failure' ||
       github.event.workflow_run.conclusion == 'cancelled'
@@ -43,10 +42,10 @@ jobs:
           wget --quiet --header="Authorization: token $GITHUB_TOKEN" -O pull_request_payload.zip $DOWNLOAD_URL || exit 2
           unzip -p pull_request_payload.zip > pull_request_payload.json
           [ -s pull_request_payload.json ] || exit 3
-          echo "::set-output name=pr_author_login::$(jq -r '.user.login // empty' pull_request_payload.json)"
-          echo "::set-output name=pr_number::$(jq -r '.number // empty' pull_request_payload.json)"
-          echo "::set-output name=pr_title::$(jq -r '.title // empty' pull_request_payload.json)"
-          echo "::set-output name=pr_source::$(jq -r '.head.label // empty' pull_request_payload.json)"
+          echo "pr_author_login=$(jq -r '.user.login // empty' pull_request_payload.json)" >> $GITHUB_OUTPUT
+          echo "pr_number=$(jq -r '.number // empty' pull_request_payload.json)" >> $GITHUB_OUTPUT
+          echo "pr_title=$(jq -r '.title // empty' pull_request_payload.json)" >> $GITHUB_OUTPUT
+          echo "pr_source=$(jq -r '.head.label // empty' pull_request_payload.json)" >> $GITHUB_OUTPUT
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -55,22 +54,14 @@ jobs:
       # more information and we can fine tune when we actually want
       # to send an embed.
       - name: GitHub Actions Status Embed for Discord
-        uses: SebastiaanZ/[email protected]
+        uses: SebastiaanZ/[email protected]
         with:
           # Our GitHub Actions webhook
           webhook_id: '784184528997842985'
           webhook_token: ${{ secrets.GHA_WEBHOOK_TOKEN }}
 
           # Workflow information
-          workflow_name: ${{ github.event.workflow_run.name }}
-          run_id: ${{ github.event.workflow_run.id }}
-          run_number: ${{ github.event.workflow_run.run_number }}
           status: ${{ github.event.workflow_run.conclusion }}
-          actor: ${{ github.actor }}
-          repository:  ${{ github.repository }}
-          ref: ${{ github.ref }}
-          sha: ${{ github.event.workflow_run.head_sha }}
-
           pr_author_login: ${{ steps.pr_info.outputs.pr_author_login }}
           pr_number: ${{ steps.pr_info.outputs.pr_number }}
           pr_title: ${{ steps.pr_info.outputs.pr_title }}