From b151e36dbe08ae1a4bd7c796595cbd044deb2cee Mon Sep 17 00:00:00 2001
From: Chris Lovering <chris.lovering.95@gmail.com>
Date: Tue, 20 Dec 2022 21:55:40 +0000
Subject: [PATCH] Update CI to use re-usable actions

---
 .github/workflows/build.yaml     | 47 ++++++++++----------------------
 .github/workflows/lint-test.yaml | 19 ++++---------
 .github/workflows/main.yaml      | 38 ++++++++++++++++++++++++++
 3 files changed, 59 insertions(+), 45 deletions(-)
 create mode 100644 .github/workflows/main.yaml

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 792f60c..170ebde 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -1,33 +1,21 @@
 name: Build
 
 on:
-  workflow_run:
-    workflows: ["Lint & Test"]
-    branches:
-      - main
-    types:
-      - completed
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+  workflow_call:
+    inputs:
+      sha-tag:
+        description: "A short-form SHA tag for the commit that triggered this flow"
+        required: true
+        type: string
 
 jobs:
   build:
-    if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push'
     name: Build & Push
     runs-on: ubuntu-latest
 
     steps:
-      # Create a commit SHA-based tag for the container repositories
-      - name: Create SHA Container Tag
-        id: sha_tag
-        run: |
-          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
-          echo "::set-output name=tag::$tag"
       - name: Checkout code
         uses: actions/checkout@v3
-
       # The current version (v2) of Docker's build-push action uses
       # buildx, which comes with BuildKit features that help us speed
       # up our builds using additional cache features. Buildx also
@@ -35,10 +23,10 @@ jobs:
       #
       # See https://github.com/docker/build-push-action
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Login to Github Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -48,7 +36,7 @@ jobs:
       # Repository. The container will be tagged as "latest"
       # and with the short SHA of the commit.
       - name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: .
           file: ./Dockerfile
@@ -57,7 +45,7 @@ jobs:
           cache-to: type=inline
           tags: |
             ghcr.io/python-discord/code-jam-management:latest
-            ghcr.io/python-discord/code-jam-management:${{ steps.sha_tag.outputs.tag }}
+            ghcr.io/python-discord/code-jam-management:${{ inputs.sha-tag }}
           build-args: |
             git_sha=${{ github.sha }}
 
@@ -67,12 +55,6 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      # Create a commit SHA-based tag for the container repositories
-      - name: Create SHA Container Tag
-        id: sha_tag
-        run: |
-          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
-          echo "::set-output name=tag::$tag"
 
       # Check out the private "kubernetes" repository in the `kubernetes`
       # subdirectory using a GitHub Personal Access Token
@@ -82,16 +64,17 @@ jobs:
           repository: python-discord/kubernetes
           path: kubernetes
 
+      - uses: azure/setup-kubectl@v3
+
       - name: Authenticate with Kubernetes
-        uses: azure/k8s-set-context@v1
+        uses: azure/k8s-set-context@v3
         with:
           method: kubeconfig
           kubeconfig: ${{ secrets.KUBECONFIG }}
 
       - name: Deploy to Kubernetes
-        uses: Azure/k8s-deploy@v1
+        uses: Azure/k8s-deploy@v4
         with:
           manifests: |
             kubernetes/namespaces/default/code-jam-management/deployment.yaml
-          images: 'ghcr.io/python-discord/code-jam-management:${{ steps.sha_tag.outputs.tag }}'
-          kubectl-version: 'latest'
+          images: 'ghcr.io/python-discord/code-jam-management:${{ inputs.sha-tag }}'
diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
index acc118a..de2de2b 100644
--- a/.github/workflows/lint-test.yaml
+++ b/.github/workflows/lint-test.yaml
@@ -1,14 +1,8 @@
 name: Lint & Test
 
 on:
-  push:
-    branches:
-      - main
-  pull_request:
+  workflow_call
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
 
 jobs:
   lint:
@@ -35,17 +29,15 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Install Python Dependencies
-        uses: HassanAbouelela/actions/setup-python@setup-python_v1.3.2
+        uses: HassanAbouelela/actions/setup-python@setup-python_v1.4.0
         with:
-          # Set dev=true to install flake8 extensions, which are dev dependencies
-          dev: true
-          python_version: '3.9'
+          python_version: "3.11"
 
       # We will not run `flake8` here, as we will use a separate flake8
       # action. As pre-commit does not support user installs, we set
       # PIP_USER=0 to not do a user install.
       - name: Run pre-commit hooks
-        run: export PIP_USER=0; SKIP=flake8 pre-commit run --all-files
+        run: SKIP=flake8 pre-commit run --all-files
 
       # Run flake8 and have it format the linting errors in the format of
       # the GitHub Workflow command to register error annotations. This
@@ -58,6 +50,7 @@ jobs:
       - name: Run flake8
         run: "flake8 \
         --format='::error file=%(path)s,line=%(row)d,col=%(col)d::[flake8] %(code)s: %(text)s'"
+
       # We run `coverage` using the `python` command so we can suppress
       # irrelevant warnings in our CI output.
       - name: Run tests and generate coverage report
@@ -73,7 +66,7 @@ jobs:
       # print a "job" link in the output of the GitHub Action
       - name: Publish coverage report to coveralls.io
         env:
-            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
         run: coveralls --service=github
 
       # Prepare the Pull Request Payload artifact. If this fails, we
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
new file mode 100644
index 0000000..c8ce12d
--- /dev/null
+++ b/.github/workflows/main.yaml
@@ -0,0 +1,38 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches: main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+
+  lint-test:
+    uses: ./.github/workflows/lint-test.yaml
+    secrets: inherit
+
+  generate-inputs:
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    outputs:
+      sha-tag: ${{ steps.sha-tag.outputs.sha-tag }}
+    steps:
+      - name: Create SHA Container Tag
+        id: sha-tag
+        run: |
+          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
+          echo "sha-tag=$tag" >> $GITHUB_OUTPUT
+
+  build-deploy:
+    if: github.ref == 'refs/heads/main'
+    uses: ./.github/workflows/build.yaml
+    needs:
+      - lint-test
+      - generate-inputs
+    with:
+      sha-tag: ${{ needs.generate-inputs.outputs.sha-tag }}
+    secrets: inherit