Fix/docker push (#389)

* fix(deps): 🔒 (#388) update docker file deps

* chore(gh-action): 👷 (#388) use workflow calls instead of tag trigger

* chore(gh-action): 🐛 (#388) fix within worfklow runs

* chore(gh-action): 🔒  (#388) small permission fix

* chore(gh-action): 🐛  (#388) small typo fix

.github/workflows/lint.yml

@@ -1,20 +1,20 @@
 name: Lint
 
 on:
-  pull_request:
   push:
-  # manual trigger
+    branches:
+      - "!main"
+  pull_request:
+  workflow_call:
   workflow_dispatch:
 
 jobs:
-
   lint:
-
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
-    - name: markdownlint
-      run: make markdownlint
-    - name: prune
-      run: make prune
+      - uses: actions/checkout@v3
+      - name: markdownlint
+        run: make markdownlint
+      - name: prune
+        run: make prune

.github/workflows/push_docker.yml

@@ -1,75 +1,59 @@
 name: push-docker
 
 on:
-  # Allow manual runs.
   workflow_dispatch:
-  # Also run on updates to this repo.
-  push:
-    branches:
-      - main
-    tags:
-      - 'v*'
-    paths-ignore:
-      - '**/*.md'
+  workflow_call:
 
 jobs:
-
-  build-and-push:
+  build_and_push:
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
 
     strategy:
       matrix:
-        variant: [ "actions-template-sync" ]
+        variant: ["actions-template-sync"]
 
     steps:
-      -
-        name: checkout
+      - name: checkout
         uses: actions/checkout@v3
-      -
-        name: Login to DockerHub
+      - name: Login to DockerHub
         if: github.event_name != 'pull_request'
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Login to GHCR
+      - name: Login to GHCR
         if: github.event_name != 'pull_request'
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: Extract metadata (tags, labels) for Docker
+      - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@v4
         with:
           images: |
             andyAugustin/${{ matrix.variant }}
             ghcr.io/AndreasAugustin/${{ matrix.variant }}
-      -
-        name: Build and push ${{ matrix.variant }}
+      - name: Build and push ${{ matrix.variant }}
         uses: docker/build-push-action@v3
         with:
           context: ./src/
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-      -
-        name: Docker Hub Description
+      - name: Docker Hub Description
         uses: peter-evans/dockerhub-description@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
           repository: andyAugustin/${{ matrix.variant }}
           # readme-filepath: ./images/${{ matrix.variant }}/README.md
           # short-description: See https://github.com/${{ github.repository }}/images/${{ matrix.variant }} for the source.
-      -
-        name: run tests
+      - name: run tests
         run: |
           echo "Install container tools"
           curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 \

.github/workflows/release.yml

@@ -0,0 +1,33 @@
+name: release
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  call_shellcheck:
+    uses: ./.github/workflows/shellcheck.yml
+  call_lint:
+    uses: ./.github/workflows/lint.yml
+  call_test_all:
+    uses: ./.github/workflows/test_all.yml
+    secrets: inherit
+  call_release_please:
+    needs:
+      - call_shellcheck
+      - call_lint
+      - call_test_all
+    permissions:
+      contents: write
+      pull-requests: write
+    uses: ./.github/workflows/release_please.yml
+  call_push_docker:
+    if: ${{ needs.call_release_please.outputs.release_created }}
+    needs:
+      - call_release_please
+    permissions:
+      contents: read
+      packages: write
+    uses: ./.github/workflows/push_docker.yml
+    secrets: inherit

.github/workflows/release_please.yml

@@ -1,9 +1,14 @@
 name: release-please
 
 on:
-  push:
-    branches:
-      - main
+  workflow_call:
+    outputs:
+      release_created:
+        description: "Set if the release has been created"
+        value: ${{ jobs.release-please.outputs.release_created }}
+      tag_name:
+        description: "The tag name"
+        value: ${{ jobs.release-please.outputs.tag_name }}
   workflow_dispatch:
 
 permissions:

.github/workflows/shellcheck.yml

@@ -2,13 +2,17 @@ name: shellcheck
 
 on:
   push:
+    branches:
+      - "!main"
+  pull_request:
+  workflow_call:
   workflow_dispatch:
 
 jobs:
   shellcheck:
     name: Shellcheck
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
-    - name: Run shellcheck in container
-      run: make shellcheck
+      - uses: actions/checkout@v3
+      - name: Run shellcheck in container
+        run: make shellcheck

.github/workflows/test.yml

@@ -1,9 +1,11 @@
 name: test
 
 on:
-  pull_request:
   push:
-  # manual trigger
+  #   branches:
+  #     - "!main"
+  # pull_request:
+  workflow_call:
   workflow_dispatch:
 
 jobs:

.github/workflows/test_all.yml

@@ -0,0 +1,23 @@
+name: test-all
+
+on:
+  push:
+    branches:
+      - "!main"
+  # pull_request:
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+  call_test_hooks:
+    uses: ./.github/workflows/test_hooks.yml
+    secrets: inherit
+  call_test_ssh_gitlab:
+    uses: ./.github/workflows/test_ssh_gitlab.yml
+    secrets: inherit
+  call_test_ssh:
+    uses: ./.github/workflows/test_ssh.yml
+    secrets: inherit
+  call_test:
+    uses: ./.github/workflows/test.yml
+    secrets: inherit

.github/workflows/test_hooks.yml

@@ -1,24 +1,22 @@
 name: test-hooks
 
 on:
-  pull_request:
   push:
-  # manual trigger
+  #   branches:
+  #     - "!main"
+  # pull_request:
+  workflow_call:
   workflow_dispatch:
 
 jobs:
-
   test-implementation-job:
-
     runs-on: ubuntu-latest
 
     steps:
       # To use this repository's private action, you must check out the repository
-      -
-        name: Checkout
+      - name: Checkout
         uses: actions/checkout@v3
-      -
-        name: Test action step
+      - name: Test action step
         uses: ./ # Uses an action in the root directory
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test_ssh.yml

@@ -1,9 +1,11 @@
 name: test-ssh
 
 on:
-  # pull_request:
   push:
-  # manual trigger
+  #   branches:
+  #     - "!main"
+  # pull_request:
+  workflow_call:
   workflow_dispatch:
 
 jobs:

.github/workflows/test_ssh_gitlab.yml

@@ -1,23 +1,22 @@
 name: test-ssh-gitlab
 
 on:
-  # pull_request:
   push:
-  # manual trigger
+  #   branches:
+  #     - "!main"
+  # pull_request:
+  workflow_call:
   workflow_dispatch:
 
 jobs:
   test-implementation-job:
-
     runs-on: ubuntu-latest
 
     steps:
       # To use this repository's private action, you must check out the repository
-      -
-        name: Checkout
+      - name: Checkout
         uses: actions/checkout@v3
-      -
-        name: Test action step ssh
+      - name: Test action step ssh
         if: github.repository_owner == 'AndreasAugustin'
         uses: ./ # Uses an action in the root directory
         with:

Dockerfile

@@ -3,7 +3,7 @@
 ######################################
 FROM alpine:3.18.3 as dev
 
-ARG GH_CLI_VER=2.21.1
+ARG GH_CLI_VER=2.34.0
 
 # install packages
 RUN apk add --update --no-cache bash make git zsh curl tmux musl openssh git-lfs vim yq

src/Dockerfile

@@ -1,6 +1,6 @@
 FROM alpine:3.18.3
 
-ARG GH_CLI_VER=2.21.1
+ARG GH_CLI_VER=2.34.0
 
 # TODO(anau) change user
 ARG GITHUB_URL="https://github.com/AndreasAugustin/actions-template-sync"