chore(ci): workflow updates (#180)

* Use pr-validate.yml and cut down pr-open.yml

* Use shared job for pr-close.yml

* Adjust merge triggers, go sequential

* Use PR number tags through TEST and PROD

* Remove ghcr cleanup, handled by buider action

.github/workflows/merge.yml

@@ -1,18 +1,33 @@
 name: Merge
 
 on:
-  workflow_run:
-    workflows: [PR Closed]
-    types: [completed]
-  workflow_dispatch:
+  push:
+    branches: [main]
+    paths-ignore:
+      - '*.md'
+      - '.github/**'
+      - '.github/graphics/**'
+      - '!.github/workflows/**'
 
 concurrency:
+  # Do not interrupt previous workflows
   group: ${{ github.workflow }}
-  cancel-in-progress: true
+  cancel-in-progress: false
 
 jobs:
+  vars:
+    name: Variables
+    outputs: ${{ steps.pr.outputs.pr }}
+  runs-on: ubuntu-latest
+  steps:
+      # Get PR number for squash merges to main
+      - name: PR Number
+        id: pr
+        uses: bcgov-nr/[email protected]
+
   deploys-test:
     name: TEST Deploys
+    needs: [vars]
     environment: test
     runs-on: ubuntu-22.04
     permissions:
@@ -40,13 +55,13 @@ jobs:
           overwrite: ${{ matrix.overwrite }}
           parameters:
             -p ZONE=test -p NAME=${{ github.event.repository.name }}
-            -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:test
+            -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:${{ needs.vars.outputs.pr }}
             ${{ matrix.parameters }}
           verification_path: ${{ matrix.verification_path }}
 
   deploys-prod:
     name: PROD Deploys
-    needs: [deploys-test]
+    needs: [vars, deploys-test]
     environment: prod
     runs-on: ubuntu-22.04
     strategy:
@@ -70,13 +85,13 @@ jobs:
           overwrite: ${{ matrix.overwrite }}
           parameters:
             -p ZONE=prod -p NAME=${{ github.event.repository.name }}
-            -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:test
+            -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:${{ needs.vars.outputs.pr }}
             ${{ matrix.parameters }}
           verification_path: ${{ matrix.verification_path }}
 
   image-promotions:
     name: Promote images
-    needs: [deploys-prod]
+    needs: [vars, deploys-prod]
     runs-on: ubuntu-22.04
     permissions:
       packages: write
@@ -88,20 +103,5 @@ jobs:
         with:
           registry: ghcr.io
           repository: ${{ github.repository }}/${{ matrix.component }}
-          target: test
+          target: ${{ needs.vars.outputs.pr }}
           tags: prod
-
-  ghcr-cleanup:
-    name: GHCR Cleanup
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        name: [backend, frontend]
-    steps:
-      - name: Keep last 50
-        uses: actions/delete-package-versions@v5
-        with:
-          package-name: "${{ github.event.repository.name }}/${{ matrix.name }}"
-          package-type: "container"
-          min-versions-to-keep: 50
-          ignore-versions: "^(prod|test)$"

.github/workflows/pr-close.yml

@@ -2,43 +2,20 @@ name: PR Closed
 
 on:
   pull_request:
-    branches: [main]
     types: [closed]
 
 concurrency:
   # PR open and close use the same group, allowing only one at a time
-  group: pr-${{ github.workflow }}-${{ github.event.number }}
+  group: ${{ github.event.number }}
   cancel-in-progress: true
 
 jobs:
-  # Clean up OpenShift when PR closed, no conditions
-  cleanup-openshift:
-    name: Cleanup OpenShift
-    if: "!github.event.pull_request.head.repo.fork"
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Remove OpenShift artifacts
-        run: |
-          oc login --token=${{ secrets.OC_TOKEN }} --server=${{ vars.OC_SERVER }}
-          oc project ${{ vars.OC_NAMESPACE }}
-
-          # Remove old build runs, build pods and deployment pods
-          oc delete all,pvc,secret -l app=${{ github.event.repository.name }}-${{ github.event.number }}
-
-  # If merged into main, then handle any image promotions
-  image-promotions:
-    name: Image Promotions
-    if: github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'main'
-    runs-on: ubuntu-22.04
-    permissions:
-      packages: write
-    strategy:
-      matrix:
-        package: [backend, frontend]
-    steps:
-      - uses: shrink/actions-docker-registry-tag@v4
-        with:
-          registry: ghcr.io
-          repository: ${{ github.repository }}/${{ matrix.package }}
-          target: ${{ github.event.number }}
-          tags: test
+  cleanup:
+    name: Cleanup and Images
+    uses: bcgov/quickstart-openshift-helpers/.github/workflows/[email protected]
+    secrets:
+      oc_namespace: ${{ secrets.OC_NAMESPACE }}
+      oc_token: ${{ secrets.OC_TOKEN }}
+    with:
+      cleanup: label
+      packages: backend frontend

.github/workflows/pr-open.yml

@@ -2,48 +2,16 @@ name: PR
 
 on:
   pull_request:
-    branches: [main]
-  workflow_dispatch:
 
 concurrency:
-  # PR open and close use the same group, allowing only one at a time
-  group: pr-${{ github.workflow }}-${{ github.event.number }}
-  cancel-in-progress: true
+  # Cancel in progress for PR open and close
+  group: ${{ github.event.number }}
+  cancel-in-progress: false
 
 jobs:
-  pr-greeting:
-    if: "!github.event.pull_request.head.repo.fork"
-    name: PR Greeting
-    env:
-      DOMAIN: apps.silver.devops.gov.bc.ca
-      PREFIX: ${{ github.event.repository.name }}-${{ github.event.number }}
-    runs-on: ubuntu-22.04
-    permissions:
-      pull-requests: write
-    steps:
-      - name: PR Greeting
-        uses: bcgov-nr/[email protected]
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          add_markdown: |
-            ---
-
-            Thanks for the PR!
-
-            Deployments, as required, will be available below:
-            - [Frontend](https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }})
-            - [Backend](https://${{ env.PREFIX }}-backend.${{ env.DOMAIN }})
-
-            Please create PRs in draft mode.  Mark as ready to enable:
-            - [Analysis Workflow](https://github.com/${{ github.repository }}/actions/workflows/analysis.yml)
-
-            After merge, new images are promoted to:
-            - [Merge Workflow](https://github.com/${{ github.repository }}/actions/workflows/merge-main.yml)
-
   # https://github.com/bcgov-nr/action-builder-ghcr
   builds:
     name: Builds
-    if: "!github.event.pull_request.head.repo.fork"
     runs-on: ubuntu-22.04
     permissions:
       packages: write
@@ -67,7 +35,6 @@ jobs:
   # https://github.com/bcgov-nr/action-deployer-openshift
   deploys:
     name: Deploys
-    if: "!github.event.pull_request.head.repo.fork"
     needs: [builds]
     runs-on: ubuntu-22.04
     strategy:

.github/workflows/pr-validate.yml

@@ -0,0 +1,35 @@
+name: PR Validate
+
+on:
+  pull_request:
+    types: [edited, opened, synchronize, reopened, ready_for_review]
+
+concurrency:
+  group: ${{ github.workflow }}-edit-${{ github.event.number }}
+  cancel-in-progress: true
+
+jobs:
+  validate:
+    name: Validate PR
+    if: (! github.event.pull_request.draft)
+    uses: bcgov/quickstart-openshift-helpers/.github/workflows/[email protected]
+    with:
+      markdown_links: |
+        - [Frontend](https://${{ github.event.repository.name }}-${{ github.event.number }}-frontend.apps.silver.devops.gov.bc.ca)
+        - [Backend](https://${{ github.event.repository.name }}-${{ github.event.number }}-frontend.apps.silver.devops.gov.bc.ca/api)
+
+  results:
+    name: Validate Results
+    if: always()
+    needs: [validate]
+    runs-on: ubuntu-22.04
+    steps:
+      - run: |
+          # View results
+          echo "needs.*.result: ${{ toJson(needs.*.result) }}"
+
+      - if: contains(needs.*.result, 'failure')
+        run: |
+          # Job failure found
+          echo "At least one job has failed"
+          exit 1