ci: replace inline build with shared reusable workflow#16
Merged
Conversation
Replace the monolithic inline build job (checkout, change detection, version computation, Docker build/push, Cosign signing, Trivy scanning) with a single call to the org-level reusable workflow (bcit-tlu/.github oci-build.yaml), matching hriv's ci.yaml structure. - go-test and helm-lint quality gates stay inline (repo-specific). - Build job renamed: build → build-haproxy-operator (required status check must be updated in branch protection). - tag_prefix='v' for single-component repo. - Removed REGISTRY env var (handled by reusable workflow). - Removed !cancelled() + quality-gate check pattern — the reusable workflow is a simple needs-chain, which is what hriv uses. Co-Authored-By: kyle_hunter@bcit.ca <kyle_hunter@bcit.ca>
Contributor
Author
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
⚙️ Control Options:
|
Co-Authored-By: kyle_hunter@bcit.ca <kyle_hunter@bcit.ca>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaces the monolithic inline
buildjob inci.yaml(checkout, change detection, version computation, Docker build/push, Cosign signing, Trivy scanning — ~210 lines) with a single call to the org-level reusable workflowbcit-tlu/.github/.github/workflows/oci-build.yaml@main, matching the pattern established in hriv's ci.yaml.Before → After
uses: bcit-tlu/.github/.github/workflows/oci-build.yaml@mainbuildbuild-haproxy-operatordocker/build-push-actionUnchanged:
go-testquality gate (repo-specific)helm-lint(independent parallel job)release-please.yaml,helm-publish.yaml,release-retag.yaml,pr-title-lint.yaml)sha-<fullsha>+<ver>-rc.<ts>.<short>)Review & Testing Checklist for Human
buildtobuild-haproxy-operator(also check ifbuild / buildor similar naming was used)bcit-tlu/.githubmust allow workflow calls from this repo (org-level Actions setting)build-haproxy-operatorruns via the reusable workflow and produces the expectedsha-<sha>+ rc tagsNotes
bump-minor-pre-majorfor the RC tag prefix (it always bumps major for breaking changes). This is acceptable because RC tags are informational/sorting only — actual releases use release-please which respects thebump-minor-pre-majorconfig.REGISTRYenv var removed from workflow level (the reusable workflow defines its own).!cancelled()+ quality-gate-check pattern was removed in favor of a simpleneeds: [go-test]chain, matching hriv's approach.actions: readpermission retained forcodeql-action/upload-sarifon private repos.Link to Devin session: https://app.devin.ai/sessions/616a3e66529e458fbcfc0b6cca2703a7
Requested by: @kphunter