[#13] reuse open-api-workflows workflows

.github/workflows/ci.yml

@@ -29,27 +29,18 @@ jobs:
 
       - name: Get changed PY files
         id: changed-py-files
-        uses: tj-actions/changed-files@v41
+        uses: tj-actions/changed-files@v45
         with:
-          files: |
-            ^src/.+\.py
-
-      - name: Get changed JS files
-        id: changed-js-files
-        uses: tj-actions/changed-files@v41
-        with:
-          files: |
-            ^src/.+\.js
+          files: src/{,**/}*.py
 
       - name: Get changed requirements files
         id: changed-requirements
-        uses: tj-actions/changed-files@v41
+        uses: tj-actions/changed-files@v45
         with:
-          files: ^requirements/.+\.txt$
+          files: requirements/*.txt
 
     outputs:
       changed-py-files: ${{ steps.changed-py-files.outputs.any_changed }}
-      changed-js-files: ${{ steps.changed-js-files.outputs.any_changed }}
       changed-requirements: ${{ steps.changed-requirements.outputs.any_changed }}
 
   tests:
@@ -79,32 +70,20 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
+      - name: Set up backend environment
+        uses: maykinmedia/[email protected]
         with:
           python-version: '3.11'
-      - uses: actions/setup-node@v4
-        with:
-          node-version: '18'
-
-      - name: Install system packages
-        run: |
-          sudo apt-get update \
-          && sudo apt-get install -y --no-install-recommends
-      - name: Install dependencies
-        run: pip install -r requirements/dev.txt codecov
-      - name: Build frontend
-        run: |
-          npm ci
-          npm run build
+          setup-node: true
       - name: Run tests
         run: |
           python src/manage.py collectstatic --noinput --link
           coverage run src/manage.py test src
         env:
-          DJANGO_SETTINGS_MODULE: referentielijsten.conf.ci
+          DJANGO_SETTINGS_MODULE: ${{ env.DJANGO_SETTINGS_MODULE }}
           SECRET_KEY: dummy
-          DB_USER: postgres
-          DB_PASSWORD: ''
+          DB_USER: ${{ env.DB_USER }}
+          DB_PASSWORD: ${{ env.DB_PASSWORD }}
 
       - name: Publish coverage report
         uses: codecov/[email protected]
@@ -117,13 +96,11 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
+      - name: Set up backend environment
+        uses: maykinmedia/[email protected]
         with:
           python-version: '3.11'
-          cache: 'pip'
-          cache-dependency-path: 'requirements/*.txt'
-      - name: Install dependencies
-        run: pip install -r requirements/ci.txt pytest
+
       - name: Generate environment variable documentation using OAf and check if it was updated
         run: |
           bin/generate_envvar_docs.sh
@@ -134,102 +111,37 @@ jobs:
               exit 1
           fi
         env:
-          DJANGO_SETTINGS_MODULE: referentielijsten.conf.ci
+          DJANGO_SETTINGS_MODULE: ${{ env.DJANGO_SETTINGS_MODULE }}
 
-  docker:
-    needs: tests
-    name: Docker image build
+  store-reusable-workflow-vars:
+    name: create values which can be passed through a reusable workflow
     runs-on: ubuntu-latest
+    outputs:
+      image-name: ${{ steps.image-name.outputs.image-name }}
 
     steps:
-      - uses: actions/checkout@v4
-      - name: Determine tag/commit hash
-        id: vars
-        run: |
-          # Strip git ref prefix from version
-          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-          # Strip "v" prefix from tag name (if present at all)
-          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
-          # Use Docker `latest` tag convention
-          [ "$VERSION" == "master" ] && VERSION=latest
-          echo "tag=${VERSION}" >> $GITHUB_OUTPUT
-          echo "git_hash=${GITHUB_SHA}" >> $GITHUB_OUTPUT
-      - name: Build the Docker image
-        run: |
-          docker build . \
-            --tag $IMAGE_NAME:$RELEASE_VERSION \
-            --build-arg COMMIT_HASH=${{ steps.vars.outputs.git_hash }} \
-            --build-arg RELEASE=${{ steps.vars.outputs.tag }} \
-        env:
-          RELEASE_VERSION: ${{ steps.vars.outputs.tag }}
-
-      - run: docker image save -o image.tar $IMAGE_NAME:${{ steps.vars.outputs.tag }}
-      - name: Store image artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: docker-image
-          path: image.tar
-          retention-days: 1
+      - run: echo "image-name=$IMAGE_NAME" >> $GITHUB_OUTPUT
+        name: 'Store the docker image name'
+        id: image-name
 
-  image_scan:
-    runs-on: ubuntu-latest
-    name: Scan docker image
+  open-api-ci:
+    uses: maykinmedia/open-api-workflows/.github/workflows/ci.yml@v1
     needs:
-      - docker
-
-    steps:
-      - name: Download built image
-        uses: actions/download-artifact@v3
-        with:
-          name: docker-image
-      - name: Scan image with Trivy
-        uses: aquasecurity/trivy-action@master
-        with:
-          input: /github/workspace/image.tar  # from download-artifact
-          format: 'sarif'
-          output: 'trivy-results-docker.sarif'
-          ignore-unfixed: true
-      - name: Upload results to GH Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: 'trivy-results-docker.sarif'
-
-  publish:
+      - store-reusable-workflow-vars
+    with:
+      main-branch: 'master'
+      python-version: '3.11'
+      docker-image-name: ${{ needs.store-reusable-workflow-vars.outputs.image-name }}
+
+  open-api-publish:
+    uses: maykinmedia/open-api-workflows/.github/workflows/publish.yml@v1
     needs:
+      - store-reusable-workflow-vars
+      - open-api-ci
       - tests
-      - docker
-
-    name: Push Docker image
-    runs-on: ubuntu-latest
-    if: github.event_name == 'push' # exclude PRs
-
-    steps:
-      - uses: actions/checkout@v4
-      - name: Download built image
-        uses: actions/download-artifact@v3
-        with:
-          name: docker-image
-
-      - name: Determine tag/commit hash
-        id: vars
-        run: |
-          # Strip git ref prefix from version
-          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-
-          # Strip "v" prefix from tag name (if present at all)
-          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
-
-          # Use Docker `latest` tag convention
-          [ "$VERSION" == "master" ] && VERSION=latest
-
-          echo "tag=${VERSION}" >> $GITHUB_OUTPUT
-
-      - name: Load image
-        run: |
-          docker image load -i image.tar
-
-      - name: Log into registry
-        run: echo "${{ secrets.DOCKER_TOKEN }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
-
-      - name: Push the Docker image
-        run: docker push $IMAGE_NAME:${{ steps.vars.outputs.tag }}
+    with:
+      docker-image-name: ${{ needs.store-reusable-workflow-vars.outputs.image-name }}
+      repository-owner: 'maykinmedia'
+    secrets:
+      docker-username: ${{ secrets.DOCKER_USERNAME }}
+      docker-token: ${{ secrets.DOCKER_TOKEN }}

.github/workflows/code-quality.yml

@@ -15,91 +15,12 @@ on:
   workflow_dispatch:
 
 jobs:
-  isort:
-    name: Code imports
-    runs-on: ubuntu-latest
+  open-api-workflow-code-quality:
+    uses: maykinmedia/open-api-workflows/.github/workflows/code-quality.yml@v1
+    with:
+      python-version: '3.11'
+      node-version: '18'
 
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
-        with:
-          python-version: '3.11'
-          cache: 'pip'
-          cache-dependency-path: 'requirements/*.txt'
-      - name: Install dependencies
-        run: pip install -r requirements/ci.txt
-      - name: Run isort
-        run: isort --check-only --diff .
+      postgres-image: 'postgres:15'
 
-  black:
-    name: Code format
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
-        with:
-          python-version: '3.11'
-          cache: 'pip'
-          cache-dependency-path: 'requirements/*.txt'
-      - name: Install dependencies
-        run: pip install -r requirements/ci.txt
-      - name: Run black
-        run: black --check --diff src docs
-
-  flake8:
-    name: Code style
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
-        with:
-          python-version: '3.11'
-          cache: 'pip'
-          cache-dependency-path: 'requirements/*.txt'
-      - name: Install dependencies
-        run: pip install -r requirements/ci.txt
-      - name: Run flake8
-        run: flake8 src
-
-  migrations:
-    name: Check for model changes not present in the migrations
-    runs-on: ubuntu-latest
-
-    services:
-      postgres:
-        image: postgis/postgis:12-2.5
-        env:
-          POSTGRES_HOST_AUTH_METHOD: trust
-        ports:
-          - 5432:5432
-        # Needed because the postgres container does not provide a healthcheck
-        options:
-          --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
-
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
-        with:
-          python-version: '3.11'
-          cache: 'pip'
-          cache-dependency-path: 'requirements/*.txt'
-      - name: Install system packages
-        run: |
-          sudo apt-get update \
-          && sudo apt-get install -y --no-install-recommends \
-            libgdal-dev \
-            gdal-bin
-
-      - name: Install dependencies
-        run: pip install -r requirements/ci.txt
-
-      - name: Check for missing migrations
-        run: src/manage.py makemigrations --check --dry-run
-        env:
-          DJANGO_SETTINGS_MODULE: referentielijsten.conf.ci
-          SECRET_KEY: dummy
-          DB_USER: postgres
-          DB_NAME: postgres
-          DB_PASSWORD: ''
+      django-settings-module: 'referentielijsten.conf.ci'

.github/workflows/codeql-analysis.yml

@@ -9,30 +9,5 @@ on:
     - cron: '0 23 * * 6'
 
 jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: ['javascript', 'python']
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: ${{ matrix.language }}
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+  open-api-workflow-code-analysis:
+    uses: maykinmedia/open-api-workflows/.github/workflows/code-analysis.yml@v1

.github/workflows/generate-postman-collection.yml

@@ -3,30 +3,15 @@ name: generate-postman-collection
 on:
   push:
     paths:
-      - "src/referentielijsten/api/v*/openapi.yaml"
+      - "src/referentielijsten/api/openapi.yaml"
       - ".github/workflows/generate-postman-collection.yml"
     branches:
       - '**'
   workflow_dispatch:
 
 jobs:
-  run:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        version: [ 'v1' ]
-
-    name: Run with version ${{ matrix.version }}
-
-    steps:
-      - uses: actions/checkout@v4
-      - name: Use Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '18'
-      - name: Install dependencies
-        run: npm install -g openapi-to-postmanv2
-      - name: Create tests folder
-        run: mkdir -p ./tests/postman
-      - name: Generate Postman collection
-        run: openapi2postmanv2 -s ./src/referentielijsten/api/openapi.yaml -o ./tests/postman/collection.json --pretty
+  open-api-workflow-generate-postman-collection:
+    uses: maykinmedia/open-api-workflows/.github/workflows/generate-postman-collection.yml@v1
+    with:
+      node-version: '18'
+      schema-path: 'src/referentielijsten/api/openapi.yaml'