bring in matrix builds from Hyku structure

.github/workflows/brakeman-audit.yaml

@@ -45,7 +45,7 @@ jobs:
     steps:
       - id: setup
         name: Setup
-        uses: notch8/actions/setup-env@v1.0.8
+        uses: notch8/actions/setup-env@v1.0.9
         with:
           tag: ${{ inputs.tag }}
           token: ${{ secrets.CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }}

.github/workflows/build.yaml

@@ -2,19 +2,17 @@ name: "Build Docker Images"
 on:
   workflow_dispatch:
     inputs:
-      baseTarget:
-        description: "Used to set your target for the base image"
+      components:
+        default: '["base", "solr", "web", "worker"]'
+        description: "Used to set your target for the components"
         required: false
         type: string
       image_name:
         description: "Docker image name part. Fills in ghcr.io/IMAGE_NAME. Typically this is the `repo_name`, but in some projects it might be `repo_name/sub_name`"
         type: string
-      platforms:
-        default: "linux/amd64,linux/arm64"
-        description: "Which platforms you would like built through CI"
-        type: string
-      solrTarget:
-        description: "Used to set your target for the solr image"
+      os:
+        default: '["ubuntu-latest", "ubuntu-24.04-arm"]'
+        description: "Used to set your target for the operating system"
         required: false
         type: string
       subdir:
@@ -23,29 +21,30 @@ on:
       tag:
         required: false
         type: string
-      webTarget:
-        description: "Used to set your target for the web image"
-        required: false
-        type: string
-      workerTarget:
-        description: "Used to set your target for the worker image"
+      debug_step:
+        description: "Pause build to debug with tmate (ssh)"
         required: false
-        type: string
+        type: choice
+        default: ""
+        options:
+          - ""
+          - build
+          - lint
+          - test
+
   workflow_call:
     inputs:
-      baseTarget:
-        description: "Used to set your target for the base image"
+      components:
+        default: '["base", "solr", "web", "worker"]'
+        description: "Used to set your target for the components"
         required: false
         type: string
       image_name:
         description: "Docker image name part. Fills in ghcr.io/IMAGE_NAME. Typically this is the `repo_name`, but in some projects it might be `repo_name/sub_name`"
         type: string
-      platforms:
-        default: "linux/amd64,linux/arm64"
-        description: "Which platforms you would like built through CI"
-        type: string
-      solrTarget:
-        description: "Used to set your target for the solr image"
+      os:
+        default: '["ubuntu-latest", "ubuntu-24.04-arm"]'
+        description: "Used to set your target for the operating system"
         required: false
         type: string
       subdir:
@@ -54,14 +53,10 @@ on:
       tag:
         required: false
         type: string
-      webTarget:
-        description: "Used to set your target for the web image"
-        required: false
-        type: string
-      workerTarget:
-        description: "Used to set your target for the worker image"
+      debug_step:
         required: false
         type: string
+        default: ""
 
 env:
   REGISTRY: ghcr.io
@@ -70,22 +65,35 @@ env:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    permissions: write-all
+    strategy:
+      matrix:
+        component: ${{fromJson(inputs.components)}}
+        os: ${{fromJson(inputs.os)}}
+    runs-on: ${{ matrix.os }}
+    defaults:
+      run:
+        shell: bash
     steps:
+      - name: Set platform from matrix
+        run: |
+          if [[ "${{ matrix.os }}" == "ubuntu-latest" ]]; then
+            echo "PLATFORM_TAG=amd64" >> $GITHUB_ENV
+          else
+            echo "PLATFORM_TAG=arm64" >> $GITHUB_ENV
+          fi
       - id: setup
         name: Setup
-        uses: notch8/actions/setup-env@v1.0.8
+        uses: notch8/actions/setup-env@v1.0.9
         with:
           tag: ${{ inputs.tag }}
           image_name: ${{ inputs.image_name }}
           token: ${{ secrets.CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }}
           subdir: ${{ inputs.subdir }}
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -95,71 +103,51 @@ jobs:
         if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_step == 'build' }}
         with:
           limit-access-to-actor: true
-      - name: Retag action for base
-        if: ${{ inputs.baseTarget != '' }}
-        id: meta-base
-        uses: docker/metadata-action@v4.1.1
+      - name: Build Prep
+        run: |
+          echo "Preparing build environment..."
+          cd ${{ inputs.subdir }};
+          [ -f "db/schema.rb" ] && chmod 777 db/schema.rb;
+          [ -f "bin/checkout_all.sh" ] && ./bin/checkout_all.sh;
+      - name: Build and push ${{ matrix.component }} on ${{ matrix.os }}
+        uses: docker/build-push-action@v3
         with:
-          images: |
-            name=${{ env.REGISTRY }}/${{ env.REPO_LOWER }}/base
+          context: ${{ inputs.subdir }}
+          platforms: linux/${{ env.PLATFORM_TAG }}
+          target: ${{ matrix.component }}
+          cache-from: |
+            type=registry,ref=${{ env.REGISTRY }}/${{ env.REPO_LOWER }}/${{ matrix.component }}:latest
+          cache-to: type=inline
+          push: true
           tags: |
-            type=raw,value=latest,enable={{is_default_branch}}
-      - name: Retag action for web
-        if: ${{ inputs.webTarget != '' }}
-        id: meta-web
-        uses: docker/metadata-action@v4.1.1
-        with:
-          images: |
-            name=${{ env.REGISTRY }}/${{ env.REPO_LOWER }}
-          tags: |
-            type=raw,value=latest,enable={{is_default_branch}}
-      - name: Retag action for worker
-        if: ${{ inputs.workerTarget != '' }}
-        id: meta-worker
-        uses: docker/metadata-action@v4.1.1
-        with:
-          images: |
-            name=${{ env.REGISTRY }}/${{ env.REPO_LOWER }}/worker
-          tags: |
-            type=raw,value=latest,enable={{is_default_branch}}
-      - name: Retag action for solr
-        if: ${{ inputs.solrTarget != '' }}
-        id: meta-solr
-        uses: docker/metadata-action@v4.1.1
-        with:
-          images: |
-            name=${{ env.REGISTRY }}/${{ env.REPO_LOWER }}/solr
-          tags: |
-            type=raw,value=latest,enable={{is_default_branch}}
-      - name: Build and push base
-        if: ${{ inputs.baseTarget != '' }}
-        uses: notch8/actions/build-and-push@v1.0.8
-        with:
-          type: base
-          location: /base
-          subdir: ${{ inputs.subdir }}
-          tags: ${{ steps.meta-base.outputs.tags }}
-      - name: Build and push web
-        if: ${{ inputs.webTarget != '' }}
-        uses: notch8/actions/build-and-push@v1.0.8
-        with:
-          type: web
-          location: ""
-          subdir: ${{ inputs.subdir }}
-          tags: ${{ steps.meta-web.outputs.tags }}
-      - name: Build and push worker
-        if: ${{ inputs.workerTarget != '' }}
-        uses: notch8/actions/build-and-push@v1.0.8
+            ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}/${{ matrix.component }}:${{ env.TAG }}-${{ env.PLATFORM_TAG }}
+
+  push:
+    needs: build
+    runs-on: ubuntu-latest
+    permissions: write-all
+    steps:
+      - id: setup
+        name: Setup
+        uses: notch8/actions/setup-env@v1.0.9
         with:
-          type: worker
-          location: /worker
+          tag: ${{ inputs.tag }}
+          image_name: ${{ inputs.image_name }}
+          token: ${{ secrets.CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }}
           subdir: ${{ inputs.subdir }}
-          tags: ${{ steps.meta-worker.outputs.tags }}
-      - name: Build and push solr
-        if: ${{ inputs.solrTarget != '' }}
-        uses: notch8/actions/build-and-push@v1.0.8
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
         with:
-          type: solr
-          location: /solr
-          subdir: ${{ inputs.subdir }}
-          tags: ${{ steps.meta-solr.outputs.tags }}
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create multiarch manifests
+        run: |
+          components_list=$(echo '${{ inputs.components }}' | jq -r '.[]' | tr '\n' ' ')
+          for component in $components_list; do
+            docker buildx imagetools create -t ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}/$component:${{ env.TAG }} \
+              ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}/$component:${{ env.TAG }}-amd64 \
+              ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}/$component:${{ env.TAG }}-arm64
+          done

.github/workflows/bundler-audit.yaml

@@ -45,7 +45,7 @@ jobs:
     steps:
       - id: setup
         name: Setup
-        uses: notch8/actions/setup-env@v1.0.8
+        uses: notch8/actions/setup-env@v1.0.9
         with:
           tag: ${{ inputs.tag }}
           token: ${{ secrets.CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }}

.github/workflows/cypress.yaml

@@ -70,7 +70,7 @@ jobs:
     steps:
       - id: setup
         name: Setup
-        uses: notch8/actions/setup-env@v1.0.8
+        uses: notch8/actions/setup-env@v1.0.9
         with:
           tag: ${{ inputs.tag }}
           token: ${{ secrets.CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }}

.github/workflows/deploy.yaml

@@ -110,7 +110,7 @@ jobs:
     steps:
       - id: setup
         name: Setup
-        uses: notch8/actions/setup-env@v1.0.8
+        uses: notch8/actions/setup-env@v1.0.9
         with:
           tag: ${{ inputs.tag }}
           image_name: ${{ inputs.image_name }}

.github/workflows/lint.yaml

@@ -2,60 +2,28 @@ name: "Lint for Rails Projects"
 on:
   workflow_dispatch:
     inputs:
-      baseTarget:
-        description: "Used to set your target for the base image"
-        required: false
-        type: string
       rubocop_cmd:
         default: bundle exec rubocop --parallel --format progress
         required: false
         type: string
-      solrTarget:
-        description: "Used to set your target for the solr image"
-        required: false
-        type: string
       subdir:
         default: "."
         type: string
       tag:
         required: false
         type: string
-      webTarget:
-        description: "Used to set your target for the web image"
-        required: false
-        type: string
-      workerTarget:
-        description: "Used to set your target for the worker image"
-        required: false
-        type: string
   workflow_call:
     inputs:
-      baseTarget:
-        description: "Used to set your target for the base image"
-        required: false
-        type: string
       rubocop_cmd:
         default: bundle exec rubocop --parallel --format progress --format junit --out rubocop.xml --display-only-failed
         required: false
         type: string
-      solrTarget:
-        description: "Used to set your target for the solr image"
-        required: false
-        type: string
       subdir:
         default: "."
         type: string
       tag:
         required: false
         type: string
-      webTarget:
-        description: "Used to set your target for the web image"
-        required: false
-        type: string
-      workerTarget:
-        description: "Used to set your target for the worker image"
-        required: false
-        type: string
 
 env:
   REGISTRY: ghcr.io
@@ -68,7 +36,7 @@ jobs:
     steps:
       - id: setup
         name: Setup
-        uses: notch8/actions/setup-env@v1.0.8
+        uses: notch8/actions/setup-env@v1.0.9
         with:
           tag: ${{ inputs.tag }}
           token: ${{ secrets.CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }}
@@ -84,32 +52,17 @@ jobs:
         if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_step == 'lint' }}
         with:
           limit-access-to-actor: true
-      - name: Start services and capture logs
-        run: |
-          cd ${{ inputs.subdir }}
-          # Start services
-          [ -f "db/schema.rb" ] && chmod 777 db/schema.rb
-          [ -f "bin/checkout_all.sh" ] && ./bin/checkout_all.sh
-          docker compose pull --ignore-pull-failures || true
-          COMPOSE_UP_RESULT=0
-          docker compose up -d > docker-compose-server.log 2>&1 || COMPOSE_UP_RESULT=$?
-          docker compose config --format json | jq -r '.services | keys[]' | xargs -t -I {} sh -c 'docker compose logs {} >> docker-compose-{}.log'
-          if [ $COMPOSE_UP_RESULT -ne 0 ]; then
-            echo "Docker Compose up failed with exit code: $COMPOSE_UP_RESULT"
-            exit $COMPOSE_UP_RESULT
-          fi
       - name: Run Rubocop
         run: >-
+          cd ${{ inputs.subdir }};
+          [ -f "db/schema.rb" ] && chmod 777 db/schema.rb;
+          [ -f "bin/checkout_all.sh" ] && ./bin/checkout_all.sh;
+          docker compose pull web || true;
           docker compose run -T web sh -c
           "${{ inputs.rubocop_cmd }}"
-      - name: Stop services
-        if: always()
-        run: |
-          docker compose down || true
       - id: after_care
         name: Upload Logs and Results
-        uses: notch8/actions/after-care@v1.0.8
+        uses: notch8/actions/after-care@v1.0.9
         if: always()
         with:
-          name: lint-${{ env.TAG }}
           reports: "rubocop*.xml"