Feat/test split (#1)

* ♻️ Split actions into composable ones

Author: giom-l

.github/workflows/docker_build.yml

@@ -0,0 +1,93 @@
+name: "Docker build"
+
+on:
+  workflow_call:
+    inputs:
+      sha:
+        required: true
+        type: string
+      version:
+        required: true
+        type: string
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          token: ${{ github.token }}
+
+      - name: Download maven artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: kafbat-ui-${{ inputs.version }}
+          path: api/target
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ inputs.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+        # Build multi platform images and loading them at the same time is not possible with default container runtime : https://github.com/docker/buildx/issues/59
+        # So let's use containerd instead as it supports this option
+        # Also containerd is one of the option to allow preserving provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
+      - name: Setup docker with containerd
+        uses: crazy-max/ghaction-setup-docker@v3
+        with:
+          daemon-config: |
+            {
+                "features": {
+                "containerd-snapshotter": true
+                }
+            }
+
+      - name: debug
+        run: |
+          ls -laRh api/target
+
+      - name: Build docker image
+        id: docker_build
+        uses: docker/build-push-action@v5
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: api
+          platforms: linux/amd64,linux/arm64
+          provenance: mode=min
+          sbom: true
+          push: false
+          load: true
+          tags: |
+            kafka-ui:temp
+          build-args: |
+            JAR_FILE=api-${{ inputs.version }}.jar
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+
+      - name: Dump docker image
+        run: |
+          docker image save kafka-ui:temp > /tmp/image.tar
+
+      - name: Upload docker image
+        uses: actions/upload-artifact@v4
+        with:
+          name: image
+          path: /tmp/image.tar
+          retention-days: 1

.github/workflows/docker_publish.yml

@@ -0,0 +1,63 @@
+
+name: "Docker publish"
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        required: true
+        type: string
+      generic_tag:
+        required: true
+        type: string
+jobs:
+
+  # load-image:
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Download docker image
+  #       uses: actions/download-artifact@v4
+  #       with:
+  #         name: image
+  #         path: /tmp
+
+  #     # setup containerd to preserve provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
+  #     - name: Setup docker with containerd
+  #       uses: crazy-max/ghaction-setup-docker@v3
+  #       with:
+  #         daemon-config: |
+  #           {
+  #             "features": {
+  #               "containerd-snapshotter": true
+  #             }
+  #           }
+
+  #     - name: Load docker image into daemon
+  #       run: |
+  #         docker load --input /tmp/image.tar
+
+  deploy-ghcr:
+    permissions:
+      packages: write
+    uses: ./.github/workflows/publish_ghcr.yml
+    secrets: inherit
+    with:
+      version: ${{ inputs.version }}
+      generic_tag: ${{ inputs.generic_tag }}
+
+  deploy-dockerhub:
+    uses: ./.github/workflows/publish_dockerhub.yml
+    secrets: inherit
+    with:
+      version: ${{ inputs.version }}
+      generic_tag: ${{ inputs.generic_tag }}
+
+  deploy-ecr:
+    uses: ./.github/workflows/publish_ecr.yml
+    permissions:
+      contents: read # To read secrets
+      id-token: write # This is required for requesting the JWT
+    secrets: inherit
+    with:
+      version: ${{ inputs.version }}
+      generic_tag: ${{ inputs.generic_tag }}

.github/workflows/main.yml

@@ -9,12 +9,16 @@ permissions:
   contents: read
 
 jobs:
-  build:
+  jar-build:
     runs-on: ubuntu-latest
+
     permissions:
       contents: read
       packages: write
 
+    outputs:
+      version: ${{steps.build.outputs.version}}
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -37,195 +41,32 @@ jobs:
           export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
 
-      # docker images
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Cache Docker layers
-        uses: actions/cache@v4
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-
-
-     # Build multi platform images and loading them at the same time is not possible with default container runtime : https://github.com/docker/buildx/issues/59   
-      # So let's use containerd instead as it supports this option
-      # Also containerd is one of the option to allow preserving provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
-      - name: Setup docker with containerd
-        uses: crazy-max/ghaction-setup-docker@v3
-        with:
-          daemon-config: |
-            {
-              "features": {
-                "containerd-snapshotter": true
-              }
-            }         
-
-      - name: Build docker image
-        id: docker_build
-        uses: docker/build-push-action@v5
-        with:
-          builder: ${{ steps.buildx.outputs.name }}
-          context: api
-          platforms: linux/amd64,linux/arm64
-          provenance: mode=min
-          sbom: true
-          push: false
-          load: true
-          tags: |
-            kafka-ui:temp
-          build-args: |
-            JAR_FILE=api-${{ steps.build.outputs.version }}.jar
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
-
-      - name: Dump docker image
-        run: |
-          docker image save kafka-ui:temp > /tmp/image.tar
-  
-      - name: Upload docker image
+      - name: Upload jar
         uses: actions/upload-artifact@v4
         with:
-          name: image
-          path: /tmp/image.tar
-          retention-days: 1
+          name: kafbat-ui-${{ steps.build.outputs.version }}
+          path: api/target/api-${{ steps.build.outputs.version }}.jar
+          retention-days: 7
 
-  deploy-ghcr:
-    runs-on: ubuntu-latest
-    needs: build
+  docker-build:
+    needs: jar-build
     permissions:
+      contents: read
       packages: write
-
-    steps: 
-      - name: Download docker image
-        uses: actions/download-artifact@v4
-        with:
-          name: image
-          path: /tmp
-
-      # setup containerd to preserve provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
-      - name: Setup docker with containerd
-        uses: crazy-max/ghaction-setup-docker@v3
-        with:
-          daemon-config: |
-            {
-              "features": {
-                "containerd-snapshotter": true
-              }
-            }     
-                      
-      - name: Load docker image into daemon
-        run: |
-          docker load --input /tmp/image.tar
-      
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: "${{ github.actor }}"
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Push images to GHCR
-        run: |
-          docker tag kafka-ui:temp ghcr.io/kafbat/kafka-ui:main
-          docker tag kafka-ui:temp ghcr.io/kafbat/kafka-ui:${{ needs.build.outputs.version }}
-          docker push ghcr.io/kafbat/kafka-ui:main
-          docker push ghcr.io/kafbat/kafka-ui:${{ needs.build.outputs.version }}
-
-  deploy-dockerhub:
-    runs-on: ubuntu-latest
-    needs: build
-
-    steps: 
-      - name: Download docker image
-        uses: actions/download-artifact@v4
-        with:
-          name: image
-          path: /tmp
-
-      # setup containerd to preserve provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
-      - name: Setup docker with containerd
-        uses: crazy-max/ghaction-setup-docker@v3
-        with:
-          daemon-config: |
-            {
-              "features": {
-                "containerd-snapshotter": true
-              }
-            }     
-
-      - name: Load docker image into daemon
-        run: |
-          docker load --input /tmp/image.tar
-
-      - name: Login to Dockerhub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-        
-      - name: Push images to dockerhub
-        run: |
-          docker tag kafka-ui:temp docker.io/kafbat/kafka-ui:main
-          docker tag kafka-ui:temp docker.io/kafbat/kafka-ui:${{ needs.build.outputs.version }}
-          docker push docker.io/kafbat/kafka-ui:main
-          docker push docker.io/kafbat/kafka-ui:${{ needs.build.outputs.version }}
-
-
-  deploy-ecr:
-    runs-on: ubuntu-latest
-    needs: build
+    uses: ./.github/workflows/docker_build.yml
+    secrets: inherit
+    with:
+      sha: ${{ github.sha }}
+      version: ${{ needs.jar-build.outputs.version }}
+
+  docker-deploy:
+    needs: [jar-build, docker-build]
     permissions:
       contents: read # To read secrets
       id-token: write # This is required for requesting the JWT
-
-    steps: 
-      - name: Download docker image
-        uses: actions/download-artifact@v4
-        with:
-          name: image
-          path: /tmp
-
-      # setup containerd to preserve provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
-      - name: Setup docker with containerd
-        uses: crazy-max/ghaction-setup-docker@v3
-        with:
-          daemon-config: |
-            {
-              "features": {
-                "containerd-snapshotter": true
-              }
-            }     
-
-      - name: Load docker image into daemon
-        run: |
-          docker load --input /tmp/image.tar
-
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-region: us-east-1 # This region only for public ECR
-          role-to-assume: ${{ secrets.AWS_ROLE }}
-
-      - name: Login to public ECR
-        id: login-ecr-public
-        uses: aws-actions/amazon-ecr-login@v2
-        with:
-          registry-type: public
-
-      - name: Push to ECR
-        env:
-          REGISTRY: ${{steps.login-ecr-public.outputs.registry }}
-          REGISTRY_ALIAS: j4u0y1h1
-          REPOSITORY: kafka-ui
-        run: |
-          docker tag kafka-ui:temp $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:main
-          docker tag kafka-ui:temp $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:${{ needs.build.outputs.version }}
-          docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:main
-          docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:${{ needs.build.outputs.version }}          
+      packages: write
+    uses: ./.github/workflows/docker_publish.yml
+    secrets: inherit
+    with:
+      version: ${{ needs.jar-build.outputs.version }}
+      generic_tag: main