get closer to standardizing the actions setup

Update the GitHub Actions configs to try to get closer to a standard
setup we can use across multiple repos.

Switch from jamestrousdale/github-app-jwt-token to
actions/create-github-app-token. Should be more trustworthy and likely
better maintained.

Use docker/build-push-action for building docker images rather than
running the commands manually.

Use docker/metadata-action to provide extra metadata, as well as picking
the tags we will push. This allows combining the 'deployment' and
'production' build workflows.

Update the perl and node versions used when testing without Docker to
match the versions used in Docker.

Author: haarg

.github/workflows/automerge.yml

@@ -1,4 +1,4 @@
-name: Maybe Enable Auto-Merge
+name: Enable Auto-Merge For metacpan-automation
 on:
   pull_request_target:
     types: [opened]
@@ -9,12 +9,12 @@ jobs:
     if: github.event.pull_request.user.login == 'metacpan-automation[bot]'
     steps:
       - name: Generate Auth Token
-        id: auth-token
-        uses: jamestrousdale/github-app-jwt-token@0.1.4
+        uses: actions/create-github-app-token@v1
+        id: app-token
         with:
           app-id: ${{ secrets.APP_ID }}
           private-key: ${{ secrets.APP_PRIVATE_KEY }}
       - uses: peter-evans/enable-pull-request-automerge@v3
         with:
-          token: ${{ steps.auth-token.outputs.access-token }}
+          token: ${{ steps.app-token.outputs.token }}
           pull-request-number: ${{ github.event.pull_request.number }}

.github/workflows/build-container.yml

@@ -0,0 +1,67 @@
+name: Build container
+on:
+  push:
+    branches:
+      - master
+      - staging
+      - prod
+  pull_request:
+    branches:
+      - master
+  workflow_dispatch:
+jobs:
+  docker:
+    runs-on: ubuntu-22.04
+    name: Docker Build and Push
+    steps:
+      - name: Generate Auth Token
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - uses: actions/checkout@v4
+        token: ${{ steps.app-token.outputs.token }}
+      - name: Build test image
+        id: docker-build-test
+        uses: docker/build-push-action@v5
+        with:
+          target: test
+          push: false
+          load: true
+      - name: Run Perl tests
+        run: docker run -i ${{ steps.docker-build-test.outputs.imageid }}
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ github.repository }}
+          flavor: |
+            latest=false
+          tags: |
+            type=sha,format=long,priority=2000
+            type=ref,event=branch
+            type=ref,event=pr
+            type=raw,value=latest,enable={{is_default_branch}}
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+      - name: Update deployed image
+        if: ${{ contains( fromJSON(steps.meta.outputs.json).tags, format('{0}:latest', github.repository)) }}
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          repo: metacpan/metacpan-k8s
+          ref: main
+          workflow: set-image.yml
+          token: ${{ steps.app-token.outputs.token }}
+          inputs: '{ "app": "web", "environment": "prod", "base-tag": "${{ github.repository }}:latest", "tag": "${{ fromJSON(steps.meta.outputs.json).tags[0] }}" }'

.github/workflows/build-deployment-container.yml

@@ -14,21 +14,23 @@ jobs:
     runs-on: ubuntu-22.04
     name: Docker
     steps:
-      - uses: actions/checkout@v4
-      - name: docker build
-        run: docker build . --target test -t metacpan/metacpan-web:latest
-      - name: run Perl tests
-        run: >
-          docker run -i metacpan/metacpan-web
-          carton exec prove -lr --jobs 2 t
+      - name: Build test image
+        id: docker-build-test
+        uses: docker/build-push-action@v5
+        with:
+          target: test
+          push: false
+          load: true
+      - name: Run Perl tests
+        run: docker run -i ${{ steps.docker-build-test.outputs.imageid }}
   test:
     runs-on: ubuntu-20.04
     name: Dockerless
     strategy:
       fail-fast: false
       matrix:
         perl-version:
-          - "5.30"
+          - "5.36"
         resolver:
           - snapshot
           - metacpan
@@ -40,7 +42,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: "18"
+          node-version: "22"
       - run: npm install
       - run: apt-get update && apt-get -y install libcmark-dev
       - name: Install Carton

.github/workflows/build-production-container.yml

@@ -8,19 +8,19 @@ jobs:
     runs-on: "ubuntu-20.04"
     steps:
       - name: Generate Auth Token
-        id: auth-token
-        uses: jamestrousdale/github-app-jwt-token@0.1.4
+        uses: actions/create-github-app-token@v1
+        id: app-token
         with:
           app-id: ${{ secrets.APP_ID }}
           private-key: ${{ secrets.APP_PRIVATE_KEY }}
       - id: git-user
         name: Set up git user
         uses: haarg/setup-git-user@v1
         with:
-          jwt: ${{ steps.auth-token.outputs.jwt }}
+          app: ${{ steps.app-token.outputs.app-slug }}
       - uses: actions/checkout@v4
         with:
-          token: ${{ steps.auth-token.outputs.access-token }}
+          token: ${{ steps.app-token.outputs.token }}
       - name: Set up installation local::lib
         run: |
           mkdir -p $RUNNER_TEMP/perl5/bin
@@ -69,7 +69,7 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v6
         with:
-          token: ${{ steps.auth-token.outputs.access-token }}
+          token: ${{ steps.app-token.outputs.token }}
           commit-message: Update cpanfile.snapshot
           title: Update cpanfile.snapshot
           author: ${{ steps.git-user.outputs.user-full }}