ci: split workflows

ludovicm67 · ludovicm67 · commit 3277e11dcf90 · 2025-09-12T21:20:43.000+02:00
diff --git a/.github/workflows/docker-ods-ui.yaml b/.github/workflows/docker-ods-ui.yaml
@@ -5,11 +5,7 @@ on:
     paths:
       - "opendata.swiss/ui/**" # Only trigger if files in the ui directory change
       - ".github/workflows/docker-ods-ui.yaml" # Trigger also if this workflow file is changed
-
-  pull_request:
-    paths:
-      - "opendata.swiss/ui/**" # Only trigger if files in the ui directory change
-      - ".github/workflows/docker-ods-ui.yaml" # Trigger also if this workflow file is changed
+      - ".github/workflows/previews-ods-ui.yaml" # Trigger also if the previews workflow file is changed
 
 jobs:
   docker:
@@ -24,46 +20,24 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v5
 
-      - name: Set up kubectl
-        if: github.event_name == 'pull_request'
-        uses: azure/setup-kubectl@v4
-        with:
-          version: v1.33.0
-
-      - name: Set up Kustomize
-        if: github.event_name == 'pull_request'
-        uses: imranismail/setup-kustomize@v2
-
       - name: Install Cosign
-        if: github.event_name != 'pull_request'
         uses: sigstore/cosign-installer@v3.9.2
 
       - name: Set up QEMU
-        if: github.event_name != 'pull_request'
         uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        if: github.event_name != 'pull_request'
         uses: docker/setup-buildx-action@v3
 
       - name: Login to GitHub Container Registry
-        if: github.event_name != 'pull_request'
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Configure some variables
-        if: github.event_name == 'pull_request'
-        id: vars
-        run: |
-          echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-          echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}" >> $GITHUB_OUTPUT
-
       - name: Docker meta
         id: docker_meta
-        if: github.event_name != 'pull_request'
         uses: docker/metadata-action@v5
         with:
           images: |
@@ -76,7 +50,6 @@ jobs:
 
       - name: Build and push Docker images
         id: docker_build
-        if: github.event_name != 'pull_request'
         uses: docker/build-push-action@v6
         with:
           context: ./opendata.swiss/ui
@@ -88,7 +61,6 @@ jobs:
             linux/amd64
 
       - name: Sign the images with GitHub OIDC Token
-        if: github.event_name != 'pull_request'
         env:
           DIGEST: ${{ steps.docker_build.outputs.digest }}
           TAGS: ${{ steps.docker_meta.outputs.tags }}
@@ -98,43 +70,3 @@ jobs:
             images+="${tag}@${DIGEST} "
           done
           cosign sign --yes ${images}
-
-      - name: Configure cluster context
-        if: github.event_name == 'pull_request'
-        run: |
-          kubectl config set-cluster default "--server=${K8S_API_URL}" --insecure-skip-tls-verify=true
-          kubectl config set-credentials default "--token=${K8S_TOKEN}"
-          kubectl config set-context default --cluster=default --namespace=piveau-previews --user=default
-          kubectl config use-context default
-
-      - name: Generate manifests
-        if: github.event_name == 'pull_request'
-        working-directory: ./opendata.swiss/ui/k8s
-        run: |
-          kustomize edit set nameprefix "${{ steps.vars.outputs.branch }}-"
-          kustomize edit add patch --patch "$(cat <<EOF
-          apiVersion: networking.k8s.io/v1
-          kind: Ingress
-          metadata:
-            name: piveau-ui
-          spec:
-            tls:
-              - secretName: ${{ steps.vars.outputs.branch }}-prev-tls
-                hosts:
-                  - ${{ steps.vars.outputs.branch }}.piveau-ln-preview.zazukoians.org
-              rules:
-                - host: ${{ steps.vars.outputs.branch }}.piveau-ln-preview.zazukoians.org
-                  http:
-                    paths:
-                      - path: /
-                        pathType: Prefix
-                        backend:
-                          service:
-                            name: piveau-ui
-                            port:
-                              name: http
-          EOF
-          )"
-          kustomize edit set image "ghcr.io/opendata-swiss/ods-ui=ghcr.io/opendata-swiss/ods-ui:sha-${{ steps.vars.outputs.short_sha }}"
-          kustomize edit set label "app.kubernetes.io/instance:${{ steps.vars.outputs.branch }}"
-          kustomize build | tee manifest.yaml
diff --git a/.github/workflows/previews-ods-ui.yaml b/.github/workflows/previews-ods-ui.yaml
@@ -0,0 +1,71 @@
+name: "[UI] Handle previews on PR"
+
+on:
+  pull_request:
+    paths:
+      - "opendata.swiss/ui/**" # Only trigger if files in the ui directory change
+      - ".github/workflows/previews-ods-ui.yaml" # Trigger also if this workflow file is changed
+      - ".github/workflows/docker-ods-ui.yaml" # Trigger also if the docker workflow file is changed
+
+jobs:
+  preview:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Set up kubectl
+        uses: azure/setup-kubectl@v4
+        with:
+          version: v1.33.0
+
+      - name: Set up Kustomize
+        uses: imranismail/setup-kustomize@v2
+
+      - name: Configure some variables
+        id: vars
+        run: |
+          echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+          echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}" >> $GITHUB_OUTPUT
+
+      - name: Configure cluster context
+        run: |
+          kubectl config set-cluster default "--server=${K8S_API_URL}" --insecure-skip-tls-verify=true
+          kubectl config set-credentials default "--token=${K8S_TOKEN}"
+          kubectl config set-context default --cluster=default --namespace=piveau-previews --user=default
+          kubectl config use-context default
+
+      - name: Generate manifests
+        working-directory: ./opendata.swiss/ui/k8s
+        run: |
+          kustomize edit set nameprefix "${{ steps.vars.outputs.branch }}-"
+          kustomize edit add patch --patch "$(cat <<EOF
+          apiVersion: networking.k8s.io/v1
+          kind: Ingress
+          metadata:
+            name: piveau-ui
+          spec:
+            tls:
+              - secretName: ${{ steps.vars.outputs.branch }}-prev-tls
+                hosts:
+                  - ${{ steps.vars.outputs.branch }}.piveau-ln-preview.zazukoians.org
+              rules:
+                - host: ${{ steps.vars.outputs.branch }}.piveau-ln-preview.zazukoians.org
+                  http:
+                    paths:
+                      - path: /
+                        pathType: Prefix
+                        backend:
+                          service:
+                            name: piveau-ui
+                            port:
+                              name: http
+          EOF
+          )"
+          kustomize edit set image "ghcr.io/opendata-swiss/ods-ui=ghcr.io/opendata-swiss/ods-ui:sha-${{ steps.vars.outputs.short_sha }}"
+          kustomize edit set label "app.kubernetes.io/instance:${{ steps.vars.outputs.branch }}"
+          kustomize build | tee manifest.yaml
