Refactor workflows

.github/workflows/build-docker-image.yml

@@ -0,0 +1,58 @@
+name: Build docker image
+run-name: "Build image for ${{ github.ref_name }} triggered by ${{ github.actor }} for ${{ inputs.environment }}; version: ${{ inputs.version || 'N/A'}}"
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        required: false
+        type: string
+
+env:
+  ECR_REPOSITORY: "filplus-backend"
+
+jobs:
+  build_and_push:
+    runs-on: ubuntu-latest
+    environment: production-fidl
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          mask-password: "true"
+          registry-type: public
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          flavor: latest=false
+          images: public.ecr.aws/f4h6r4m9/${{ env.ECR_REPOSITORY }}
+          tags: |
+            type=semver,pattern={{version}},value=${{ inputs.version }},enable=${{inputs.version != ''}}
+            type=ref,event=branch,pattern={{branch}}
+            type=ref,event=pr,pattern={{branch}}
+
+      - name: Build tag and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/code-check.yml

@@ -0,0 +1,74 @@
+name: Check linter, formatting, tests
+
+on:
+  workflow_call:
+
+jobs:
+  format_and_lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Cache Cargo registry
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-registry-
+
+      - name: Cache Cargo build
+        uses: actions/cache@v4
+        with:
+          path: target
+          key: ${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-build-
+
+      - name: Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          components: rustfmt, clippy
+
+      - name: Rustfmt Check
+        uses: actions-rust-lang/rustfmt@v1
+
+      - name: Run Clippy
+        run: cargo clippy
+
+  tests:
+    runs-on: ubuntu-latest
+    needs: format_and_lint
+    environment: staging-fidl
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Cache Cargo registry
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-registry-
+
+      - name: Cache Cargo build
+        uses: actions/cache@v4
+        with:
+          path: target
+          key: ${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-build-
+
+      - name: Run tests
+        env:
+          GH_PRIVATE_KEY: ${{ secrets.GH_PRIVATE_KEY }}
+          DB_URL: ${{secrets.DB_URL}}
+        run: cargo test -- --nocapture

.github/workflows/publish-new-build.yml

@@ -0,0 +1,80 @@
+name: Publish new build
+run-name: Publish new images for "${{ github.ref_name }}" triggered by ${{ github.actor }}
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Enter the version number'
+        required: true
+        default: 'latest'
+
+jobs:
+  code-check:
+    uses: ./.github/workflows/code-check.yml
+    secrets: inherit
+
+  bump-version:
+    runs-on: ubuntu-latest
+    needs: code-check
+    if: ${{ github.ref_name == 'main' && inputs.version != '' }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install cargo-edit
+        run: cargo install cargo-edit
+
+      - name: Update version
+        run: cargo set-version ${{ inputs.version }}
+
+      - name: Run cargo check
+        run: cargo check
+
+      - name: Git config
+        run: |
+          git config user.name "${GITHUB_ACTOR}"
+          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+
+      - name: Commit version change
+        run: |
+          git commit -am "Update version to ${{ inputs.version }}"
+          git push origin main
+
+  build-and-publish:
+    needs:
+      - code-check
+      - bump-version
+    if: |
+      always() &&
+      !contains(needs.*.result, 'failure') &&
+      !contains(needs.*.result, 'cancelled')
+    uses: ./.github/workflows/build-docker-image.yml
+    with:
+      version: ${{ inputs.version }}
+    secrets: inherit
+
+  git-tag:
+    runs-on: ubuntu-latest
+    needs: build-and-publish
+    if: |
+      ${{ github.ref_name == 'main' && inputs.version != '' }} &&
+      always() &&
+      !contains(needs.*.result, 'failure') &&
+      !contains(needs.*.result, 'cancelled')
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Create and push tag
+        run: |
+          TAG_NAME="v${{ inputs.version }}"
+          git tag $TAG_NAME
+          git push origin $TAG_NAME
+