refactor(workflows): rename and improve edge-cases (#106)

* refactor(workflows): allow more flexibility

* fix(workflows): errors and linting

* refactor: rename workflows

.github/workflows/cd-deploy-to-dev.yml

@@ -0,0 +1,46 @@
+name: Deploy to dev
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - '**.js*'
+      - '**.ts*'
+      - package*.json
+      - Dockerfile
+      - entrypoint.sh
+      - .github/workflows/cd-deploy-to-dev.yml
+
+concurrency:
+  # Ensures that only one workflow task will run at a time. Previous builds, if
+  # already in process, will get cancelled. Only the latest commit will be allowed
+  # to run, cancelling any workflows in between
+  group: ${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    uses: ./.github/workflows/sub-build-push-image.yml
+    with:
+      dockerfile_path: ./Dockerfile
+      dockerfile_target: runner
+      app_name: ${{ vars.APP_NAME }}
+      registry: ${{ vars.GOOGLE_ARTIFACT_REGISTRY }}
+    secrets: inherit
+
+  deploy:
+    needs: [build]
+    uses: ./.github/workflows/sub-cloudrun-deploy.yml
+    with:
+      environment: development
+      project_id: ${{ vars.GOOGLE_PROJECT_ID }}
+      region: ${{ vars.GOOGLE_CLOUD_REGION }}
+      app_name: ${{ vars.APP_NAME }}
+      image_digest: ${{ needs.build.outputs.image_digest }}
+      min_instances: '0'
+      max_instances: '5'
+      cpu: '1'
+      memory: 256Mi
+    secrets: inherit

.github/workflows/deploy-to-prod.yml → .github/workflows/cd-deploy-to-prod.yml

@@ -1,4 +1,4 @@
-name: Deploy to production
+name: Deploy to prod
 
 on:
   release:
@@ -14,20 +14,25 @@ concurrency:
 
 jobs:
   build:
-    uses: ./.github/workflows/build-docker-image.yml
+    uses: ./.github/workflows/sub-build-push-image.yml
     with:
       dockerfile_path: ./Dockerfile
       dockerfile_target: runner
-      app_name: auth-registry-frontend
-      registry: us-docker.pkg.dev/auth-do/auth-frontend
+      app_name: ${{ vars.APP_NAME }}
+      registry: ${{ vars.GOOGLE_ARTIFACT_REGISTRY }}
     secrets: inherit
 
   deploy:
-    needs: ['build']
-    uses: ./.github/workflows/cloudrun-deploy.yml
+    needs: [build]
+    uses: ./.github/workflows/sub-cloudrun-deploy.yml
     with:
       environment: production
-      project: auth-do
-      region: us-east1
-      image: us-docker.pkg.dev/auth-do/auth-frontend/auth-registry-frontend@${{ needs.build.outputs.image_digest }}
+      project_id: ${{ vars.GOOGLE_PROJECT_ID }}
+      region: ${{ vars.GOOGLE_CLOUD_REGION }}
+      app_name: ${{ vars.APP_NAME }}
+      image_digest: ${{ needs.build.outputs.image_digest }}
+      min_instances: '1'
+      max_instances: '300'
+      cpu: '2'
+      memory: 1Gi
     secrets: inherit

.github/workflows/cd-deploy-to-test.yml

@@ -0,0 +1,46 @@
+name: Deploy to test
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+    paths:
+      - '**.js*'
+      - '**.ts*'
+      - package*.json
+      - Dockerfile
+      - entrypoint.sh
+      - .github/workflows/deploy-to-test.yml
+
+concurrency:
+  # Ensures that only one workflow task will run at a time. Previous builds, if
+  # already in process, will get cancelled. Only the latest commit will be allowed
+  # to run, cancelling any workflows in between
+  group: ${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    uses: ./.github/workflows/sub-build-push-image.yml
+    with:
+      dockerfile_path: ./Dockerfile
+      dockerfile_target: runner
+      app_name: ${{ vars.APP_NAME }}
+      registry: ${{ vars.GOOGLE_ARTIFACT_REGISTRY }}
+    secrets: inherit
+
+  deploy:
+    needs: [build]
+    uses: ./.github/workflows/sub-cloudrun-deploy.yml
+    with:
+      environment: staging
+      project_id: ${{ vars.GOOGLE_PROJECT_ID }}
+      region: ${{ vars.GOOGLE_CLOUD_REGION }}
+      app_name: ${{ vars.APP_NAME }}
+      image_digest: ${{ needs.build.outputs.image_digest }}
+      min_instances: '0'
+      max_instances: '5'
+      cpu: '1'
+      memory: 256Mi
+    secrets: inherit

.github/workflows/linter.yml → .github/workflows/ci-check-linters.yml

@@ -2,22 +2,22 @@ name: Lint Code Base
 
 on:
   pull_request:
-    branches: ['master']
+    branches: [master]
     paths:
       - '**.js*'
       - '**.ts*'
-      - "Dockerfile"
-      - 'package*.json'
-      - '.github/workflows/linter.yml'
+      - Dockerfile
+      - package*.json
+      - .github/workflows/ci-check-linters.yml
 
   push:
-    branches: ['master']
+    branches: [master]
     paths:
       - '**.js*'
       - '**.ts*'
-      - "Dockerfile"
-      - 'package*.json'
-      - '.github/workflows/linter.yml'
+      - Dockerfile
+      - package*.json
+      - .github/workflows/ci-check-linters.yml
 
 concurrency:
   # Ensures that only one workflow task will run at a time. Previous builds, if

.github/workflows/tests.yml → .github/workflows/ci-unit-tests.yml

@@ -1,4 +1,4 @@
-name: Tests
+name: Unit Tests
 
 on:
   workflow_call:
@@ -8,20 +8,22 @@ on:
         type: string
 
   pull_request:
-    branches: ['master']
+    branches:
+      - master
     paths:
       - '**.js*'
       - '**.ts*'
-      - 'package*.json'
-      - '.github/workflows/tests.yml'
+      - package*.json
+      - .github/workflows/ci-unit-tests.yml
 
   push:
-    branches: ['master']
+    branches:
+      - master
     paths:
       - '**.js*'
       - '**.ts*'
-      - 'package*.json'
-      - '.github/workflows/tests.yml'
+      - package*.json
+      - .github/workflows/ci-unit-tests.yml
 
 concurrency:
   # Ensures that only one workflow task will run at a time. Previous builds, if
@@ -46,7 +48,7 @@ jobs:
 
     strategy:
       matrix:
-        node: ['20.8.1', 'latest']
+        node: [20.8.1, latest]
 
     steps:
       - name: Checkout Code Repository

.github/workflows/build-docker-image.yml → .github/workflows/sub-build-push-image.yml

@@ -17,7 +17,7 @@ on:
         type: string
     outputs:
       image_digest:
-        description: 'The image digest to be used on a caller workflow'
+        description: The image digest to be used on a caller workflow
         value: ${{ jobs.build.outputs.image_digest }}
 
 jobs:
@@ -28,8 +28,8 @@ jobs:
     outputs:
       image_digest: ${{ steps.docker_build.outputs.digest }}
     permissions:
-      contents: 'read'
-      id-token: 'write'
+      contents: read
+      id-token: write
     steps:
       - uses: actions/checkout@v4.1.0
         with:
@@ -65,7 +65,7 @@ jobs:
       # Setup Docker Buildx to allow use of docker cache layers from GH
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v3.0.0
 
       - name: Login to Google Artifact Registry
         uses: docker/login-action@v3.0.0
@@ -86,11 +86,11 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           push: true
           build-args: |
-            NEXT_PUBLIC_RECAPTCHA_SITE_KEY=${{ secrets.NEXT_PUBLIC_RECAPTCHA_SITE_KEY }}
-            NEXT_PUBLIC_GTM_ID=${{ secrets.NEXT_PUBLIC_GOOGLE_ANALYTICS }}
+            NEXT_PUBLIC_RECAPTCHA_SITE_KEY=${{ vars.NEXT_PUBLIC_RECAPTCHA_SITE_KEY }}
+            NEXT_PUBLIC_GTM_ID=${{ vars.NEXT_PUBLIC_GTM_ID }}
             NEXT_PUBLIC_ORY_SDK_URL=${{ vars.NEXT_PUBLIC_ORY_SDK_URL }}
           secrets: |
-            "AWS_EXPORTS_JSON=${{ secrets.AWS_EXPORTS_JSON }}"
+            "AWS_EXPORTS_JSON=${{ secrets.AWS_EXPORTS_JSON || ''}}"
 
           # To improve build speeds, for each branch we push an additional image to the registry,
           # to be used as the caching layer, using the `max` caching mode.