GHA: Configure workflows for reuse

It's possible to reuse a GHA workflow from another repo with minimal YAML. However there are certain requirements, like spelling out all the required secret values. Also any mention of `ACTIONS_STEP_DEBUG` will cause failures and must be removed. As usual, there's no convenient way to test these changes without pushing to a `main` branch somewhere that also has all the proper secrets configured. However, I did pattern these changes off of a working setup in buildah: https://github.com/containers/buildah/blob/fd2d05c0a7ada9592e30a2eba941444b1d959ecf/.github/workflows/check_cirrus_cron.yml Signed-off-by: Chris Evich <[email protected]>
cdoern · Nov 14, 2022 · 021a23b · 021a23b
1 parent 43cef62
commit 021a23b
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 7 deletions.
diff --git a/.github/workflows/check_cirrus_cron.yml b/.github/workflows/check_cirrus_cron.yml
@@ -14,11 +14,22 @@ on:
         - cron:  '59 23 * * 1-5'
     # Debug: Allow triggering job manually in github-actions WebUI
     workflow_dispatch: {}
+    # Allow re-use of this workflow by other repositories
+    # Ref: https://docs.github.com/en/actions/using-workflows/reusing-workflows
+    workflow_call:
+      secrets:
+        SECRET_CIRRUS_API_KEY:
+          required : true
+        ACTION_MAIL_SERVER:
+          required: true
+        ACTION_MAIL_USERNAME:
+          required: true
+        ACTION_MAIL_PASSWORD:
+          required: true
+        ACTION_MAIL_SENDER:
+          required: true
 
 env:
-    # Debug-mode can reveal secrets, only enable by a secret value.
-    # Ref: https://help.github.com/en/actions/configuring-and-managing-workflows/managing-a-workflow-run#enabling-step-debug-logging
-    ACTIONS_STEP_DEBUG: '${{ secrets.ACTIONS_STEP_DEBUG }}'
     # CSV listing of e-mail addresses for delivery failure or error notices
     RCPTCSV: [email protected],[email protected]
     # Filename for table of cron-name to build-id data
@@ -32,8 +43,11 @@ jobs:
     cron_failures:
         runs-on: ubuntu-latest
         steps:
+            # This is where the scripts live
             - uses: actions/checkout@v3
               with:
+                  repository: containers/podman
+                  ref: 'main'
                   persist-credentials: false
 
             - name: Get failed cron names and Build IDs

diff --git a/.github/workflows/rerun_cirrus_cron.yml b/.github/workflows/rerun_cirrus_cron.yml
@@ -13,12 +13,22 @@ on:
         - cron:  '05 22 * * 1-5'
     # Debug: Allow triggering job manually in github-actions WebUI
     workflow_dispatch: {}
-
+    # Allow re-use of this workflow by other repositories
+    # Ref: https://docs.github.com/en/actions/using-workflows/reusing-workflows
+    workflow_call:
+      secrets:
+        SECRET_CIRRUS_API_KEY:
+          required : true
+        ACTION_MAIL_SERVER:
+          required: true
+        ACTION_MAIL_USERNAME:
+          required: true
+        ACTION_MAIL_PASSWORD:
+          required: true
+        ACTION_MAIL_SENDER:
+          required: true
 
 env:
-    # Debug-mode can reveal secrets, only enable by a secret value.
-    # Ref: https://help.github.com/en/actions/configuring-and-managing-workflows/managing-a-workflow-run#enabling-step-debug-logging
-    ACTIONS_STEP_DEBUG: '${{ secrets.ACTIONS_STEP_DEBUG }}'
     # CSV listing of e-mail addresses for delivery failure or error notices
     RCPTCSV: [email protected],[email protected]
     # Filename for table of cron-name to build-id data