chore: Refactor GitHub workflows for streamlined build and deploy process

.github/workflows/deploy-dev-from-branch.yml

@@ -17,10 +17,15 @@ jobs:
     if: ${{ inputs.run-tests }}
     uses: "./.github/workflows/reusable-tests.yml"
 
-  deploy-dev:
-    needs: code-tests
+  build:
     if: ${{ always() && !failure() && !cancelled() }} # don't skip if tests are skipped
-    uses: "./.github/workflows/reusable-build-and-deploy.yml"
+    uses: "./.github/workflows/reusable-build.yml"
+    secrets:
+      slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}
+
+  deploy-dev:
+    needs: build
+    uses: "./.github/workflows/reusable-push-and-deploy.yml"
     with:
       env: "dev"
     secrets:

.github/workflows/deploy-prod.yml

@@ -13,9 +13,15 @@ jobs:
     if: ${{ needs.code-tests.outputs.datahub-client-path == 'true' }}
     uses: "./.github/workflows/reusable-publish-datahub-client.yml"
 
-  deploy-prod:
-    uses: "./.github/workflows/reusable-build-and-deploy.yml"
+  build:
     needs: code-tests
+    uses: "./.github/workflows/reusable-build.yml"
+    secrets:
+      slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}
+
+  deploy-prod:
+    uses: "./.github/workflows/reusable-push-and-deploy.yml"
+    needs: build
     with:
       env: "prod"
     secrets:

.github/workflows/deploy-staged.yml

@@ -8,9 +8,15 @@ jobs:
   code-tests:
     uses: "./.github/workflows/reusable-tests.yml"
 
-  deploy-test:
-    uses: "./.github/workflows/reusable-build-and-deploy.yml"
+  build:
     needs: code-tests
+    uses: "./.github/workflows/reusable-build.yml"
+    secrets:
+      slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}
+
+  deploy-test:
+    uses: "./.github/workflows/reusable-push-and-deploy.yml"
+    needs: build
     with:
       env: "test"
     secrets:
@@ -25,7 +31,7 @@ jobs:
       azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
 
   deploy-preprod:
-    uses: "./.github/workflows/reusable-build-and-deploy.yml"
+    uses: "./.github/workflows/reusable-push-and-deploy.yml"
     needs: deploy-test
     with:
       env: "preprod"

.github/workflows/reusable-build.yml

@@ -0,0 +1,43 @@
+name: Build image and export artifact
+
+on:
+  workflow_call:
+    secrets:
+      slack_alert_webhook:
+        description: "used to post alerts to slack channel"
+        required: true
+
+jobs:
+  build-and-export:
+    name: Build and export docker image artifact # https://docs.docker.com/build/ci/github-actions/share-image-jobs/
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read # This is required for actions/checkout
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and export
+        uses: docker/build-push-action@v6
+        env:
+          IMAGE_TAG: ${{ github.sha }}
+        with:
+          tags: fmd-image:${IMAGE_TAG}
+          outputs: type=docker,dest=/tmp/fmd-image.tar
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: fmd-image
+          path: /tmp/fmd-image.tar
+
+      - name: Slack failure notification
+        if: ${{ failure() && github.ref == 'refs/heads/main' }}
+        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
+        with:
+          payload: |
+            {"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]}
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_ALERT_WEBHOOK }}
+          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

.github/workflows/reusable-build-and-deploy.yml → .github/workflows/reusable-push-and-deploy.yml

@@ -1,4 +1,4 @@
-name: Build and Deploy
+name: Push and Deploy
 
 on:
   workflow_call:
@@ -37,8 +37,8 @@ on:
         required: true
 
 jobs:
-  build-and-push:
-    name: Build and push Docker image to CP namespace ECR
+  push:
+    name: Push Docker image to CP namespace ECR
     environment: ${{ inputs.env }}
     runs-on: ubuntu-latest
     permissions:
@@ -67,11 +67,19 @@ jobs:
         run: |
           echo "image_path=${REGISTRY}/${REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
 
-      - name: Build Docker image
-        id: build-docker-image
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: fmd-image
+          path: /tmp
+
+      - name: Re-tag docker image
+        id: retag-image
         env:
           IMAGE_PATH: ${{ steps.image-path.outputs.image_path }}
-        run: docker build -t ${IMAGE_PATH} .
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker tag fmd-image:${IMAGE_TAG} ${image_path}
 
       - name: Push Docker image to ECR
         id: push-docker-image-to-ecr
@@ -81,7 +89,7 @@ jobs:
 
   deploy:
     name: Deploy Helm chart into Cloud Platform
-    needs: build-and-push
+    needs: push
     environment: ${{ inputs.env }}
     runs-on: ubuntu-latest
     permissions: