ci(pr-build): use local pre/post actions wrappers with GH app secrets

MaurUppi · MaurUppi · commit b723023dd4f3 · 2026-02-22T18:34:56.000+08:00
diff --git a/.github/workflows/dae-post-actions.local.yml b/.github/workflows/dae-post-actions.local.yml
@@ -0,0 +1,32 @@
+---
+name: Post-Build Actions (Local)
+
+on:
+  workflow_call:
+    inputs:
+      check-run-id:
+        type: string
+        description: "name of the check run"
+        required: true
+      check-run-conclusion:
+        type: string
+        description: "workflow run status (success|failure|skipped|aborted)"
+        required: true
+
+jobs:
+  report-workflow-run:
+    if: ${{ startsWith(github.event.pull_request.head.repo.full_name, github.repository_owner) && inputs.check-run-conclusion != 'skipped' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+        with:
+          repository: daeuniverse/ci-seed-jobs
+          ref: master
+
+      - name: Report workflow run status
+        uses: ./common/report-workflow-run
+        with:
+          app_id: ${{ secrets.GH_APP_ID }}
+          private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          id: ${{ inputs.check-run-id }}
+          conclusion: ${{ inputs.check-run-conclusion }}
diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml
@@ -27,7 +27,7 @@ on:
 jobs:
   pre-actions:
     if: ${{ github.event.pull_request.draft == false }}
-    uses: daeuniverse/ci-seed-jobs/.github/workflows/pre-actions.yml@master
+    uses: ./.github/workflows/pre-actions.local.yml
     with:
       repository: ${{ github.repository }}
       ref: ${{ github.event.pull_request.head.sha }}
@@ -38,7 +38,7 @@ jobs:
   build:
     needs: [pre-actions]
     if: ${{ github.event.pull_request.draft == false }}
-    uses: daeuniverse/dae/.github/workflows/seed-build.yml@main
+    uses: ./.github/workflows/seed-build.yml
     with:
       ref: ${{ github.event.pull_request.head.sha }}
       pr-number: ${{ github.event.pull_request.number }}
@@ -48,7 +48,7 @@ jobs:
   post-actions:
     if: always()
     needs: [build]
-    uses: daeuniverse/ci-seed-jobs/.github/workflows/dae-post-actions.yml@master
+    uses: ./.github/workflows/dae-post-actions.local.yml
     with:
       check-run-id: "dae-bot[bot]/pr-build-passed"
       check-run-conclusion: ${{ needs.build.result }}
diff --git a/.github/workflows/pre-actions.local.yml b/.github/workflows/pre-actions.local.yml
@@ -0,0 +1,109 @@
+---
+name: Pre-Build Actions (Local)
+
+on:
+  workflow_call:
+    inputs:
+      repository:
+        required: true
+        type: string
+      ref:
+        required: true
+        type: string
+      fetch-depth:
+        required: false
+        default: 0
+        type: string
+      check-runs:
+        type: string
+        required: false
+        default: "[]"
+      notify:
+        type: boolean
+        default: false
+    outputs:
+      git_sha_long:
+        description: "git sha (long)"
+        value: ${{ jobs.export-metadata.outputs.git_sha_long }}
+      git_sha_short:
+        description: "git sha (short)"
+        value: ${{ jobs.export-metadata.outputs.git_sha_short }}
+      git_commit_msg:
+        description: "git commit message"
+        value: ${{ jobs.export-metadata.outputs.git_commit_msg }}
+
+jobs:
+  set-vars:
+    runs-on: ubuntu-latest
+    outputs:
+      check-runs-matrix: ${{ steps.set-check-runs-matrix.outputs.check-runs-matrix }}
+    steps:
+      - name: Set check-runs matrix
+        id: set-check-runs-matrix
+        run: |
+          echo "check-runs-matrix=$input" >> $GITHUB_OUTPUT
+        env:
+          input: ${{ inputs.check-runs }}
+
+  export-github-context:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Dump GitHub context
+        env:
+          GITHUB_CONTEXT: ${{ toJson(github) }}
+        run: |
+          echo "$GITHUB_CONTEXT"
+
+  export-metadata:
+    runs-on: ubuntu-latest
+    outputs:
+      git_sha_long: ${{ steps.export.outputs.git_sha_long }}
+      git_sha_short: ${{ steps.export.outputs.git_sha_short }}
+      git_commit_msg: ${{ steps.export.outputs.git_commit_msg }}
+    steps:
+      - uses: actions/checkout@master
+        with:
+          repository: ${{ inputs.repository }}
+          fetch-depth: ${{ inputs.fetch-depth }}
+          ref: ${{ inputs.ref }}
+      - name: Get metadata from HEAD
+        id: export
+        run: |
+          echo "git_sha_long=${{ inputs.ref }}" >> $GITHUB_OUTPUT
+          echo "git_sha_short=$(echo ${{ inputs.ref }} | cut -c1-6)" >> $GITHUB_OUTPUT
+          echo "git_commit_msg=$(git log --format=%s -n 1 ${{ inputs.ref }})" >> $GITHUB_OUTPUT
+
+  notify-build-start:
+    if: startsWith(github.event.pull_request.head.repo.full_name, github.repository_owner) && inputs.notify
+    runs-on: ubuntu-latest
+    needs: [export-github-context, export-metadata]
+    steps:
+      - uses: actions/checkout@master
+        with:
+          repository: daeuniverse/ci-seed-jobs
+          ref: master
+      - id: send-notification
+        uses: ./notification/notify-build-start
+        with:
+          telegram_to: ${{ secrets.TELEGRAM_TO }}
+          telegram_token: ${{ secrets.TELEGRAM_TOKEN }}
+          git_sha_long: ${{ needs.export-metadata.outputs.git_sha_long }}
+          git_sha_short: ${{ needs.export-metadata.outputs.git_sha_short }}
+          git_commit_msg: ${{ needs.export-metadata.outputs.git_commit_msg }}
+
+  instantiate-check-runs:
+    needs: [set-vars]
+    if: startsWith(github.event.pull_request.head.repo.full_name, github.repository_owner)
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        id: ${{ fromJson(needs.set-vars.outputs.check-runs-matrix) }}
+    steps:
+      - name: Instantiate required check runs
+        if: ${{ inputs.check-runs != '[]' }}
+        uses: daeuniverse/ci-seed-jobs/common/instantiate-check-runs@master
+        with:
+          app_id: ${{ secrets.GH_APP_ID }}
+          private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          id: "dae-bot[bot]/${{ matrix.id }}"
