Re-implement ci-cd.yml using custom local actions

Author: gaggle

.github/actions/build-tar-image/action.yml

@@ -0,0 +1,191 @@
+name: "Build & Upload .tar Image"
+description: "Builds image, then uploads it as a workflow artefact to be shared across other jobs"
+inputs:
+  build-add-hosts:
+    description: "List of a customs host-to-IP mapping (e.g., docker:10.180.0.1)"
+    required: false
+  build-allow:
+    description: "List of extra privileged entitlement (e.g., network.host,security.insecure)"
+    required: false
+  build-attests:
+    description: "List of attestation parameters (e.g., type=sbom,generator=image)"
+    required: false
+  build-build-args:
+    description: "List of build-time variables"
+    required: false
+  build-build-contexts:
+    description: "List of additional build contexts (e.g., name=path)"
+    required: false
+  build-builder:
+    description: "Builder instance"
+    required: false
+  build-cache-from:
+    description: "List of external cache sources for buildx (e.g., user/app:cache, type=local,src=path/to/dir)"
+    required: false
+  build-cache-to:
+    description: "List of cache export destinations for buildx (e.g., user/app:cache, type=local,dest=path/to/dir)"
+    required: false
+  build-cgroup-parent:
+    description: "Optional parent cgroup for the container used in the build"
+    required: false
+  build-context:
+    description: "Build's context is the set of files located in the specified PATH or URL"
+    required: false
+  build-file:
+    description: "Path to the Dockerfile"
+    required: false
+  #build-labels:
+  #  description: "List of metadata for an image"
+  #  required: false
+  build-load:
+    description: "Load is a shorthand for --output=type=docker"
+    required: false
+    default: 'false'
+  build-network:
+    description: "Set the networking mode for the RUN instructions during build"
+    required: false
+  build-no-cache:
+    description: "Do not use cache when building the image"
+    required: false
+    default: 'false'
+  build-no-cache-filters:
+    description: "Do not cache specified stages"
+    required: false
+  #build-outputs:
+  #  description: "List of output destinations (format: type=local,dest=path)"
+  #  required: false
+  build-platforms:
+    description: "List of target platforms for build"
+    required: false
+  build-provenance:
+    description: "Generate provenance attestation for the build (shorthand for --attest=type=provenance)"
+    required: false
+  build-pull:
+    description: "Always attempt to pull all referenced images"
+    required: false
+    default: 'false'
+  #build-push:
+  #  description: "Push is a shorthand for --output=type=registry"
+  #  required: false
+  #  default: 'false'
+  build-sbom:
+    description: "Generate SBOM attestation for the build (shorthand for --attest=type=sbom)"
+    required: false
+  build-secrets:
+    description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)"
+    required: false
+  build-secret-files:
+    description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)"
+    required: false
+  build-shm-size:
+    description: "Size of /dev/shm (e.g., 2g)"
+    required: false
+  build-ssh:
+    description: "List of SSH agent socket or keys to expose to the build"
+    required: false
+  #build-tags:
+  #  description: "List of tags"
+  #  required: false
+  build-target:
+    description: "Sets the target stage to build"
+    required: false
+  build-ulimit:
+    description: "Ulimit options (e.g., nofile=1024:1024)"
+    required: false
+  build-github-token:
+    description: "GitHub Token used to authenticate against a repository for Git context"
+    default: ${{ github.token }}
+    required: false
+  upload-name:
+    default: ${{ github.event.repository.name }}
+  upload-tag:
+    default: ${{ github.run_id }}
+outputs:
+  image-name:
+    description: "The container image that got downloaded and made available. Effectively <download-name>:<download-tag>. Also available via `env.IMAGE_NAME`"
+    value: ""
+runs:
+  using: "composite"
+  steps:
+    - uses: docker/setup-buildx-action@v3
+    - uses: docker/metadata-action@v5
+      id: meta
+      with:
+        images: ${{ inputs.upload-name }}:${{ inputs.upload-tag }}
+    - uses: actions/cache@v3
+      with:
+        path: /tmp/.buildx-cache
+        key: ${{ runner.os }}-buildx
+        restore-keys: |
+          ${{ runner.os }}-buildx-
+    - name: Build image
+      uses: docker/build-push-action@v5
+      with:
+        add-hosts: ${{ inputs.build-add-hosts }}
+        allow: ${{ inputs.build-allow }}
+        attests: ${{ inputs.build-attests }}
+        build-args: ${{ inputs.build-build-args }}
+        build-contexts: ${{ inputs.build-build-contexts }}
+        builder: ${{ inputs.build-builder }}
+        cache-from: ${{ inputs.build-cache-from }}
+        cache-to: ${{ inputs.build-cache-to }}
+        cgroup-parent: ${{ inputs.build-cgroup-parent }}
+        context: ${{ inputs.build-context }}
+        file: ${{ inputs.build-file }}
+        labels: ${{ steps.meta.outputs.labels }}
+        load: ${{ inputs.build-load }}
+        network: ${{ inputs.build-network }}
+        no-cache: ${{ inputs.build-no-cache }}
+        no-cache-filters: ${{ inputs.build-no-cache-filters }}
+        outputs: type=docker,dest=/tmp/${{ inputs.upload-name }}.tar
+        platforms: ${{ inputs.build-platforms }}
+        provenance: ${{ inputs.build-provenance }}
+        pull: ${{ inputs.build-pull }}
+        push: false
+        sbom: ${{ inputs.build-sbom }}
+        secrets: ${{ inputs.build-secrets }}
+        #secret-envs: ${{ inputs.build-secret-envs }}
+        secret-files: ${{ inputs.build-secret-files }}
+        shm-size: ${{ inputs.build-shm-size }}
+        ssh: ${{ inputs.build-ssh }}
+        tags: ${{ inputs.upload-name }}:${{ inputs.upload-tag }}
+        target: ${{ inputs.build-target }}
+        ulimit: ${{ inputs.build-ulimit }}
+        github-token: ${{ inputs.build-github-token }}
+    - uses: actions/upload-artifact@v3
+      with:
+        name: ${{ inputs.upload-name }}
+        path: /tmp/${{ inputs.upload-name }}.tar
+    - name: Set outputs
+      run: |
+        set -euo pipefail
+        
+        debug_log() {
+          if [ "${RUNNER_DEBUG:-0}" = "1" ]; then
+            echo "##[debug]$1"
+          fi
+        }
+
+        set_output() {
+          local value="$1"
+          local output_key="$2"
+          local env_key="${3:-}"
+        
+          if [ -z "$value" ] || [ -z "$output_key" ]; then
+            echo "Missing essential arguments to set_output_and_env"
+            return 1
+          fi
+        
+          # If env_key is empty, convert output_key to upper snake case
+          if [ -z "$env_key" ]; then
+            env_key=$(echo "$output_key" | awk '{print toupper($0)}' | sed 's/-/_/g')
+          fi
+        
+          echo "$output_key=$value" >> "$GITHUB_OUTPUT"
+          echo "$env_key=$value" >> "$GITHUB_ENV"
+        }
+        
+        image_value="${{ inputs.upload-name }}:${{ inputs.upload-tag }}"
+        set_output "$image_value" "image-name"
+        debug_log "GitHub Output: $(cat "$GITHUB_OUTPUT")\nGitHub Env: $(cat "$GITHUB_ENV")"
+      shell: bash

.github/actions/load-tar-image/action.yml

@@ -0,0 +1,55 @@
+name: "Download & Load .tar Image"
+description: "Download image from build-tar-image action and make it available for testing, pushing, etc."
+inputs:
+  download-name:
+    default: ${{ github.event.repository.name }}
+  download-tag:
+    default: ${{ github.run_id }}
+outputs:
+  image-name:
+    description: "The container image that got downloaded and made available. Effectively <download-name>:<download-tag>. Also available via `env.IMAGE_NAME`"
+    value: ""
+runs:
+  using: "composite"
+  steps:
+    - name: Download artifact
+      uses: actions/download-artifact@v3
+      with:
+        name: ${{ inputs.download-name }}
+        path: /tmp
+    - name: Load image
+      run: docker load --input /tmp/${{ inputs.download-name }}.tar
+      shell: bash
+    - name: Set outputs
+      run: |
+        set -euo pipefail
+        
+        debug_log() {
+          if [ "${RUNNER_DEBUG:-0}" = "1" ]; then
+            echo "##[debug]$1"
+          fi
+        }
+
+        set_output() {
+          local value="$1"
+          local output_key="$2"
+          local env_key="${3:-}"
+        
+          if [ -z "$value" ] || [ -z "$output_key" ]; then
+            echo "Missing essential arguments to set_output_and_env"
+            return 1
+          fi
+        
+          # If env_key is empty, convert output_key to upper snake case
+          if [ -z "$env_key" ]; then
+            env_key=$(echo "$output_key" | awk '{print toupper($0)}' | sed 's/-/_/g')
+          fi
+        
+          echo "$output_key=$value" >> "$GITHUB_OUTPUT"
+          echo "$env_key=$value" >> "$GITHUB_ENV"
+        }
+        
+        image_value="${{ inputs.download-name }}:${{ inputs.download-tag }}"
+        set_output "$image_value" "image-name"
+        debug_log "GitHub Output: $(cat "$GITHUB_OUTPUT")\nGitHub Env: $(cat "$GITHUB_ENV")"
+      shell: bash

.github/actions/push-tar-image/action.yml

@@ -0,0 +1,41 @@
+name: "Tag and Push Image"
+description: "Log in to Docker registry, generate metadata, re-tag the source image, and push it"
+inputs:
+  source-image:
+    description: "Name of the image to re-tag and push"
+    required: true
+  semver:
+    description: "Semantic version"
+    required: true
+  exists:
+    description: "Does the version tag exist?"
+    required: true
+  push:
+    description: "If false runs a dry-run that doesn't actually push"
+    default: "true"
+runs:
+  using: "composite"
+  steps:
+    - name: Generate Docker Metadata
+      uses: docker/metadata-action@v5
+      id: meta
+      with:
+        images: ${{ github.repository }}
+        tags: |
+          type=ref,event=branch,prefix=branch-,enable=${{ github.ref != format('refs/heads/{0}', 'main') }}
+          type=semver,pattern=v{{version}},value=${{ inputs.semver }},enable=${{ github.ref == format('refs/heads/{0}', 'main') && fromJSON(inputs.exists) == false }}
+          type=semver,pattern=v{{major}}.{{minor}},value=${{ inputs.semver }},enable=${{ github.ref == format('refs/heads/{0}', 'main') && fromJSON(inputs.exists) == false }}
+          type=semver,pattern=v{{major}},value=${{ inputs.semver }},enable=${{ github.ref == format('refs/heads/{0}', 'main') && fromJSON(inputs.exists) == false && !(startsWith(inputs.semver, '0')) }}
+          type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') && fromJSON(inputs.exists) == false }}
+          type=sha,format=long
+    - name: Tag image
+      run: |
+        echo "${{ steps.meta.outputs.tags }}" | while read -r tag; do
+          echo "Processing tag: $tag"
+          docker tag ${{ inputs.source-image }} "$tag"
+        done
+      shell: bash
+    - name: Push image
+      if: inputs.push == 'true'
+      run: docker push --all-tags ghcr.io/${{ inputs.repository }}
+      shell: bash

.github/actions/run-e2e/action.yml

@@ -0,0 +1,32 @@
+name: "Run Script & Assert Output"
+description: "Run a script via the Elixir Script Action, and verify its output matches the expected result"
+inputs:
+  image-name:
+    description: "The container image the Elixir Script Action uses to run the script"
+    required: true
+  script:
+    description: "The script to run"
+    required: true
+  expected:
+    description: "The expected output"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Update action.yml to point to ${{ inputs.image-name }}
+      run: |
+        sed -i 's/\(  image: \).*/\1${{ inputs.image-name }}/' action.yml
+      shell: bash
+    - name: Run gaggle/elixir_script
+      id: run
+      uses: ./
+      with:
+        script: |
+          ${{ matrix.data.script }}
+    - name: Assert output
+      run: |
+        expected="${{ matrix.data.expected }}"
+        output="${{steps.run.outputs.result}}"
+        [[ "$output" != "$expected" ]] && echo "::error::❌ Expected '$expected', got '$output'" && exit 1
+        echo "✅ Test passed, outputs.result: ${{toJSON(steps.run.outputs.result)}}"
+      shell: bash

.github/actions/version/action.yml

@@ -0,0 +1,40 @@
+name: "Version Config"
+description: "Parse version and check if the codebase is in a pushable state"
+inputs:
+  semver:
+    description: "The version string to be parsed and checked"
+    required: true
+  default-branch:
+    description: "Name of main branch"
+    default: ${{ github.event.repository.default-branch }}
+  debug:
+    description: Default is to run in debug mode when the GitHub Actions step debug logging is turned on.
+    default: ${{ runner.debug == '1' }}
+outputs:
+  semver:
+    description: "The full semantic version. Same as input.semver"
+    value: ""
+  major:
+    description: "Major version, 1.2.3 -> 1"
+    value: ""
+  minor:
+    description: "Minor version, 1.2.3 -> 2"
+    value: ""
+  patch:
+    description: "Patch version, 1.2.3 -> 3"
+    value: ""
+  tag-exists:
+    description: "Indicates whether a Git tag already exists for the version"
+    value: ""
+  releasable:
+    description: "Determines if the current state of the codebase should released, determined by whether the commit is for the default branch and if the version it's associated with has already been released"
+    value: ""
+runs:
+  using: "composite"
+  steps:
+    - run: ${{ github.action_path }}/entrypoint.sh
+      shell: bash
+      env:
+        INPUT_SEMVER: ${{ inputs.semver }}
+        INPUT_DEFAULT_BRANCH: ${{ inputs.default-branch }}
+        INPUT_DEBUG: ${{ inputs.debug }}