split out workflows

AshleyDumaine · AshleyDumaine · commit 195b5733f875 · 2025-07-08T12:01:41.000-04:00
diff --git a/.github/workflows/build_test_ci.yml b/.github/workflows/build_test_ci.yml
@@ -1,4 +1,4 @@
-name: Build and Test CI
+name: Coverage and E2E
 
 on:
   push:
@@ -39,17 +39,6 @@ jobs:
         with:
           filters: .github/filters.yml
 
-  yamllint:
-    runs-on: ubuntu-latest
-    needs: changes
-    if: ${{ contains(fromJSON(needs.changes.outputs.paths), 'src') }}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Validate YAML file
-        run: yamllint templates
-
   go-build-test:
     environment: ${{ github.event.pull_request.head.repo.fork == true && 'prod-external' || 'prod' }}
     runs-on: ubuntu-latest
@@ -84,12 +73,6 @@ jobs:
           go-version-file: 'go.mod'
           check-latest: true
 
-      - name: Build
-        run: make build
-
-      - name: Check for generated diff
-        run: make check-gen-diff
-
       - name: Test
         run: make test
 
@@ -118,42 +101,3 @@ jobs:
     with:
       e2e-selector: ${{ matrix.flavor }}
       e2e-flags: ${{ matrix.flavor == 'quick' && ''  || '--assert-timeout 20m0s'}}
-
-
-  docker-build:
-    runs-on: ubuntu-latest
-    environment: ${{ github.event.pull_request.head.repo.fork == true && 'prod-external' || 'prod' }}
-    needs: changes
-    if: ${{ contains(fromJSON(needs.changes.outputs.paths), 'src') }}
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@v2
-        with:
-          disable-sudo: true
-          egress-policy: block
-          allowed-endpoints: >
-            api.github.com:443
-            github.com:443
-            proxy.golang.org:443
-            sum.golang.org:443
-            go.dev:443
-            dl.google.com:443
-            golang.org:443
-            objects.githubusercontent.com:443
-            registry-1.docker.io:443
-            auth.docker.io:443
-            production.cloudflare.docker.com:443
-            gcr.io:443
-            storage.googleapis.com:443
-
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-
-      - name: Docker cache
-        uses: ScribeMD/docker-cache@0.5.0
-        with:
-          key: docker-${{ runner.os }}-${{ hashFiles('go.sum') }}
-
-      - name: Build the Docker image
-        run: make docker-build
diff --git a/.github/workflows/pull_request_ci.yaml b/.github/workflows/pull_request_ci.yaml
@@ -0,0 +1,119 @@
+name: Build and Test PR
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pull-requests: read
+  actions: read
+
+concurrency:
+  group: pull-request-ci-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      # Expose matched filters as job 'src' output variable
+      paths: ${{ steps.filter.outputs.changes }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+      - uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: .github/filters.yml
+
+  yamllint:
+    runs-on: ubuntu-latest
+    needs: changes
+    if: ${{ contains(fromJSON(needs.changes.outputs.paths), 'src') }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Validate YAML file
+        run: yamllint templates
+
+  go-build-test:
+    runs-on: ubuntu-latest
+    needs: changes
+    if: ${{ contains(fromJSON(needs.changes.outputs.paths), 'src') }}
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            golang.org:443
+            proxy.golang.org:443
+            sum.golang.org:443
+            objects.githubusercontent.com:443
+            storage.googleapis.com:443
+            cli.codecov.io:443
+            api.codecov.io:443
+            ingest.codecov.io:443
+            raw.githubusercontent.com:443
+
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true
+
+      - name: Build
+        run: make build
+
+      - name: Check for generated diff
+        run: make check-gen-diff
+
+      - name: Test
+        run: make test
+
+  docker-build:
+    runs-on: ubuntu-latest
+    needs: changes
+    if: ${{ contains(fromJSON(needs.changes.outputs.paths), 'src') }}
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            proxy.golang.org:443
+            sum.golang.org:443
+            go.dev:443
+            dl.google.com:443
+            golang.org:443
+            objects.githubusercontent.com:443
+            registry-1.docker.io:443
+            auth.docker.io:443
+            production.cloudflare.docker.com:443
+            gcr.io:443
+            storage.googleapis.com:443
+
+      - uses: actions/checkout@v4
+
+      - name: Docker cache
+        uses: ScribeMD/docker-cache@0.5.0
+        with:
+          key: docker-${{ runner.os }}-${{ hashFiles('go.sum') }}
+
+      - name: Build the Docker image
+        run: make docker-build
