Fix GitHub Actions workflows: standardize runner config and remove duplication

KartalJelena · KartalJelena · commit 7a4f1c3bd257 · 2025-09-08T14:38:34.000+02:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,89 @@
+name: CI
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  secrets_scan:
+    name: Secrets scan
+    uses: ./.github/workflows/secrets-scan.yml
+    secrets: inherit
+
+  notify_slack_success:
+    name: Notify success status to Slack
+    runs-on: ubuntu-latest
+    if: success() && github.ref == 'refs/heads/master' && github.event_name == 'push'
+    needs: [secrets_scan]
+    permissions:
+      actions: read
+      contents: read
+      id-token: write
+    steps:
+      - name: GSM Secrets
+        id: secrets_manager
+        uses: toptal/actions/gsm-secrets@main
+        with:
+          workload_identity_provider: projects/858873486241/locations/global/workloadIdentityPools/gha-pool/providers/github-com
+          service_account: gha-keycodes@toptal-ci.iam.gserviceaccount.com
+          secrets_name: |-
+            SLACK_MARKETING_TOOLS_2_RELEASES_WEBHOOK:toptal-ci/SLACK_MARKETING_TOOLS_2_RELEASES_WEBHOOK
+            SLACK_TEST_PUB_BOT_WEBHOOK:toptal-ci/SLACK_TEST_PUB_BOT_WEBHOOK
+
+      - name: Parse secrets
+        id: parse_secrets
+        uses: toptal/actions/expose-json-outputs@main
+        with:
+          json: ${{ steps.secrets_manager.outputs.secrets }}
+
+      - uses: toptal/slack-workflow-status@master
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          slack_webhook_url: ${{ steps.parse_secrets.outputs.SLACK_MARKETING_TOOLS_2_RELEASES_WEBHOOK }}
+          name: gha-bot
+          icon_url: https://avatars.slack-edge.com/2021-05-17/2068859221653_526c61e414df90dd67f7_192.png
+          include_jobs: on-failure
+          display_only_failed: true
+          include_commit_message: true
+
+  notify_slack_failure:
+    name: Notify failure status to Slack
+    runs-on: ubuntu-latest
+    if: (failure() || cancelled()) && github.ref == 'refs/heads/master' && github.event_name == 'push'
+    needs: [secrets_scan]
+    permissions:
+      actions: read
+      contents: read
+      id-token: write
+    steps:
+      - name: GSM Secrets
+        id: secrets_manager
+        uses: toptal/actions/gsm-secrets@main
+        with:
+          workload_identity_provider: projects/858873486241/locations/global/workloadIdentityPools/gha-pool/providers/github-com
+          service_account: gha-keycodes@toptal-ci.iam.gserviceaccount.com
+          secrets_name: |-
+            SLACK_MARKETING_TOOLS_2_BULLHORN_WEBHOOK:toptal-ci/SLACK_MARKETING_TOOLS_2_BULLHORN_WEBHOOK
+            SLACK_TEST_PUB_BOT_WEBHOOK:toptal-ci/SLACK_TEST_PUB_BOT_WEBHOOK
+
+      - name: Parse secrets
+        id: parse_secrets
+        uses: toptal/actions/expose-json-outputs@main
+        with:
+          json: ${{ steps.secrets_manager.outputs.secrets }}
+
+      - uses: toptal/slack-workflow-status@master
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          slack_webhook_url: ${{ steps.parse_secrets.outputs.SLACK_MARKETING_TOOLS_2_BULLHORN_WEBHOOK }}
+          name: gha-bot
+          icon_url: https://avatars.slack-edge.com/2021-05-17/2068859221653_526c61e414df90dd67f7_192.png
+          include_jobs: on-failure
+          display_only_failed: true
+          include_commit_message: true
+
diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml
@@ -6,7 +6,7 @@ on:
 jobs:
   specs:
     name: Secrets scan
-    runs-on: ubuntu-latest
+    runs-on: squad-growth-ubuntu2204-x64-xsmall
     permissions: write-all
     timeout-minutes: 10
     steps:
diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml
@@ -6,68 +6,35 @@ on:
   pull_request:
 
 jobs:
-  secrets_scan:
-    name: Secrets scan
-    runs-on: squad-growth-ubuntu2204-x64-standard
-    permissions: write-all
-    timeout-minutes: 10
+  unit_tests:
+    name: Unit tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
     steps:
-      - uses: actions/checkout@v4
+      - name: Cancel previous runs
+        uses: styfle/cancel-workflow-action@0.11.0
         with:
-          fetch-depth: 0
+          access_token: ${{ github.token }}
 
-      - name: Get the secrets from GSM
-        id: secrets_manager
-        uses: toptal/actions/gsm-secrets@v1.0.2
-        with:
-          workload_identity_provider: projects/858873486241/locations/global/workloadIdentityPools/gha-pool/providers/github-com
-          service_account: gha-keycodes@toptal-ci.iam.gserviceaccount.com
-          secrets_name: |-
-            SLACK_BOT_TOKEN:toptal-ci/SLACK_BOT_TOKEN
-
-      - name: Parse secrets
-        id: parse_secrets
-        uses: toptal/actions/expose-json-outputs@v1.0.2
-        with:
-          json: ${{ steps.secrets_manager.outputs.secrets }}
-
-      - name: Secrets Scan
-        uses: toptal/actions/secret-scanning-action@main
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          full-scan: true
-          slack-channel: -marketing-tools-2-releases
-          slack-token: ${{ steps.parse_secrets.outputs.SLACK_BOT_TOKEN }}
+      - uses: actions/checkout@v3
 
-  # unit_tests:
-  #   name: Unit tests
-  #   runs-on: ubuntu-latest
-  #   timeout-minutes: 5
-  #   steps:
-  #     - name: Cancel previous runs
-  #       uses: styfle/cancel-workflow-action@0.11.0
-  #       with:
-  #         access_token: ${{ github.token }}
+      - name: Set up steps
+        uses: ./.github/actions/setup-steps
 
-  #     - uses: actions/checkout@v3
+      - name: Unit tests
+        run: yarn test:unit:coverage
 
-  #     - name: Set up steps
-  #       uses: ./.github/actions/setup-steps
-
-  #     - name: Unit tests
-  #       run: yarn test:unit:coverage
-
-  #     - name: Upload Jest HTML report
-  #       if: failure()
-  #       uses: actions/upload-artifact@v4
-  #       with:
-  #         name: jest-unit-tests-report
-  #         path: reports/jest-report-unit.html
-  #         retention-days: 1
+      - name: Upload Jest HTML report
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: jest-unit-tests-report
+          path: reports/jest-report-unit.html
+          retention-days: 1
 
-  #     - name: Upload unit tests coverage report
-  #       uses: actions/upload-artifact@v4
-  #       with:
-  #         name: jest-unit-coverage-report
-  #         path: test-coverage/unit
-  #         retention-days: 1
+      - name: Upload unit tests coverage report
+        uses: actions/upload-artifact@v4
+        with:
+          name: jest-unit-coverage-report
+          path: test-coverage/unit
+          retention-days: 1
