ci: split the ci to release driven workflows

.github/workflows/_discover_python_ver.yml

@@ -0,0 +1,28 @@
+name: (sub) Discover Python version
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  contents: read
+
+on:
+  workflow_call:
+    outputs:
+      pyversion:
+        description: A discovered Python version
+        value: ${{ jobs.pyversion.outputs.pyversion }}
+
+jobs:
+  pyversion:
+    name: Discover minimum Python version
+    runs-on: ubuntu-latest
+    outputs:
+      pyversion: ${{ steps.pyversion.outputs.pyversion }}
+    steps:
+      - name: checkout code
+        uses: actions/checkout@v3
+      - name: discover Python version
+        id: pyversion
+        uses: ./.github/actions/discover_python_version

.github/workflows/pr.yml

@@ -18,15 +18,7 @@ jobs:
 
   pyversion:
     name: Discover minimum Python version
-    runs-on: ubuntu-latest
-    outputs:
-      pyversion: ${{ steps.pyversion.outputs.pyversion }}
-    steps:
-      - name: checkout code
-        uses: actions/checkout@v3
-      - name: discover Python version
-        id: pyversion
-        uses: ./.github/actions/discover_python_version
+    uses: ./.github/workflows/_discover_python_ver.yml
 
   code_format:
     name: Formatting and security
@@ -58,7 +50,7 @@ jobs:
     permissions:
       contents: read
       packages: write
-    uses: ./.github/workflows/docker.yml
+    uses: ./.github/workflows/_docker.yml
     with:
       publish: false
       python_version: ${{ needs.pyversion.outputs.pyversion }}

.github/workflows/publish_docker_image.yml

@@ -0,0 +1,26 @@
+name: (publish) Docker image
+run-name: Publish a Docker image for release ${{ github.event.release.tag_name }}
+
+permissions:
+  contents: read
+
+on:
+  release:
+    types: released
+
+jobs:
+  pyversion:
+    name: Discover minimum Python version
+    uses: ./.github/workflows/_discover_python_ver.yml
+
+  docker_image_build:
+    name: Build and Publish Docker image
+    needs: pyversion
+    permissions:
+      contents: read
+      packages: write
+    uses: ./.github/workflows/_docker.yml
+    with:
+      publish: true
+      python_version: ${{ needs.pyversion.outputs.pyversion }}
+      tag_name: ${{ github.event.release.tag_name }}

.github/workflows/publish_documentation.yml

@@ -0,0 +1,114 @@
+name: (publish) Documentation
+run-name: Publish documentation to PanDev for release ${{ github.event.release.tag_name }}
+
+on:
+  release:
+    types: released
+
+permissions:
+  contents: read
+
+jobs:
+  cleanup_pandev:
+    name: Cleanup documentation release PRs @PAN.DEV
+    runs-on: ubuntu-latest
+    steps:
+      - name: cleanup old PRs
+        uses: actions/github-script@v6
+        with:
+          result-encoding: string
+          github-token: ${{ secrets.CLSC_PAT }}
+          script: |
+            let prs = await github.rest.pulls.list({
+              owner: "PaloAltoNetworks",
+              repo: "pan.dev",
+              state: "open",
+            })
+
+            let prs_list = prs.data
+            console.log("Total PRs found: " + prs_list.length)
+
+            let found = false
+            let pr_no
+
+            if (prs_list.length > 0){
+              console.log("Removing obsolete PRs:")
+              for (let pr of prs_list){
+                if (
+                  pr.head.label.includes("PaloAltoNetworks:v")
+                  && pr.head.repo.full_name == "PaloAltoNetworks/panos-upgrade-assurance-pan.dev"
+                ){
+                  console.log(" - removing PR (#" + pr.number + ") " + pr.title + " -> " + pr.url)
+
+                  await github.rest.pulls.update({
+                    owner: "PaloAltoNetworks",
+                    repo: "pan.dev",
+                    pull_number: pr.number,
+                    state: "closed",
+                  })
+                }
+              }
+            }
+
+  store_documentation:
+    name: Fetch the updated documentation
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout code
+        uses: actions/checkout@v3
+      - name: pack the documentation
+        working-directory: docs
+        run: tar --exclude .DS_Store --exclude sidebars.js -cvf documentation.tar *
+      - name: upload the documentation artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: documentation
+          path: docs/documentation.tar
+
+  update_pandev:
+    name: Create a PR for pan.dev
+    needs: 
+      - cleanup_pandev
+      - store_documentation
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: checkout pan.dev
+        uses: actions/checkout@v3
+        with:
+          repository: PaloAltoNetworks/pan.dev
+          token: ${{ secrets.CLSC_PAT }}
+
+      - name: download documentation artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: documentation
+          path: products/panos/docs
+
+      - name: unpack the documentation
+        working-directory: products/panos/docs
+        run: |
+          rm -rf 'panos-upgrade-assurance'
+          tar xvf documentation.tar
+          rm -f documentation.tar
+
+      - name: create a PR to upstream pan.dev
+        id: pr
+        uses: peter-evans/create-pull-request@v5
+        with:
+          token: ${{ secrets.CLSC_PAT }}
+          delete-branch: true
+          branch: "upgeade_assurance_${{ github.event.release.tag_name }}"
+          title: "[PAN-OS Upgrade Assurance] documentation update for release: ${{ github.event.release.tag_name }}"
+          commit-message: "docs: PanOS Upgrade Assurance documentation update"
+          labels: netsec
+          body: |
+            # Description
+
+            A PR made for changes introduced into documentation on ${{ github.event.release.tag_name }} release.
+
+            # Types of changes
+
+            New feature (non-breaking change which adds functionality)

.github/workflows/publish_python_package.yml

@@ -0,0 +1,40 @@
+name: (publish) Python package
+run-name: Publish a Python package for release ${{ github.event.release.tag_name }}
+
+on:
+  release:
+    types: released
+
+permissions:
+  contents: read
+
+jobs:
+  pyversion:
+    name: Discover minimum Python version
+    uses: ./.github/workflows/_discover_python_ver.yml
+
+  package:
+    name: Publish Python package
+    runs-on: ubuntu-latest
+    needs: pyversion
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Install Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ needs.pyversion.outputs.pyversion }}
+
+      - name: Install Poetry
+        uses: Gr1N/setup-poetry@v8
+
+      - name: Create Poetry venv 
+        run: |
+          poetry env use ${{ needs.pyversion.outputs.pyversion }}
+
+      - name: Publish to PyPI
+        env:
+          POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_TOKEN }}
+        run: |
+          poetry publish --build --skip-existing

.github/workflows/release.yml

@@ -40,15 +40,8 @@ jobs:
     name: Discover minimum Python version
     needs: rc
     if: needs.rc.outputs.rc == 'true'
-    runs-on: ubuntu-latest
-    outputs:
-      pyversion: ${{ steps.pyversion.outputs.pyversion }}
-    steps:
-      - name: checkout code
-        uses: actions/checkout@v3
-      - name: discover Python version
-        id: pyversion
-        uses: ./.github/actions/discover_python_version
+    uses: ./.github/workflows/_discover_python_ver.yml
+
 
   code_format:
     name: Validate code formatting
@@ -120,138 +113,3 @@ jobs:
             @semantic-release/git@^10.0.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Publish to PyPI
-        env:
-          POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_TOKEN }}
-        run: |
-          poetry publish --build --skip-existing
-
-  docker_image_build:
-    name: Build and Publish Docker image
-    needs: 
-      - rc
-      - release
-      - pyversion
-    permissions:
-      contents: read
-      packages: write
-    uses: ./.github/workflows/docker.yml
-    with:
-      publish: true
-      python_version: ${{ needs.pyversion.outputs.pyversion }}
-      tag_name: v${{ needs.rc.outputs.ver }}
-
-  cleanup_pandev:
-    name: Cleanup documentation release PRs @PAN.DEV
-    runs-on: ubuntu-latest
-    if: needs.release.outputs.released == 'true'
-    needs: 
-      - docker_image_build
-      - release
-    steps:
-      - name: cleanup old PRs
-        uses: actions/github-script@v6
-        with:
-          result-encoding: string
-          github-token: ${{ secrets.CLSC_PAT }}
-          script: |
-            let prs = await github.rest.pulls.list({
-              owner: "PaloAltoNetworks",
-              repo: "pan.dev",
-              state: "open",
-            })
-
-            let prs_list = prs.data
-            console.log("Total PRs found: " + prs_list.length)
-
-            let found = false
-            let pr_no
-
-            if (prs_list.length > 0){
-              console.log("Removing obsolete PRs:")
-              for (let pr of prs_list){
-                if (
-                  pr.head.label.includes("PaloAltoNetworks:v")
-                  && pr.head.repo.full_name == "PaloAltoNetworks/panos-upgrade-assurance-pan.dev"
-                ){
-                  console.log(" - removing PR (#" + pr.number + ") " + pr.title + " -> " + pr.url)
-
-                  await github.rest.pulls.update({
-                    owner: "PaloAltoNetworks",
-                    repo: "pan.dev",
-                    pull_number: pr.number,
-                    state: "closed",
-                  })
-                }
-              }
-            }
-
-  store_documentation:
-    name: Fetch the updated documentation
-    if: needs.release.outputs.released == 'true'
-    needs: 
-      - docker_image_build
-      - release
-    runs-on: ubuntu-latest
-    steps:
-      - name: checkout code
-        uses: actions/checkout@v3
-      - name: pack the documentation
-        working-directory: docs
-        run: tar --exclude .DS_Store --exclude sidebars.js -cvf documentation.tar *
-      - name: upload the documentation artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: documentation
-          path: docs/documentation.tar
-
-  update_pandev:
-    name: Create a PR for pan.dev
-    if: needs.release.outputs.released == 'true'
-    needs: 
-      - cleanup_pandev
-      - release
-      - store_documentation
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-    steps:
-      - name: checkout pan.dev
-        uses: actions/checkout@v3
-        with:
-          repository: PaloAltoNetworks/pan.dev
-          token: ${{ secrets.CLSC_PAT }}
-
-      - name: download documentation artifact
-        uses: actions/download-artifact@v3
-        with:
-          name: documentation
-          path: products/panos/docs
-
-      - name: unpack the documentation
-        working-directory: products/panos/docs
-        run: |
-          rm -rf 'panos-upgrade-assurance'
-          tar xvf documentation.tar
-          rm -f documentation.tar
-
-      - name: create a PR to upstream pan.dev
-        id: pr
-        uses: peter-evans/create-pull-request@v5
-        with:
-          push-to-fork: PaloAltoNetworks/panos-upgrade-assurance-pan.dev
-          token: ${{ secrets.CLSC_PAT }}
-          delete-branch: true
-          branch: "${{ needs.release.outputs.tag }}"
-          title: "[PAN-OS Upgrade Assurance] documentation update for release: ${{ needs.release.outputs.tag }}"
-          commit-message: "docs: PanOS Upgrade Assurance documentation update"
-          body: |
-            # Description
-
-            A PR made for changes introduced into documentation on ${{ needs.release.outputs.tag }} release.
-
-            # Types of changes
-
-            New feature (non-breaking change which adds functionality)