ci: Improve workflow files (#111)

* Update workflow files

* Fix yaml lint errors

* Setup node and install deps when building stackable-cockpitd

* Update actions, remove old workflow file

* Bump checkout action version

* Adjust cockpit and stackablectl workflow triggers

* Fix double quote issue

* Rework workflow triggers again

Because workflow_run is weird and doesn't trigger on branches other than
the default one like 'main' or 'master'. In conclusion: This trigger is
weirdly designed and pretty much useless.

* Only target package stackable-cockpit when setting version

* Run Cockpit Web workflow when CI changes

* Minor formatting

Author: Techassi

.github/workflows/build.yml

@@ -1,20 +1,16 @@
-# =============
-# This file is automatically generated from the templates in stackabletech/operator-templating
-# DON'T MANUALLY EDIT THIS FILE
-# =============
 ---
 name: Security audit
 
 on:
   schedule:
-    - cron: '15 4 * * *'
+    - cron: "15 4 * * *"
   workflow_dispatch:
 
 jobs:
   audit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
       - uses: actions-rs/audit-check@35b7b53b1e25b55642157ac01b4adceb5b9ebef3 # renovate: tag=v1.2.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/daily_security.yml renamed to .github/workflows/general_daily_security.yml

@@ -1,23 +1,19 @@
 ---
 name: web
 on:
-  push:
-    branches:
-      - main
-      - staging
-      - trying
-      - "renovate/**"
-    tags:
-      - '[0-9][0-9].[0-9]+.[0-9]+'
   pull_request:
-  merge_group:
+    paths:
+      - ".github/workflows/pr_cockpit-web.yml"
+      - "package.json"
+      - "yarn.lock"
+      - "web"
 
 jobs:
   build-web:
     name: Web frontend built
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
       - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 18
@@ -29,7 +25,7 @@ jobs:
     name: Validate web formatting
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
       - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 18

.github/workflows/web.yaml renamed to .github/workflows/pr_cockpit-web.yml

@@ -0,0 +1,113 @@
+---
+name: Pull Request Cockpit
+
+on:
+  pull_request:
+    paths:
+      - ".github/workflows/pr_cockpit.yml"
+      - "rust/stackable-cockpitd"
+      - "rust/stackable-cockpit"
+      - "docs/modules/cockpit"
+      - "docs/modules/ROOT"
+      - "Cargo.lock"
+      - "deploy"
+      - "docker"
+      - "go.sum"
+
+env:
+  RUST_VERSION: 1.70.0
+  CARGO_TERM_COLOR: always
+  CARGO_INCREMENTAL: "0"
+  CARGO_PROFILE_DEV_DEBUG: "0"
+  RUSTFLAGS: "-D warnings"
+  RUSTDOCFLAGS: "-D warnings"
+  RUST_LOG: "info"
+  DEV_REPO_HELM_URL: https://repo.stackable.tech/repository/helm-dev
+
+jobs:
+  general-checks:
+    name: General Pull Request Checks
+    uses: ./.github/workflows/pr_general.yml
+
+  reviewdog-checks:
+    name: Reviewdog Pull Request Checks
+    uses: ./.github/workflows/pr_reviewdog.yml
+
+  check-charts:
+    name: Helm Chart Check
+    runs-on: ubuntu-latest
+    needs:
+      - general-checks
+      - reviewdog-checks
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        with:
+          submodules: recursive
+
+      - name: Setup Helm
+        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
+        with:
+          version: v3.6.2
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+
+      - name: Setup Rust Cache
+        uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
+        with:
+          key: pr-stackable-cockpit-chart
+
+      - name: Regenerate Charts
+        run: make regenerate-charts
+
+      - name: Checking that Helm Charts are up-to-date
+        run: git diff --exit-code
+
+      - name: Helm Charts not up-to-date
+        if: ${{ failure() }}
+        uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # v6
+        with:
+          script: |
+            core.setFailed('Committed Helm charts were not up to date, please regenerate and re-commit!')
+
+  publish:
+    name: Publish Docker Image
+    runs-on: ubuntu-latest
+    env:
+      NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+    outputs:
+      IMAGE_TAG: ${{ steps.printtag.outputs.IMAGE_TAG }}
+    needs:
+      - check-charts
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        with:
+          submodules: recursive
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+
+      - name: Setup Rust Cache
+        uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
+        with:
+          key: pr-stackable-cockpit-chart
+
+      - name: Update Version
+        run: |
+          cargo install cargo-edit --version 0.11.11
+          cargo set-version --offline --package stackable-cockpit 0.0.0-pr${{ github.event.pull_request.number }}
+
+      # Recreate charts and publish charts and docker image. The "-e" is needed as we want to override the
+      # default value in the makefile if called from this action, but not otherwise (i.e. when called locally).
+      # This is needed for the HELM_REPO variable.
+      - name: Publish Docker Image and Helm Chart
+        run: make -e publish
+      - id: printtag
+        name: Output Image Name and Tag
+        run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> "$GITHUB_OUTPUT"

.github/workflows/pr_cockpit.yml

@@ -0,0 +1,175 @@
+---
+name: Pull Request General
+
+on: workflow_call
+
+env:
+  RUST_VERSION: 1.70.0
+  CARGO_TERM_COLOR: always
+  CARGO_INCREMENTAL: "0"
+  CARGO_PROFILE_DEV_DEBUG: "0"
+  RUSTFLAGS: "-D warnings"
+  RUSTDOCFLAGS: "-D warnings"
+  RUST_LOG: "info"
+
+jobs:
+  run_udeps:
+    name: Run Cargo Udeps
+    runs-on: ubuntu-latest
+    env:
+      RUSTC_BOOTSTRAP: 1
+    steps:
+      - name: Install host dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        with:
+          submodules: recursive
+
+      - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+        with:
+          node-version: 18
+          cache: yarn
+      - run: yarn install --frozen-lockfile
+
+      - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
+        with:
+          key: udeps
+      - run: cargo install cargo-udeps
+      - run: cargo udeps --workspace
+
+  run_cargodeny:
+    name: Run Cargo Deny
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        checks:
+          - advisories
+          - bans licenses sources
+    # Prevent sudden announcement of a new advisory from failing ci:
+    continue-on-error: ${{ matrix.checks == 'advisories' }}
+    steps:
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        with:
+          submodules: recursive
+      - uses: EmbarkStudios/cargo-deny-action@a50c7d5f86370e02fae8472c398f15a36e517bb8 # v1.5.4
+        with:
+          command: check ${{ matrix.checks }}
+
+  run_rustfmt:
+    name: Run Rustfmt
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        with:
+          submodules: recursive
+      - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+          components: rustfmt
+      - run: cargo fmt --all -- --check
+
+  run_clippy:
+    name: Run Clippy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        with:
+          submodules: recursive
+
+      - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+          components: clippy
+
+      - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
+        with:
+          key: clippy
+
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+        with:
+          node-version: 18
+          cache: yarn
+
+      - run: yarn install --frozen-lockfile
+      - name: Run clippy action to produce annotations
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        uses: giraffate/clippy-action@871cc4173f2594435c7ea6b0bce499cf6c2164a1
+        if: env.GITHUB_TOKEN != null
+        with:
+          clippy_flags: --all-targets -- -D warnings
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          reporter: "github-pr-check"
+
+      - name: Run clippy manually without annotations
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        if: env.GITHUB_TOKEN == null
+        run: cargo clippy --all-targets -- -D warnings
+
+  run_rustdoc:
+    name: Run RustDoc
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        with:
+          submodules: recursive
+
+      - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+          components: rustfmt
+
+      - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
+        with:
+          key: doc
+
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+        with:
+          node-version: 18
+          cache: yarn
+      - run: yarn install --frozen-lockfile
+      - run: cargo doc --document-private-items
+
+  run_tests:
+    name: Run Cargo Tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        with:
+          submodules: recursive
+
+      - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+
+      - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0
+        with:
+          key: test
+
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+        with:
+          node-version: 18
+          cache: yarn
+      - run: yarn install --frozen-lockfile
+      - run: cargo test
+
+  tests_passed:
+    name: All tests passed
+    needs:
+      - run_udeps
+      - run_cargodeny
+      - run_clippy
+      - run_rustfmt
+      - run_rustdoc
+      - run_tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: log
+        run: echo All tests have passed!