From e4f3b9066b552ddd8f65712a5bd9b2e7948d86a0 Mon Sep 17 00:00:00 2001
From: Bryant Finney <bryant.finney@outlook.com>
Date: Sat, 28 Oct 2023 17:29:18 -0400
Subject: [PATCH] ci(bryant-finney/pyspry#49): refactor build workflow

it is now a reusable workflow that can be included into other workflows.
two were added: one workflow for PRs, and a second for protected
branches / tags

Signed-off-by: Bryant Finney <bryant.finney@outlook.com>
---
 .github/workflows/docker-build.yml | 20 +---------
 .github/workflows/pr.yml           | 64 ++++++++++++++++++++++++++++++
 .github/workflows/protected.yml    | 13 ++++++
 3 files changed, 78 insertions(+), 19 deletions(-)
 create mode 100644 .github/workflows/pr.yml
 create mode 100644 .github/workflows/protected.yml

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 43973bf..5ea3136 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -5,23 +5,8 @@
 # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: 🐳 Docker
 
-# run this workflow for...
-#   - each push to `main`
-#   - each release tag (starting with `v`)
-#   - each pull request that changes a relevant file
 on:
-  push:
-    tags: v*
-    branches:
-      - main
-
-  pull_request:
-    paths:
-      - .github/workflows/docker-build.yml
-      - Dockerfile
-      - docker-compose.yml
-      - platforms.yml
-      - poetry.lock
+  workflow_call:
 
 # ⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯
 
@@ -33,9 +18,6 @@ jobs:
       CI_REGISTRY_IMAGE: ghcr.io/${{ github.repository }}
       PYTHON_VERSION: "3.11"
 
-    permissions:
-      packages: write
-
     runs-on: ubuntu-latest
 
     steps:
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
new file mode 100644
index 0000000..b1cba91
--- /dev/null
+++ b/.github/workflows/pr.yml
@@ -0,0 +1,64 @@
+# Summary: define a CI/CD pipelines to run on PRs
+name: ⬅️ PR Checks
+
+on:
+  pull_request:
+    paths:
+      - .github/workflows/docker-build.yml
+      - Dockerfile
+      - docker-compose.yml
+      - platforms.yml
+      - poetry.lock
+
+jobs:
+  changes:
+    # identify types of files that have changed in this PR
+
+    name: 🔎 Check for changes
+    env:
+      # these types of files should all impact image builds
+      DOCKER_FILES: |-
+        .github/workflows/docker-build.yml
+        Dockerfile
+        docker-compose.yml
+        platforms.yml
+        poetry.lock
+
+      TYPES_DIR: /tmp/types
+
+    outputs:
+      docker: ${{ steps.compare.outputs.docker }}
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: 📂 Checkout
+        uses: actions/checkout@v2
+
+      - name: 📐 Setup
+        run: |
+          mkdir -p $TYPES_DIR
+          printf "%s\n" "${{ env.DOCKER_FILES }}" | sort >$TYPES_DIR/docker-files.txt
+
+      - name: 📝 List changes
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: gh pr diff --name-only ${{ github.event.number }} | sort >/tmp/changes.txt
+
+      - name: ❔ Compare
+        id: compare
+        run: |
+          for type_path in $TYPES_DIR/*.txt; do
+            type_name="$(basename "$type_path" | rev | cut -d- -f2- | rev)"
+
+            comm -12 $type_path /tmp/changes.txt | xargs -I{} test -z "{}" ||
+              echo "${type_name}=true" >>"$GITHUB_OUTPUT"
+          done
+
+  call-docker-build:
+    if: needs.changes.outputs.docker == 'true'
+    needs: changes
+
+    permissions:
+      packages: write
+
+    uses: ./.github/workflows/docker-build.yml
diff --git a/.github/workflows/protected.yml b/.github/workflows/protected.yml
new file mode 100644
index 0000000..b3b9350
--- /dev/null
+++ b/.github/workflows/protected.yml
@@ -0,0 +1,13 @@
+# Summary: define a CI/CD pipeline to run on protected refs
+on:
+  push:
+    tags: v*
+    branches:
+      - main
+
+jobs:
+  call-docker-build:
+    permissions:
+      packages: write
+
+    uses: ./.github/workflows/docker-build.yml