Add setup composite action

Signed-off-by: peterdeme <[email protected]>

.github/workflows/build.yml

@@ -10,27 +10,12 @@ jobs:
   build-binary:
     name: 👷 Build binary
     runs-on: ubuntu-latest
-    container: golang:1.20
 
     steps:
       - name: Check out repository code
         uses: actions/checkout@v4
 
-      - name: Mark source directory as safe.
-        run: git config --global --add safe.directory $GITHUB_WORKSPACE
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          platforms: "linux/amd64,linux/arm64"
-
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v5
+        uses: ./.github/workflows/goreleaser
         with:
-          args: release --snapshot
-        env:
-          BUGSNAG_API_KEY: "REAL_KEY_NOT_NEEDED_HERE"
-          REPOSITORY_URL: "ghcr.io/spacelift-io/vcs-agent"
+          repository_url: "ghcr.io/spacelift-io/vcs-agent"

.github/workflows/goreleaser/action.yml

@@ -0,0 +1,50 @@
+name: Run GoReleaser
+description: Sets up the proper Go version, Docker Buildx, QEMU, and runs GoReleaser
+
+inputs:
+  snapshot:
+    description: Whether to create a snapshot release or real one
+    default: "true"
+  bugsnag_api_key:
+    description: The Bugsnag API key
+    default: "NOT_SET"
+  repository_url:
+    description: The repository URL that GoReleaser will use to create the Docker images
+    required: true
+  github_token:
+    description: The GitHub token
+    required: false
+  disable_github_release:
+    description: Whether to disable publishing the GitHub release
+    default: "true"
+
+runs:
+    using: composite
+    steps:      
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with: { go-version: "1.20" }
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: "linux/amd64,linux/arm64"
+
+      - name: Run GoReleaser
+        id: goreleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          args: release --snapshot=${{ inputs.snapshot }}
+        env:
+          BUGSNAG_API_KEY: ${{ inputs.bugsnag_api_key }}
+          REPOSITORY_URL: ${{ inputs.repository_url }}
+          GITHUB_TOKEN: ${{ inputs.github_token }}
+          DISABLE_GITHUB_RELEASE: ${{ inputs.DISABLE_GITHUB_RELEASE }}
+
+outputs:
+  metadata:
+    description: The release metadata of GoReleaser
+    value: ${{ steps.goreleaser.outputs.metadata }}

.github/workflows/publish/action.yml

@@ -33,9 +33,8 @@ inputs:
 runs:
   using: composite
   steps:      
-    - name: Setup Go
-      uses: actions/setup-go@v4
-      with: { go-version: "1.20" }
+    - name: Setup Go and Docker
+      uses: ./.github/workflows/setup
 
     - name: Configure AWS credentials
       uses: aws-actions/configure-aws-credentials@v4
@@ -49,14 +48,6 @@ runs:
       if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
       shell: bash
       run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
-      with:
-        platforms: linux/amd64,linux/arm64
 
     - name: Run GoReleaser
       uses: goreleaser/goreleaser-action@v5

.github/workflows/security.yml

@@ -29,7 +29,6 @@ jobs:
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v1
 
-
   gosec:
     name: 👮‍♀️ GoSec
     runs-on: ubuntu-latest

.github/workflows/setup/action.yml

@@ -0,0 +1,17 @@
+name: Setup Go and Docker
+description: Setup the proper Go versions and the Docker environment
+
+runs:
+    using: composite
+    steps:      
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with: { go-version: "1.20" }
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: "linux/amd64,linux/arm64"

.github/workflows/trivy.yml

@@ -20,28 +20,12 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-        with: { fetch-depth: 0 }
-
-      - name: Setup Go
-        uses: actions/setup-go@v4
-        with: { go-version: "1.20" }
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          platforms: "linux/amd64,linux/arm64"
 
       - name: Run GoReleaser
+        uses: ./.github/workflows/goreleaser
         id: goreleaser
-        uses: goreleaser/goreleaser-action@v5
         with:
-          args: release --snapshot
-        env:
-          BUGSNAG_API_KEY: "REAL_KEY_NOT_NEEDED_HERE"
-          REPOSITORY_URL: "ghcr.io/spacelift-io/vcs-agent"
+          repository_url: "ghcr.io/spacelift-io/vcs-agent"
 
       - name: Run Trivy vulnerability scanner (amd64)
         uses: aquasecurity/trivy-action@master

.goreleaser.yaml

@@ -14,6 +14,9 @@ builds:
 changelog:
   use: github-native
 
+release:
+  disable: "{{ .Env.DISABLE_GITHUB_RELEASE }}"
+
 archives:
   - format: zip
     name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"