refactor: workflow restructure

Author: andhreljaKern

.github/workflows/az_acr_push.yml

@@ -40,7 +40,9 @@ jobs:
           file: 'Dockerfile'
           tags: ${{ env.AZURE_CONTAINER_REGISTRY }}/${{ github.event.repository.name }}:${{ matrix.platform}}
           push: true
-          build-args: platform=linux/${{ matrix.platform}}
+          build-args: |
+            platform=linux/${{ matrix.platform}}
+            label=dockerfile-path=https://github.com/${{ github.repository }}/blob/${{ github.sha }}/Dockerfile
         
       - name: Build & Push ${{ github.event.repository.name }}:${{ matrix.platform}}-${{ github.ref_name }}
         if: ${{ github.ref != github.repository.default_branch }}
@@ -51,7 +53,9 @@ jobs:
           tags: ${{ env.AZURE_CONTAINER_REGISTRY }}/${{ github.event.repository.name }}:${{ matrix.platform}}-${{ github.ref_name }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          build-args: platform=linux/${{ matrix.platform}}
+          build-args: |
+            platform=linux/${{ matrix.platform}}
+            label=dockerfile-path=https://github.com/${{ github.repository }}/blob/${{ github.sha }}/Dockerfile
 
       - name: Build & Push ${{ github.event.repository.name }}:latest
         uses: docker/build-push-action@v5
@@ -62,7 +66,9 @@ jobs:
           file: 'Dockerfile'
           tags: ${{ env.AZURE_CONTAINER_REGISTRY }}/${{ github.event.repository.name }}:latest
           push: true
-          build-args: platform=linux/amd64
+          build-args: |
+            platform=linux/amd64
+            label=dockerfile-path=https://github.com/${{ github.repository }}/blob/${{ github.sha }}/Dockerfile
 
       - name: Build & Push ${{ github.event.repository.name }}:${{ matrix.platform}}-gpu
         if: ${{ github.ref == github.repository.default_branch && hashFiles('gpu.Dockerflie') != '' }}
@@ -73,4 +79,6 @@ jobs:
           tags: ${{ env.AZURE_CONTAINER_REGISTRY }}/${{ github.event.repository.name }}:${{ matrix.platform}}-gpu
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          build-args: platform=linux/${{ matrix.platform}}
+          build-args: |
+            platform=linux/${{ matrix.platform}}
+            label=dockerfile-path=https://github.com/${{ github.repository }}/blob/${{ github.sha }}/gpu.Dockerfile

.github/workflows/az_acr_release.yml

@@ -0,0 +1,51 @@
+name: 'ACR: Docker Push Release'
+
+on:
+  workflow_call:
+
+jobs:
+  az-acr-push:
+    name: "Docker: Build & Push"
+    runs-on: ubuntu-latest
+    environment: ${{ github.event_name == 'release' && 'prod' || 'dev' }}
+    env:
+      DOCKERFILE: ${{ vars.DOCKERFILE }}
+      AZURE_CONTAINER_REGISTRY: ${{ vars.AZURE_CONTAINER_REGISTRY }}
+      ACR_LOGIN_USERNAME: ${{ secrets.ACR_LOGIN_USERNAME }}
+      ACR_LOGIN_PASSWORD: ${{ secrets.ACR_LOGIN_PASSWORD }}
+      IMAGE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || 'amd64' }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3      
+      - name: Log into registry
+        uses: docker/login-action@v3
+        with:
+          registry: "${{ env.AZURE_CONTAINER_REGISTRY }}"
+          username: "${{ env.ACR_LOGIN_USERNAME }}"
+          password: "${{ env.ACR_LOGIN_PASSWORD }}"
+      
+      - name: Build & Push ${{ github.event.repository.name }}:${{ env.IMAGE_TAG }}
+        uses: docker/build-push-action@v5
+        with:
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          file: ${{ env.DOCKERFILE }}
+          tags: ${{ env.AZURE_CONTAINER_REGISTRY }}/${{ github.event.repository.name }}:${{ env.IMAGE_TAG }}
+          push: true
+          build-args: |
+            platform=linux/amd64
+            label=dockerfile-path=https://github.com/${{ github.repository }}/blob/${{ github.sha }}/${{ env.DOCKERFILE }}
+
+      - name: Build & Push ${{ github.event.repository.name }}:latest
+        uses: docker/build-push-action@v5
+        with:
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          file: ${{ env.DOCKERFILE }}
+          tags: ${{ env.AZURE_CONTAINER_REGISTRY }}/${{ github.event.repository.name }}:latest
+          push: true
+          build-args: |
+            platform=linux/amd64
+            label=dockerfile-path=https://github.com/${{ github.repository }}/blob/${{ github.sha }}/${{ env.DOCKERFILE }}

.github/workflows/gh_release.yml

@@ -0,0 +1,44 @@
+name: 'GitHub: Release'
+
+on:
+  workflow_call:
+
+# Special permissions required for OIDC authentication
+permissions:
+  id-token: write
+  contents: read
+  actions: read
+
+jobs:
+  gh-release-publish:
+    name: 'GitHub: Publish Release'
+    runs-on: ubuntu-latest
+    if: github.event_name == 'release' && success()
+    env:
+      GH_TOKEN: ${{ secrets.TOKEN_GITHUB }}
+    steps:
+      - name: Publish Release
+        run: |
+          gh release edit ${{ github.event.release.tag_name }} \
+            --prerelease=false \
+            --draft=false \
+            --latest \
+            --repo ${{ github.repository }}
+          
+          echo "::notice::Release Published"
+
+  gh-release-delete:
+    name: 'GitHub: Delete Prerelease'
+    runs-on: ubuntu-latest
+    if: github.event_name == 'release' && failure() || cancelled()
+    env:
+      GH_TOKEN: ${{ secrets.TOKEN_GITHUB }}
+    steps:
+      - name: Delete Prerelease
+        run: |
+          gh release delete ${{ github.event.release.tag_name }} \
+            --cleanup-tag \
+            --yes \
+            --repo ${{ github.repository }}
+          
+          echo "::error::Prerelease and Tag Deleted"

.github/workflows/k8s_deploy.yml

@@ -29,7 +29,7 @@ jobs:
       KUBERNETES_MANIFEST_PATH: "${{ vars.KUBERNETES_MANIFEST_PATH }}"
       AZURE_RESOURCE_GROUP: "${{ vars.AZURE_RESOURCE_GROUP }}"
       AZURE_CONTAINER_REGISTRY: "${{ vars.AZURE_CONTAINER_REGISTRY }}"
-      IMAGE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || 'amd64' }}
+      IMAGE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || 'latest' }}
     steps:
     # Checkout the repository to the GitHub Actions runner
     - name: Checkout
@@ -82,7 +82,7 @@ jobs:
       with:
          namespace: ${{ env.KUBERNETES_NAMESPACE }}
          manifests: apply.yml
-         pull-images: true
+         pull-images: false
          images: ${{ env.AZURE_CONTAINER_REGISTRY }}/${{ github.event.repository.name }}:${{ env.IMAGE_TAG }}
          strategy: canary
          action: deploy

.github/workflows/k8s_release.yml

@@ -10,86 +10,33 @@ permissions:
   actions: read
 
 jobs:
-  az-acr-push:
-    name: "Docker: Build & Push"
-    runs-on: ubuntu-latest
-    environment: ${{ github.event_name == 'release' && 'prod' || 'dev' }}
-    env:
-      DOCKERFILE: ${{ vars.DOCKERFILE }}
-      AZURE_CONTAINER_REGISTRY: ${{ vars.AZURE_CONTAINER_REGISTRY }}
-      ACR_LOGIN_USERNAME: ${{ secrets.ACR_LOGIN_USERNAME }}
-      ACR_LOGIN_PASSWORD: ${{ secrets.ACR_LOGIN_PASSWORD }}
-      IMAGE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || 'amd64' }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3      
-      - name: Log into registry
-        uses: docker/login-action@v3
-        with:
-          registry: "${{ env.AZURE_CONTAINER_REGISTRY }}"
-          username: "${{ env.ACR_LOGIN_USERNAME }}"
-          password: "${{ env.ACR_LOGIN_PASSWORD }}"
-      
-      - name: Build & Push ${{ github.event.repository.name }}:${{ env.IMAGE_TAG }}
-        uses: docker/build-push-action@v5
-        with:
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          file: ${{ env.DOCKERFILE }}
-          tags: ${{ env.AZURE_CONTAINER_REGISTRY }}/${{ github.event.repository.name }}:${{ env.IMAGE_TAG }}
-          push: true
-          build-args: platform=linux/amd64
+  call-gh-validate-release:
+    if: github.event_name == 'release'
+    uses: code-kern-ai/cicd-deployment-scripts/.github/workflows/gh_validate_release.yml@dev
+    secrets: inherit
 
-      - name: Build & Push ${{ github.event.repository.name }}:latest
-        uses: docker/build-push-action@v5
-        with:
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          file: ${{ env.DOCKERFILE }}
-          tags: ${{ env.AZURE_CONTAINER_REGISTRY }}/${{ github.event.repository.name }}:latest
-          push: true
-          build-args: platform=linux/amd64
+  call-az-acr-release:
+    uses: code-kern-ai/cicd-deployment-scripts/.github/workflows/az_acr_release.yml@dev
+    needs: [call-gh-validate-release]
+    if: always() && !failure()
+    secrets: inherit
 
-  k8-deploy:
+  call-k8-deploy:
     uses: code-kern-ai/cicd-deployment-scripts/.github/workflows/k8s_deploy.yml@dev
-    needs: [az-acr-push]
+    needs: [call-az-acr-release]
+    if: always() && !failure()
     secrets: inherit
     with:
       environment: ${{ github.event_name == 'release' && 'prod' || 'dev' }}
 
-  gh-release-publish:
-    name: 'GitHub: Publish Release'
-    runs-on: ubuntu-latest
-    needs: [k8-deploy]
-    if: github.event_name == 'release' && success()
-    env:
-      GH_TOKEN: ${{ secrets.TOKEN_GITHUB }}
-    steps:
-      - name: Publish Release
-        run: |
-          gh release edit ${{ github.event.release.tag_name }} \
-            --prerelease=false \
-            --draft=false \
-            --latest \
-            --repo ${{ github.repository }}
-          
-          echo "::notice::Release Published"
+  call-gh-release:
+    uses: code-kern-ai/cicd-deployment-scripts/.github/workflows/gh_release.yml@dev
+    needs: [call-k8-deploy]
+    if: always() && github.event_name == 'release'
+    secrets: inherit
 
-  gh-release-delete:
-    name: 'GitHub: Delete Prerelease'
-    runs-on: ubuntu-latest
-    needs: [k8-deploy]
-    if: github.event_name == 'release' && failure() || cancelled()
-    env:
-      GH_TOKEN: ${{ secrets.TOKEN_GITHUB }}
-    steps:
-      - name: Delete Prerelease
-        run: |
-          gh release delete ${{ github.event.release.tag_name }} \
-            --cleanup-tag \
-            --yes \
-            --repo ${{ github.repository }}
-          
-          echo "::error::Prerelease and Tag Deleted"
+  call-gh-delete-branch:
+    needs: [call-k8-deploy]
+    if: github.event_name == 'pull_request' && github.event.pull_request.merged == 'true' && !failure()
+    uses: code-kern-ai/cicd-deployment-scripts/.github/workflows/gh_delete_branch.yml@dev
+    secrets: inherit