gmetribin/build-tools
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
build-tools/fab/changes/260406-vhk4-migrate-workflows-github-actions/intake.md
Amit Rajput be25d56aab ci: migrate workflows from Gitea to GitHub Actions 
Archive non-GCP workflows, rename GCP variants to drop -gcp suffix,
replace Gitea-hosted aws-cli-action with aws-actions/configure-aws-credentials@v4.
2026-04-06 17:45:07 +05:30

4.9 KiB
Raw Blame History

Intake: Migrate Workflows to GitHub Actions

Change: 260406-vhk4-migrate-workflows-github-actions Created: 2026-04-06 Status: Draft

Origin

Migrate the GitHub workflows ending with *-gcp to be compatible with GitHub Actions. Currently used inside a self-hosted Gitea instance. Once migrated, the repo moves to GitHub directly.

Conversational mode — extensive discussion preceded this intake. User confirmed all key decisions (see Assumptions).

Why

The build-tools repo currently lives on a self-hosted Gitea instance. The organization is moving it to GitHub. The *-gcp workflow variants already use GitHub-compatible actions (google-github-actions/auth@v2, actions/checkout@v4, etc.) but one workflow (push-s3-gcp.yml) references a Gitea-hosted action (https://git.gmetri.io/gmetribin/aws-cli-action@v1.0.0) that GitHub Actions cannot resolve. The non-GCP workflows use Gitea-specific registry credentials (docker_repo2_*) that won't be needed on GitHub.

Without this change, the repo cannot be moved to GitHub — workflows would fail on first run.

What Changes

1. Archive non-GCP workflows

Move these 4 files to .github/workflows/archive/:

  • base-build-image.yml
  • dispatch-container-base.yml
  • push-container.yml
  • push-s3.yml

2. Rename GCP workflows (drop -gcp suffix)

  • base-build-image-gcp.ymlbase-build-image.yml
  • dispatch-container-base-gcp.ymldispatch-container-base.yml
  • push-container-gcp.ymlpush-container.yml
  • push-s3-gcp.ymlpush-s3.yml

3. Fix push-s3.yml (formerly push-s3-gcp.yml)

Replace the Gitea-hosted aws-cli-action with the pattern from dg2n-core:

# Replace this:
- name: Upload cloud files
  uses: https://git.gmetri.io/gmetribin/aws-cli-action@v1.0.0
  env:
    AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key_id }}
    ...
  with:
    args: >
      s3 cp ...

# With this:
- name: Configure AWS credentials
  uses: aws-actions/configure-aws-credentials@v4
  with:
    aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
    aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    aws-region: ${{ vars.AWS_DEFAULT_REGION }}

- name: Upload cloud files
  run: |
    aws s3 cp \
      --recursive \
      --cache-control max-age=31536000 \
      --storage-class STANDARD_IA \
      cloud/ s3://${{ vars.AWS_UPLOAD_BUCKET }}/${{ env.REPO_SHORT_NAME }}/${{ steps.get-id.outputs.BUILD_ID }}

Also uppercase the AWS secret/var names to match dg2n-core convention: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION, AWS_UPLOAD_BUCKET.

4. No changes to other workflows

These 5 workflows remain untouched — they already use standard GitHub Actions:

  • pr-lint-and-check.yml
  • push-code-test.yml
  • push-code-scan.yml
  • push-npm.yml
  • push-npm-from-container.yml

Affected Memory

  • None — no spec-level behavior changes requiring memory updates.

Impact

  • .github/workflows/ — 4 files archived, 4 files renamed, 1 file content-modified
  • All consuming repos that call these reusable workflows will need to update their uses: references to drop the -gcp suffix
  • GCP auth pattern (secrets/vars) stays identical — no infra changes needed
  • Grype scanning stays disabled (commented out) in all GCP workflows

Open Questions

  • None — all questions resolved in discussion.

Assumptions

# Grade Decision Rationale Scores
1 Certain Non-GCP workflows archived, not deleted Discussed — user explicitly said "put them in an archive folder" S:95 R:90 A:95 D:90
2 Certain GCP workflows renamed to drop -gcp suffix Discussed — user confirmed "yes lets remove gcp suffix" S:95 R:85 A:90 D:85
3 Certain Grype scanning stays disabled Discussed — user said "dont enable grype scanning" S:95 R:90 A:95 D:95
4 Certain Use aws-actions/configure-aws-credentials@v4 + inline aws s3 cp instead of custom action Discussed — follows dg2n-core pattern, user pointed to that repo as reference S:95 R:90 A:90 D:85
5 Certain AWS secret/var names uppercased to match dg2n-core convention Discussed — user said dg2n-core has correct env vars/secrets config S:90 R:85 A:90 D:85
6 Certain Use GitHub-hosted ubuntu-22.04 runners Discussed — user confirmed standard GitHub runners, was using self-hosted on Gitea S:95 R:90 A:95 D:90
7 Certain push-s3-gcp.yml hybrid (GCP Docker + AWS S3) stays as-is Discussed — user confirmed "yes" S:90 R:85 A:90 D:90
8 Confident Other 5 workflows need no changes Discussed — user confirmed "yes rest remain untouched", though npm workflows have gmetri email which user said is fine to keep S:85 R:80 A:85 D:80
9 Confident Archive folder is .github/workflows/archive/ Reasonable default — user said "archive folder" without specifying exact path S:80 R:75 A:85 D:80

9 assumptions (7 certain, 2 confident, 0 tentative, 0 unresolved).