gmetribin/build-tools
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
build-tools/fab/changes/260406-vhk4-migrate-workflows-github-actions/intake.md
Amit Rajput be25d56aab ci: migrate workflows from Gitea to GitHub Actions 
Archive non-GCP workflows, rename GCP variants to drop -gcp suffix,
replace Gitea-hosted aws-cli-action with aws-actions/configure-aws-credentials@v4.
2026-04-06 17:45:07 +05:30

109 lines
4.9 KiB
Markdown
Raw Blame History

# Intake: Migrate Workflows to GitHub Actions
**Change**: 260406-vhk4-migrate-workflows-github-actions
**Created**: 2026-04-06
**Status**: Draft
## Origin
> Migrate the GitHub workflows ending with *-gcp to be compatible with GitHub Actions. Currently used inside a self-hosted Gitea instance. Once migrated, the repo moves to GitHub directly.
Conversational mode — extensive discussion preceded this intake. User confirmed all key decisions (see Assumptions).
## Why
The build-tools repo currently lives on a self-hosted Gitea instance. The organization is moving it to GitHub. The `*-gcp` workflow variants already use GitHub-compatible actions (`google-github-actions/auth@v2`, `actions/checkout@v4`, etc.) but one workflow (`push-s3-gcp.yml`) references a Gitea-hosted action (`https://git.gmetri.io/gmetribin/aws-cli-action@v1.0.0`) that GitHub Actions cannot resolve. The non-GCP workflows use Gitea-specific registry credentials (`docker_repo2_*`) that won't be needed on GitHub.
Without this change, the repo cannot be moved to GitHub — workflows would fail on first run.
## What Changes
### 1. Archive non-GCP workflows
Move these 4 files to `.github/workflows/archive/`:
- `base-build-image.yml`
- `dispatch-container-base.yml`
- `push-container.yml`
- `push-s3.yml`
### 2. Rename GCP workflows (drop `-gcp` suffix)
- `base-build-image-gcp.yml``base-build-image.yml`
- `dispatch-container-base-gcp.yml``dispatch-container-base.yml`
- `push-container-gcp.yml``push-container.yml`
- `push-s3-gcp.yml``push-s3.yml`
### 3. Fix `push-s3.yml` (formerly `push-s3-gcp.yml`)
Replace the Gitea-hosted `aws-cli-action` with the pattern from `dg2n-core`:
```yaml
# Replace this:
- name: Upload cloud files
uses: https://git.gmetri.io/gmetribin/aws-cli-action@v1.0.0
env:
AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key_id }}
...
with:
args: >
s3 cp ...
# With this:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ vars.AWS_DEFAULT_REGION }}
- name: Upload cloud files
run: |
aws s3 cp \
--recursive \
--cache-control max-age=31536000 \
--storage-class STANDARD_IA \
cloud/ s3://${{ vars.AWS_UPLOAD_BUCKET }}/${{ env.REPO_SHORT_NAME }}/${{ steps.get-id.outputs.BUILD_ID }}
```
Also uppercase the AWS secret/var names to match dg2n-core convention: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_DEFAULT_REGION`, `AWS_UPLOAD_BUCKET`.
### 4. No changes to other workflows
These 5 workflows remain untouched — they already use standard GitHub Actions:
- `pr-lint-and-check.yml`
- `push-code-test.yml`
- `push-code-scan.yml`
- `push-npm.yml`
- `push-npm-from-container.yml`
## Affected Memory
- None — no spec-level behavior changes requiring memory updates.
## Impact
- `.github/workflows/` — 4 files archived, 4 files renamed, 1 file content-modified
- All consuming repos that call these reusable workflows will need to update their `uses:` references to drop the `-gcp` suffix
- GCP auth pattern (secrets/vars) stays identical — no infra changes needed
- Grype scanning stays disabled (commented out) in all GCP workflows
## Open Questions
- None — all questions resolved in discussion.
## Assumptions
| # | Grade | Decision | Rationale | Scores |
|---|-------|----------|-----------|--------|
| 1 | Certain | Non-GCP workflows archived, not deleted | Discussed — user explicitly said "put them in an archive folder" | S:95 R:90 A:95 D:90 |
| 2 | Certain | GCP workflows renamed to drop `-gcp` suffix | Discussed — user confirmed "yes lets remove gcp suffix" | S:95 R:85 A:90 D:85 |
| 3 | Certain | Grype scanning stays disabled | Discussed — user said "dont enable grype scanning" | S:95 R:90 A:95 D:95 |
| 4 | Certain | Use `aws-actions/configure-aws-credentials@v4` + inline `aws s3 cp` instead of custom action | Discussed — follows dg2n-core pattern, user pointed to that repo as reference | S:95 R:90 A:90 D:85 |
| 5 | Certain | AWS secret/var names uppercased to match dg2n-core convention | Discussed — user said dg2n-core has correct env vars/secrets config | S:90 R:85 A:90 D:85 |
| 6 | Certain | Use GitHub-hosted `ubuntu-22.04` runners | Discussed — user confirmed standard GitHub runners, was using self-hosted on Gitea | S:95 R:90 A:95 D:90 |
| 7 | Certain | `push-s3-gcp.yml` hybrid (GCP Docker + AWS S3) stays as-is | Discussed — user confirmed "yes" | S:90 R:85 A:90 D:90 |
| 8 | Confident | Other 5 workflows need no changes | Discussed — user confirmed "yes rest remain untouched", though npm workflows have gmetri email which user said is fine to keep | S:85 R:80 A:85 D:80 |
| 9 | Confident | Archive folder is `.github/workflows/archive/` | Reasonable default — user said "archive folder" without specifying exact path | S:80 R:75 A:85 D:80 |
9 assumptions (7 certain, 2 confident, 0 tentative, 0 unresolved).
Reference in New Issue View Git Blame Copy Permalink