temporalio · jlegrone · Aug 26, 2025 · Aug 26, 2025 · Aug 26, 2025 · Aug 26, 2025
@@ -0,0 +1,11 @@
+name: 'Docker Hub Login'
+description: 'Login to Docker Hub registry'
+runs:
+  using: 'composite'
+  steps:
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        registry: docker.io
+        username: ${{ env.DOCKER_USERNAME }}
+        password: ${{ env.DOCKER_PAT }}
@@ -0,0 +1,16 @@
+name: 'Generate GitHub App Token'
+description: 'Generate GitHub App token for CI/CD operations'
+outputs:
+  token:
+    description: 'Generated GitHub App token'
+    value: ${{ steps.generate_token.outputs.token }}
+runs:
+  using: 'composite'
+  steps:
+    - name: Generate token
+      id: generate_token
+      uses: actions/create-github-app-token@v1
+      with:
+        app-id: ${{ env.TEMPORAL_CICD_APP_ID }}
+        private-key: ${{ env.TEMPORAL_CICD_PRIVATE_KEY }}
+        owner: ${{ github.repository_owner }}
@@ -0,0 +1,34 @@
+name: 'Setup Go Environment'
+description: 'Sets up Go with optional caching, checkout, and dependency download'
+inputs:
+  fetch-depth:
+    description: 'Depth of git fetch (0 for full history, default: 1)'
+    required: false
+    default: '1'
+  cache:
+    description: 'Enable Go module caching'
+    required: false
+    default: 'true'
+  download-deps:
+    description: 'Download Go module dependencies'
+    required: false
+    default: 'true'
+runs:
+  using: 'composite'
+  steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: ${{ inputs.fetch-depth }}
+
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version-file: 'go.mod'
+        check-latest: true
+        cache: ${{ inputs.cache }}
+
+    - name: Download dependencies
+      if: inputs.download-deps == 'true'
+      run: go mod download
+      shell: bash
@@ -17,18 +17,17 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-      - name: Generate token
-        id: generate_token
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }}
-          private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }}
-          owner: ${{ github.repository_owner }}
+      - name: Generate GitHub App token
+        id: token
+        uses: ./.github/actions/github-token
+        env:
+          TEMPORAL_CICD_APP_ID: ${{ secrets.TEMPORAL_CICD_APP_ID }}
+          TEMPORAL_CICD_PRIVATE_KEY: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }}
 
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          token: ${{ steps.generate_token.outputs.token }}
+          token: ${{ steps.token.outputs.token }}
           fetch-depth: 0
 
       - name: Configure Git
@@ -37,9 +36,9 @@ jobs:
           git config user.email "[email protected]"
 
       - name: Install Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v4
         with:
-          version: v3.12.0
+          version: v3.14.3
 
       - name: Bump Chart Version
         id: bump_version
@@ -81,11 +80,10 @@ jobs:
           git push
 
       - name: Login to Docker Hub
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
-        with:
-          registry: docker.io
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PAT}}
+        uses: ./.github/actions/docker-login
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PAT: ${{ secrets.DOCKER_PAT }}
 
       - name: Package and Push Helm chart
         run: |

@@ -1,83 +1,77 @@
-name: linters
+name: Lint
+
 on:
   pull_request:
+
 permissions:
   contents: read
+
 jobs:
   lint-actions:
+    name: Actions
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - uses: actions/setup-go@v5
-        with:
-          go-version-file: 'go.mod'
-          check-latest: true
+    - name: Setup environment
+      uses: ./.github/actions/setup-go
+      with:
+        fetch-depth: '0'
+        download-deps: 'false'
+
+    - name: Setup actionlint
+      run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
+      shell: bash
 
-      - name: lint actions
-        run: |
-          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
-          make lint-actions
-        shell: bash
+    - name: Run Actions linter
+      run: make lint-actions
 
   fmt-imports:
+    name: Format Imports
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
+    - name: Setup environment
+      uses: ./.github/actions/setup-go
+      with:
+        fetch-depth: '0'
+        download-deps: 'false'
 
-      - uses: actions/setup-go@v5
-        with:
-          go-version-file: 'go.mod'
-          check-latest: true
+    - name: Run import formatter
+      run: make fmt-imports
 
-      - name: format golang import statements
-        run: |
-          make fmt-imports
+    - name: Check for uncommitted changes
+      run: |
+        if [[ -n $(git status --porcelain) ]]; then
+          echo "Detected uncommitted changes after Format Imports."
+          git status
+          git diff
+          exit 1
+        fi
 
-      - name: check-is-dirty
-        run: |
-          if [[ -n $(git status --porcelain) ]]; then
-            echo "Detected uncommitted changes."
-            git status
-            git diff
-            exit 1
-          fi
-
-  golangci:
+  lint-code:
+    name: GolangCI
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
+    - name: Setup environment
+      uses: ./.github/actions/setup-go
+      with:
+        fetch-depth: '0'
+        download-deps: 'false'
 
-      - uses: actions/setup-go@v5
-        with:
-          go-version-file: 'go.mod'
-          check-latest: true
-
-      - name: lint code
-        run: |
-          make GOLANGCI_LINT_FIX=false GOLANGCI_LINT_BASE_REV=HEAD~ lint-code
+    - name: Run code linter
+      run: make GOLANGCI_LINT_FIX=false GOLANGCI_LINT_BASE_REV=HEAD~ lint-code
 
-      - name: check-is-dirty
-        run: |
-          if [[ -n $(git status --porcelain) ]]; then
-            echo "Detected uncommitted changes."
-            git status
-            git diff
-            exit 1
-          fi
+    - name: Check for uncommitted changes
+      run: |
+        if [[ -n $(git status --porcelain) ]]; then
+          echo "Detected uncommitted changes after GolangCI."
+          git status
+          git diff
+          exit 1
+        fi
 
+  # Keep the final success check job as-is since it's needed for branch protection
   linters-succeed:
     name: All Linters Succeed
-    needs:
-      - lint-actions
-      - fmt-imports
-      - golangci
+    needs: [lint-actions, fmt-imports, lint-code]
     runs-on: ubuntu-latest
     if: always()
     env:

@@ -14,31 +14,24 @@ jobs:
   publish-main-image:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
+      - name: Setup Go environment
+        uses: ./.github/actions/setup-go
         with:
-          fetch-depth: 0
-
-      - name: Set up Go
-        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-        with:
-          go-version-file: "go.mod"
-          check-latest: true
+          fetch-depth: '0'
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to Docker Hub
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
-        with:
-          registry: docker.io
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PAT}}
+        uses: ./.github/actions/docker-login
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PAT: ${{ secrets.DOCKER_PAT }}
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0
+        uses: goreleaser/goreleaser-action@v6
         with:
-          version: v2.11.2
+          version: latest
           args: release --config .goreleaser.main.yml --snapshot --clean
 
       - name: Push snapshot images