From b2008e5430421913e0fb466e0edaff52823a509a Mon Sep 17 00:00:00 2001
From: Sebastian Wick <sebastian.wick@redhat.com>
Date: Tue, 8 Oct 2024 17:43:57 +0200
Subject: [PATCH] reusable workflow

---
 .github/workflows/Containerfile      |  7 ++++
 .github/workflows/build-and-test.yml | 33 +---------------
 .github/workflows/container.yml      | 46 +++++++++++++++++++++++
 .github/workflows/pages.yml          | 56 ++++++++--------------------
 .github/workflows/release.yml        | 13 ++++++-
 5 files changed, 82 insertions(+), 73 deletions(-)
 create mode 100644 .github/workflows/container.yml

diff --git a/.github/workflows/Containerfile b/.github/workflows/Containerfile
index 3c1769632..e42193255 100644
--- a/.github/workflows/Containerfile
+++ b/.github/workflows/Containerfile
@@ -40,3 +40,10 @@ RUN apt install -y --no-install-recommends \
     python3-pytest-xdist \
     python3-dbusmock \
     python3-dbus
+
+# Install doc dependencies
+RUN apt install -y --no-install-recommends \
+    python3-sphinx-copybutton \
+    python3-sphinxext-opengraph \
+    furo \
+    python3-sphinx
\ No newline at end of file
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index 8867ce93e..e1cf5ec83 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -3,43 +3,14 @@ name: Build and Test
 on: [push, pull_request]
 
 env:
-  IMAGE_TAG: 20240908-1
   TESTS_TIMEOUT: 10 # in minutes
 
 jobs:
   build-container:
-    name: Create build container
-    runs-on: ubuntu-latest
+    uses: ./.github/workflows/container.yml
     permissions:
       packages: write
 
-    outputs:
-      image: ${{ steps.check.outputs.image }}
-
-    steps:
-      - name: Login to GHCR
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ github.token }}
-
-      - name: Check if image already exists on GHCR
-        id: check
-        run: |
-          image=ghcr.io/${{ github.repository_owner }}/xdg-desktop-portal-build:${{ env.IMAGE_TAG }}
-          echo "exists=$(docker manifest inspect $image >/dev/null && echo 'true' || echo 'false')" \
-            >> "$GITHUB_OUTPUT"
-          echo "image=$image" >> "$GITHUB_OUTPUT"
-
-      - name: Build and push
-        if: ${{ steps.check.outputs.exists == 'false' }}
-        uses: docker/build-push-action@v5
-        with:
-          push: true
-          file: .github/workflows/Containerfile
-          tags: ghcr.io/${{ github.repository_owner }}/xdg-desktop-portal-build:${{ env.IMAGE_TAG }}
-
   build-and-test:
     name: Build and Test
     runs-on: ubuntu-latest
@@ -56,7 +27,7 @@ jobs:
         CC: ${{ matrix.compiler }}
         TEST_IN_CI: 1
         G_MESSAGES_DEBUG: all
-      options: --device /dev/fuse --cap-add SYS_ADMIN --security-opt apparmor:unconfined --privileged
+      options: ${{ needs.build-container.outputs.image_options }}
 
     steps:
       - name: Configure environment
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
new file mode 100644
index 000000000..7a0365903
--- /dev/null
+++ b/.github/workflows/container.yml
@@ -0,0 +1,46 @@
+name: Create build container
+
+env:
+  IMAGE_TAG: 20240908-2
+
+on:
+  workflow_call:
+    outputs:
+      image:
+        description: "The build image"
+        value: ${{ jobs.build-container.outputs.image }}
+      image_options:
+        description: "The options to use with the image"
+        value: --device /dev/fuse --cap-add SYS_ADMIN --security-opt apparmor:unconfined --privileged
+
+jobs:
+  build-container:
+    name: Create build container
+    runs-on: ubuntu-latest
+
+    outputs:
+      image: ${{ steps.check.outputs.image }}
+
+    steps:
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
+      - name: Check if image already exists on GHCR
+        id: check
+        run: |
+          image=ghcr.io/${{ github.repository_owner }}/xdg-desktop-portal-build:${{ env.IMAGE_TAG }}
+          echo "exists=$(docker manifest inspect $image >/dev/null && echo 'true' || echo 'false')" \
+            >> "$GITHUB_OUTPUT"
+          echo "image=$image" >> "$GITHUB_OUTPUT"
+
+      - name: Build and push
+        if: ${{ steps.check.outputs.exists == 'false' }}
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          file: .github/workflows/Containerfile
+          tags: ghcr.io/${{ github.repository_owner }}/xdg-desktop-portal-build:${{ env.IMAGE_TAG }}
\ No newline at end of file
diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml
index 31c1c2140..26c561909 100644
--- a/.github/workflows/pages.yml
+++ b/.github/workflows/pages.yml
@@ -12,47 +12,22 @@ concurrency:
   cancel-in-progress: false
 
 jobs:
+  build-container:
+    uses: ./.github/workflows/container.yml
+    permissions:
+      packages: write
+
   build:
-    runs-on: ubuntu-20.04
-    container:
-      image: fedora:latest
-    steps:
-      - name: Install dependencies
-        run: |
-          dnf install -y \
-            desktop-file-utils \
-            flatpak-devel \
-            fontconfig-devel \
-            fuse3 \
-            fuse3-devel \
-            gcc \
-            gdk-pixbuf2-devel \
-            geoclue2-devel \
-            gettext \
-            glib2-devel \
-            gnome-desktop-testing \
-            gtk-doc \
-            json-glib-devel \
-            libcap \
-            libcap-devel \
-            libportal-devel \
-            llvm \
-            meson \
-            pipewire-devel \
-            python3-gobject \
-            shared-mime-info \
-            systemd-devel
+    runs-on: ubuntu-latest
+    needs: build-container
+    permissions:
+      contents: write
 
-      - name: Install dependencies for doc builds
-        run: |
-          dnf install -y \
-            ca-certificates \
-            git \
-            python-sphinx-copybutton \
-            python-sphinxext-opengraph \
-            python3-furo \
-            python3-sphinx
+    container:
+      image: ${{ needs.build-container.outputs.image }}
+      options: ${{ needs.build-container.outputs.image_options }}
 
+    steps:
       - name: Check out xdg-desktop-portal
         uses: actions/checkout@v4
 
@@ -77,12 +52,13 @@ jobs:
 
   # Deployment job
   deploy:
+    runs-on: ubuntu-latest
+    needs: build
     environment:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}
-    runs-on: ubuntu-latest
-    needs: build
     if: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') }}
+
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2b574fbed..b946256b0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,13 +12,22 @@ on:
         default: true
 
 jobs:
+  build-container:
+    uses: ./.github/workflows/container.yml
+    permissions:
+      packages: write
+
   release:
     name: Build and publish a release
     runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/${{ github.repository_owner }}/xdg-desktop-portal-build:latest
+    needs: build-container
     permissions:
       contents: write
+
+    container:
+      image: ${{ needs.build-container.outputs.image }}
+      options: ${{ needs.build-container.outputs.image_options }}
+
     steps:
       - name: Configure git user
         run: |