workflows: split things into different workflows

author: Egor Tensin <egor@tensin.name> 2025-09-09 14:38:04 +0200
committer: Egor Tensin <egor@tensin.name> 2025-09-09 14:44:12 +0200
commit: 34b109bd747c7b9d30c9f78e8f0bf70ce9de10b9 (patch)
tree: eada6d237e3c4881b0cc1dd5c6d04a35c45b916f
parent: workflows: add infra job (diff)
download: maintenance-34b109bd747c7b9d30c9f78e8f0bf70ce9de10b9.tar.gz
maintenance-34b109bd747c7b9d30c9f78e8f0bf70ce9de10b9.zip
3 files changed, 77 insertions, 56 deletions
diff --git a/.github/workflows/infra.yml b/.github/workflows/infra.yml
new file mode 100644
index 0000000..cb029d9
--- /dev/null
+++ b/.github/workflows/infra.yml
@@ -0,0 +1,37 @@
+name: infra
+
+on:
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+  maintenance:
+    runs-on: ubuntu-latest
+    env:
+      AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}'
+      AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}'
+      DIGITALOCEAN_TOKEN: '${{ secrets.DIGITALOCEAN_TOKEN }}'
+      YC_SERVICE_ACCOUNT_KEY_FILE: '${{ secrets.YC_SERVICE_ACCOUNT_KEY_FILE }}'
+    steps:
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+      - name: Add SSH key
+        run: |
+          mkdir -p ~/.ssh
+          cat > ~/.ssh/config <<'EOF'
+          StrictHostKeyChecking no
+          EOF
+          cat > ~/.ssh/id_ed25519 <<'EOF'
+          ${{ secrets.SSH_KEY }}
+          EOF
+          chmod 0600 ~/.ssh/id_ed25519
+      - name: Checkout
+        run: |
+          git clone -q ssh://git@bitbucket.org/egor-tensin/infra.git
+      - name: Configure git
+        run: |
+          git config --global user.name 'Egor Tensin'
+          git config --global user.email 'egor@tensin.name'
+      - name: Run maintenance
+        run: |
+          make -C infra maintenance
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index ecf0fa5..c53bb8f 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -5,62 +5,11 @@ on:
   - workflow_dispatch
 
 jobs:
+
   infra:
-    runs-on: ubuntu-latest
-    env:
-      AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}'
-      AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}'
-      DIGITALOCEAN_TOKEN: '${{ secrets.DIGITALOCEAN_TOKEN }}'
-      YC_SERVICE_ACCOUNT_KEY_FILE: '${{ secrets.YC_SERVICE_ACCOUNT_KEY_FILE }}'
-    steps:
-      - name: Set up Terraform
-        uses: hashicorp/setup-terraform@v3
-      - name: Add SSH key
-        run: |
-          mkdir -p ~/.ssh
-          cat > ~/.ssh/config <<'EOF'
-          StrictHostKeyChecking no
-          EOF
-          cat > ~/.ssh/id_ed25519 <<'EOF'
-          ${{ secrets.SSH_KEY }}
-          EOF
-          chmod 0600 ~/.ssh/id_ed25519
-      - name: Checkout
-        run: |
-          git clone -q ssh://git@bitbucket.org/egor-tensin/infra.git
-      - name: Configure git
-        run: |
-          git config --global user.name 'Egor Tensin'
-          git config --global user.email 'egor@tensin.name'
-      - name: Run maintenance
-        run: |
-          make -C infra maintenance
+    secrets: inherit
+    uses: ./.github/workflows/infra.yml
 
   yandex-cloud-cli-bin:
-    runs-on: ubuntu-latest
-    container:
-      image: archlinux:base-devel
-    steps:
-      - name: Install dependencies
-        run: |
-          pacman -Sy --noconfirm git openssh
-      - name: Add SSH key
-        run: |
-          mkdir -p /root/.ssh/
-          cat > /root/.ssh/config <<'EOF'
-          StrictHostKeyChecking no
-          EOF
-          cat > /root/.ssh/id_ed25519 <<'EOF'
-          ${{ secrets.SSH_KEY }}
-          EOF
-          chmod 0600 /root/.ssh/id_ed25519
-      - name: Checkout
-        run: |
-          git clone -q ssh://aur@aur.archlinux.org/yandex-cloud-cli-bin.git
-          chmod -R o+w yandex-cloud-cli-bin
-      - name: Run maintenance
-        run: |
-          git config --system --add safe.directory "$( pwd )/yandex-cloud-cli-bin"
-          # Stupid makepkg hard forbids running as root, which is stupid, which
-          # is why I'm doing all of that stupidity here and above.
-          runuser -u nobody -- make -C yandex-cloud-cli-bin maintenance
+    secrets: inherit
+    uses: ./.github/workflows/yandex-cloud-cli-bin.yml
diff --git a/.github/workflows/yandex-cloud-cli-bin.yml b/.github/workflows/yandex-cloud-cli-bin.yml
new file mode 100644
index 0000000..1bfd844
--- /dev/null
+++ b/.github/workflows/yandex-cloud-cli-bin.yml
@@ -0,0 +1,35 @@
+name: yandex-cloud-cli-bin
+
+on:
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+  maintenance:
+    runs-on: ubuntu-latest
+    container:
+      image: archlinux:base-devel
+    steps:
+      - name: Install dependencies
+        run: |
+          pacman -Sy --noconfirm git openssh
+      - name: Add SSH key
+        run: |
+          mkdir -p /root/.ssh/
+          cat > /root/.ssh/config <<'EOF'
+          StrictHostKeyChecking no
+          EOF
+          cat > /root/.ssh/id_ed25519 <<'EOF'
+          ${{ secrets.SSH_KEY }}
+          EOF
+          chmod 0600 /root/.ssh/id_ed25519
+      - name: Checkout
+        run: |
+          git clone -q ssh://aur@aur.archlinux.org/yandex-cloud-cli-bin.git
+          chmod -R o+w yandex-cloud-cli-bin
+      - name: Run maintenance
+        run: |
+          git config --system --add safe.directory "$( pwd )/yandex-cloud-cli-bin"
+          # Stupid makepkg hard forbids running as root, which is stupid, which
+          # is why I'm doing all of that stupidity here and above.
+          runuser -u nobody -- make -C yandex-cloud-cli-bin maintenance
author	Egor Tensin <egor@tensin.name>	2025-09-09 14:38:04 +0200
committer	Egor Tensin <egor@tensin.name>	2025-09-09 14:44:12 +0200
commit	34b109bd747c7b9d30c9f78e8f0bf70ce9de10b9 (patch)
tree	eada6d237e3c4881b0cc1dd5c6d04a35c45b916f
parent	workflows: add infra job (diff)
download	maintenance-34b109bd747c7b9d30c9f78e8f0bf70ce9de10b9.tar.gz maintenance-34b109bd747c7b9d30c9f78e8f0bf70ce9de10b9.zip