aws-solutions-library-samples · RanbirAulakh · Oct 18, 2023 · Oct 13, 2023 · Oct 13, 2023 · Oct 18, 2023
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -1,21 +1,14 @@
 name: Build Docker Container
 
 on:
-  push:
-    branches: [ "main" ]
-  pull_request:
-    branches: [ "main" ]
+  workflow_call:
 
 jobs:
-
   build:
-
     runs-on: ubuntu-latest
-
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         lfs: 'true'
-        ssh-key: ${{ secrets.git_ssh_key }}
     - name: Build the Docker image
       run: docker build . --file Dockerfile --tag osml-model-runner:$(date +%s)
diff --git a/.github/workflows/docker-publish-dockerhub.yml b/.github/workflows/docker-publish-dockerhub.yml
@@ -1,43 +1,33 @@
-name: Publish DockerHub Container
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
+name: Publish OSML Model Runner DockerHub Container
 
-# GitHub recommends pinning actions to a commit SHA.
-# To get a newer version, you will need to update the SHA.
-# You can also reference a tag or branch, but the action may change without warning.
-
-# Configures this workflow to run every time a change is pushed to the branch called `main`.
 on:
-  push:
-    branches: ['main']
+  workflow_call:
+
+env:
+  REGISTRY: awsosml
+  IMAGE_NAME: ${{ github.repository }}
 
 jobs:
   push_to_registry:
     name: Push Docker image to Docker Hub
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           lfs: 'true'
-          ssh-key: ${{ secrets.git_ssh_key }}
-
       - name: Log in to Docker Hub
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        uses: docker/metadata-action@v5
         with:
-          images: awsosml/osml-model-runner
-
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
       - name: Publish Container to Dockerhub
-        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+        uses: docker/build-push-action@v5
         with:
           context: .
           file: ./Dockerfile

diff --git a/.github/workflows/docker-publish-github.yml b/.github/workflows/docker-publish-github.yml
@@ -1,45 +1,36 @@
-name: Publish GitHub Container
+name: Publish OSML Model Runner GitHub Container
 
-# Configures this workflow to run every time a change is pushed to the branch called `main`.
 on:
-  push:
-    branches: ['main']
+  workflow_call:
 
-# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
 
-# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
 jobs:
   build-and-push-image:
     runs-on: ubuntu-latest
-    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
     permissions:
       contents: read
       packages: write
-      #
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
-      # Uses the `docker/login-action` action to log in to the Container registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+        uses: actions/checkout@v4
+        with:
+          lfs: 'true'
       - name: Log in to the Container registry
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
-      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
-      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
       - name: Push to Github
-        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: true

diff --git a/.github/workflows/documentation.yaml → .github/workflows/documentation-publish.yml b/.github/workflows/documentation.yaml → .github/workflows/documentation-publish.yml
@@ -1,12 +1,17 @@
-name: Docs
-on: [push, pull_request, workflow_dispatch]
+name: Generate and Publish Documentation for OSML Model Runner
+
+on:
+  workflow_call:
+
 permissions:
     contents: write
+
 jobs:
   docs:
+    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-python@v3
       - name: Install dependencies
         run: |
@@ -19,7 +24,6 @@ jobs:
           tox -e docs
       - name: Deploy
         uses: peaceiris/[email protected]
-        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
         with:
           publish_branch: gh-pages
           github_token: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.github/workflows/osml-model-runner-build.yml b/.github/workflows/osml-model-runner-build.yml
@@ -0,0 +1,13 @@
+name: "OSML Model Runner Build Workflow"
+
+on:
+  pull_request:
+    branches: ["main", "dev"]
+
+jobs:
+  Build_Validate_Tox:
+    uses: ./.github/workflows/python-tox.yml
+    secrets: inherit
+  Build_Docker_Container:
+    uses: ./.github/workflows/docker-build.yml
+    secrets: inherit
diff --git a/.github/workflows/osml-model-runner-publish.yml b/.github/workflows/osml-model-runner-publish.yml
@@ -0,0 +1,29 @@
+name: "OSML Model Runner Build and Publish Workflow"
+
+on:
+  push:
+    branches: ["main", "dev"]
+
+jobs:
+  Build_Validate_Tox:
+    uses: ./.github/workflows/python-tox.yml
+    secrets: inherit
+  Build_Docker_Container:
+    uses: ./.github/workflows/docker-build.yml
+    secrets: inherit
+  Publish_Python:
+    needs: [Build_Validate_Tox, Build_Docker_Container]
+    uses: ./.github/workflows/python-publish.yml
+    secrets: inherit
+  Publish_Docker_Github:
+    needs: [Build_Validate_Tox, Build_Docker_Container]
+    uses: ./.github/workflows/docker-publish-dockerhub.yml
+    secrets: inherit
+  Publish_Docker_Dockerhub:
+    needs: [Build_Validate_Tox, Build_Docker_Container]
+    uses: ./.github/workflows/docker-publish-github.yml
+    secrets: inherit
+  Publish_Documentation:
+    needs: [Publish_Python, Publish_Docker_Github, Publish_Docker_Dockerhub]
+    uses: ./.github/workflows/documentation-publish.yml
+    secrets: inherit
diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
@@ -1,14 +1,10 @@
 # This workflow will upload a Python Package using Twine when a release is created
 # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries
 
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
 name: Publish Python Package
 
 on:
+  workflow_call:
   release:
     types: [published]
 
@@ -17,11 +13,10 @@ permissions:
 
 jobs:
   deploy:
-
+    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
     runs-on: ubuntu-latest
-
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Python
       uses: actions/setup-python@v3
       with:
@@ -33,7 +28,7 @@ jobs:
     - name: Build package
       run: python -m build
     - name: Publish package
-      uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
+      uses: pypa/gh-action-pypi-publish@v1.8.10
       with:
         user: __token__
         password: ${{ secrets.PYPI_API_TOKEN }}
diff --git a/.github/workflows/python-tox.yml b/.github/workflows/python-tox.yml
@@ -1,27 +1,18 @@
-# This workflow will install Python dependencies, run tests and lint with a single version of Python
-# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
-
 name: Build/Validation with Tox
 
 on:
-  push:
-    branches: [ "main", "dev" ]
-  pull_request:
-    branches: [ "main", "dev" ]
+  workflow_call:
 
 permissions:
   contents: read
 
 jobs:
   build:
-
     runs-on: ubuntu-latest
-
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         lfs: 'true'
-        ssh-key: ${{ secrets.git_ssh_key }}
     - name: Set up Python 3.10
       uses: actions/setup-python@v3
       with: