Skip to content

[P1] Standardize CI/CD workflows across repos #5

New issue
New issue
Open
Open
[P1] Standardize CI/CD workflows across repos#5
Labels
enhancementNew feature or request
@wonderwomancode

Description

@wonderwomancode
wonderwomancode
opened on Dec 18, 2025

Problem

Each repo has different CI/CD patterns. Inconsistent testing, building, and deployment approaches make maintenance difficult.

Acceptance Criteria

  • Reusable workflow templates in .github org repo
  • All repos use shared workflows where possible
  • Consistent job naming across repos
  • Standardized secret names
  • Documentation for workflow customization

Current State Audit

Repo Test Build Deploy Issues
service-cloud-api vitest ✓ Docker ✓ Akash manual Push-triggered deploy ❌
service-auth vitest ✓ Docker ✓ Akash manual -
infrastructure-proxy None ❌ Docker ✓ Akash hybrid -
package-cloud-cli vitest ✓ npm ✓ npm publish -
package-cloud-sdk vitest ✓ npm ✓ npm publish -
web-docs None Astro ✓ Vercel/IPFS -

Proposed Reusable Workflows

1. Docker Build & Push

File: .github/workflows/docker-build.yml

name: Docker Build

on:
  workflow_call:
    inputs:
      image_name:
        required: true
        type: string
      dockerfile:
        required: false
        default: 'Dockerfile'
        type: string
      context:
        required: false
        default: '.'
        type: string

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
      - uses: actions/checkout@v4
      
      - uses: docker/setup-buildx-action@v3
      
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
          
      - uses: docker/build-push-action@v5
        with:
          context: ${{ inputs.context }}
          file: ${{ inputs.dockerfile }}
          push: true
          tags: |
            ghcr.io/${{ github.repository }}/${{ inputs.image_name }}:${{ github.sha }}
            ghcr.io/${{ github.repository }}/${{ inputs.image_name }}:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max

2. Akash Manifest Update

File: .github/workflows/akash-manifest.yml

name: Akash Manifest Update

on:
  workflow_call:
    inputs:
      dseq:
        required: true
        type: string
      provider:
        required: true
        type: string
      sdl_file:
        required: false
        default: 'deploy.yaml'
        type: string
    secrets:
      AKASH_MNEMONIC:
        required: true

jobs:
  update:
    runs-on: ubuntu-latest
    environment: production
    steps:
      - uses: actions/checkout@v4
      
      - name: Setup Akash CLI
        run: |
          curl -sSL https://raw.githubusercontent.com/akash-network/provider/main/install.sh | sh
          
      - name: Configure wallet
        run: |
          echo "${{ secrets.AKASH_MNEMONIC }}" | akash keys add deployer --recover
          
      - name: Send manifest
        run: |
          akash provider send-manifest ${{ inputs.sdl_file }} \
            --dseq ${{ inputs.dseq }} \
            --provider ${{ inputs.provider }}

3. Node.js Test

File: .github/workflows/node-test.yml

name: Node.js Test

on:
  workflow_call:
    inputs:
      node_version:
        required: false
        default: '20'
        type: string
      package_manager:
        required: false
        default: 'pnpm'
        type: string

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - uses: pnpm/action-setup@v2
        if: inputs.package_manager == 'pnpm'
        
      - uses: actions/setup-node@v4
        with:
          node-version: ${{ inputs.node_version }}
          cache: ${{ inputs.package_manager }}
          
      - run: ${{ inputs.package_manager }} install
      - run: ${{ inputs.package_manager }} test
      - run: ${{ inputs.package_manager }} lint

Usage in Repos

In service-cloud-api:

# .github/workflows/ci.yml
name: CI
on: [push, pull_request]

jobs:
  test:
    uses: alternatefutures/.github/.github/workflows/node-test.yml@main
    with:
      package_manager: pnpm
      
  build:
    needs: test
    uses: alternatefutures/.github/.github/workflows/docker-build.yml@main
    with:
      image_name: api

Standardized Secret Names

Secret Purpose Repos
AKASH_MNEMONIC Deployer wallet All Akash deployments
DISCORD_WEBHOOK Alert notifications .github
AGE_PUBLIC_KEY Backup encryption service-cloud-api, service-secrets
W3_SPACE_DID Storacha space Backup workflows
INFISICAL_CLIENT_ID Secrets fetch All services
INFISICAL_CLIENT_SECRET Secrets fetch All services

Migration Plan

  1. Create reusable workflows in .github repo
  2. Test with one repo (service-auth)
  3. Migrate remaining repos
  4. Remove duplicated workflow code
  5. Update documentation

Testing

# Test reusable workflow locally with act
act -W .github/workflows/docker-build.yml

# Verify workflow call syntax
gh workflow run ci.yml --repo alternatefutures/service-auth

Definition of Done

  • 3 reusable workflows created (docker, akash, test)
  • At least 2 repos migrated to use shared workflows
  • Secret names standardized across org
  • README documents how to use workflows
  • No duplicate workflow code in repos

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions