From 5d2b0ba5111cb237c15794e8222abe1cc97db2ff Mon Sep 17 00:00:00 2001
From: Derek Roberts <derek.roberts@gmail.com>
Date: Thu, 12 Oct 2023 22:37:05 -0700
Subject: [PATCH] feat: analysis revision (#21)

---
 .github/workflows/analysis.yml |  9 +++------
 .github/workflows/pr-close.yml | 25 +++++++++++++++++++++++++
 .github/workflows/pr-open.yml  | 26 ++++----------------------
 3 files changed, 32 insertions(+), 28 deletions(-)
 create mode 100644 .github/workflows/pr-close.yml

diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
index 3bf343ce..1fca5257 100644
--- a/.github/workflows/analysis.yml
+++ b/.github/workflows/analysis.yml
@@ -3,10 +3,8 @@ name: Analysis
 on:
   push:
     branches: [main]
-  pull_request:
-    types: [opened, reopened, synchronize, ready_for_review]
-  # schedule:
-  #   - cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
+  schedule: [cron: "0 11 * * 0"] # 3 AM PST = 12 PM UDT, runs sundays
+  workflow_call:
   workflow_dispatch:
 
 concurrency:
@@ -16,8 +14,7 @@ concurrency:
 jobs:
   # https://github.com/marketplace/actions/aqua-security-trivy
   trivy:
-    name: Trivy Security Scan
-    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
+    name: Trivy
     runs-on: ubuntu-22.04
     timeout-minutes: 1
     steps:
diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml
new file mode 100644
index 00000000..68b30180
--- /dev/null
+++ b/.github/workflows/pr-close.yml
@@ -0,0 +1,25 @@
+name: PR Closed
+
+on:
+  pull_request:
+    branches: [main]
+    types: [closed]
+
+concurrency:
+  # PR open and close use the same group, allowing only one at a time
+  group: pr-${{ github.workflow }}-${{ github.event.number }}
+  cancel-in-progress: true
+
+jobs:
+  ghcr-cleanup:
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        package: [bitnami/postgresql, postgres/postgres]
+    steps:
+      - uses: actions/delete-package-versions@v4
+        with:
+          package-name: ${{ github.event.repository.name }}/${{ matrix.package }}
+          package-type: 'container'
+          min-versions-to-keep: 50
+          delete-only-untagged-versions: 'true'
diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml
index 88321714..868956c1 100644
--- a/.github/workflows/pr-open.yml
+++ b/.github/workflows/pr-open.yml
@@ -12,7 +12,7 @@ concurrency:
 
 jobs:
   # https://github.com/bcgov-nr/action-builder-ghcr
-  builds:
+  Builds:
     if: "!github.event.pull_request.head.repo.fork"
     permissions:
       packages: write
@@ -39,24 +39,6 @@ jobs:
           token: ${{ github.token }}
           triggers: ${{ matrix.package}}/${{ matrix.triggers }}
 
-  ghcr-cleanup:
-    needs: [builds]
-    runs-on: ubuntu-22.04
-    strategy:
-      matrix:
-        package: [bitnami/postgresql, postgres/postgres]
-    steps:
-      - uses: actions/delete-package-versions@v4
-        with:
-          package-name: ${{ github.event.repository.name }}/${{ matrix.package }}
-          package-type: 'container'
-          min-versions-to-keep: 10
-          delete-only-untagged-versions: 'true'
-
-  wrap-up:
-    needs: [ghcr-cleanup]
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Wrap-up
-        run: |
-          echo "Dummy step for workflow completion"
+  Analysis:
+    needs: [Builds]
+    uses: ./.github/workflows/analysis.yml