Extend metrics in the code base

.github/workflows/lint-go.yaml

@@ -1,10 +1,8 @@
 name: Lint
 
 on:
-  push:
-    branches:
-      - master
-  pull_request:
+  # Should only be used by other workflows
+  workflow_call:
 
 permissions:
   contents: read

.github/workflows/on-master-commit.yaml

@@ -0,0 +1,48 @@
+name: Master branch CI
+
+on:
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  run-unit-tests:
+    name: Run Unit Tests
+    uses: ./.github/workflows/test.yaml
+
+  lint:
+    name: Lint
+    uses: ./.github/workflows/lint-go.yaml
+
+  generate-tags:
+    name: Generate Docker Tags
+    runs-on: ubuntu-latest
+    outputs:
+      tag_date: ${{ steps.tag_date.outputs.tag_date }}
+      short_sha: ${{ steps.short_sha.outputs.short_sha }}
+    steps:
+      - name: Generate Tag Date
+        id: tag_date
+        run: echo "tag_date=$(date +'%Y%m%d')" >> "$GITHUB_OUTPUT"
+      - name: Generate Short SHA
+        id: short_sha
+        run: echo "short_sha=$(echo $GITHUB_SHA | cut -c1-7)" >> "$GITHUB_OUTPUT"
+
+  publish-docker-image:
+    name: Publish Docker Image
+    uses: ./.github/workflows/publish-docker-images.yaml
+    secrets: inherit
+    needs:
+      - run-unit-tests
+      - generate-tags
+      - lint
+    permissions:
+      contents: read
+      packages: write
+    with:
+      images: |
+        ghcr.io/${{ github.repository }}
+      # eg: master-20240321-7d8e9f2
+      tags: |
+        type=raw,value=master-${{ needs.generate-tags.outputs.tag_date }}-${{ needs.generate-tags.outputs.short_sha }}
+        type=raw,value=master-latest

.github/workflows/on-pre-release.yaml

@@ -0,0 +1,43 @@
+name: Pre-Release CI
+
+on:
+  push:
+    tags:
+      - 'v*.*.*-rc.*'
+
+jobs:
+
+  validate:
+    name: Validate Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Validate Tag
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        # This step validates that the tag is a pre-release
+        run: |
+          prerelease=$(gh release view ${{ github.ref_name }} --json isPrerelease | jq -r '.isPrerelease')
+          if [ "$prerelease" != "true" ]; then
+            echo "Tag is not a pre-release"
+            exit 1
+          fi
+
+  publish-docker-image:
+    name: Publish Pre-Release Docker Image
+    uses: ./.github/workflows/publish-docker-images.yaml
+    secrets: inherit
+    needs:
+      - validate
+    permissions:
+      contents: read
+      packages: write
+    with:
+      environment: docker-publish
+      images: |
+        ${{ github.repository }}
+        ghcr.io/${{ github.repository }}
+      tags: |
+        type=raw,value=${{ github.ref_name }}

.github/workflows/on-pull-request.yaml

@@ -0,0 +1,29 @@
+name: Pull Request CI
+
+on:
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  run-unit-tests:
+    name: Run Unit Tests
+    uses: ./.github/workflows/test.yaml
+
+  lint:
+    name: Lint
+    uses: ./.github/workflows/lint-go.yaml
+
+  # This doesn't publish the image, it just tests the publishing workflow (build the image / tags / labels)
+  test-docker-publish:
+    name: Test Docker Publish
+    uses: ./.github/workflows/publish-docker-images.yaml
+    secrets: inherit
+    permissions:
+      contents: read
+      packages: write
+    with:
+      images: |
+        ghcr.io/${{ github.repository }}
+      tags: |
+        type=raw,value=${{ github.ref }}-${{ github.sha }}

.github/workflows/on-release.yaml

@@ -0,0 +1,60 @@
+name: Release CI
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+      - '!v*.*.*-rc*'
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    name: Validate Release
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20'
+
+      - name: Validate Tag
+        run: |
+          node -e "if (!/^v\d+\.\d+\.\d+$/.test('${{ github.ref_name }}')) { console.error('Invalid version provided');process.exit(1);}"
+
+      - name: Validate VERSION
+        run: |
+          if [ "$(cat cmd/thor/VERSION)" != "${{ github.ref_name }}" ]; then
+            echo "VERSION file does not match tag"
+            exit 1
+          fi
+
+      - name: Validate Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        # This step validates that the tag is an official release
+        run: |
+          prerelease=$(gh release view ${{ github.ref_name }} --json isPrerelease | jq -r '.isPrerelease')
+          if [ "$prerelease" != "false" ]; then
+            echo "Tag is not an official release"
+            exit 1
+          fi
+
+  publish-docker-image:
+    name: Publish Docker Image
+    uses: ./.github/workflows/publish-docker-images.yaml
+    secrets: inherit
+    needs:
+      - validate
+    permissions:
+      contents: read
+      packages: write
+    with:
+      environment: docker-publish
+      images: |
+        ${{ github.repository }}
+        ghcr.io/${{ github.repository }}
+      tags: |
+        type=raw,value=${{ github.event.release.tag_name }}
+        type=raw,value=latest

.github/workflows/publish-docker-images.yaml

@@ -0,0 +1,73 @@
+name: Publish Docker Image
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        required: false
+        description: 'The environment to publish the Docker image to.'
+      tags:
+        type: string
+        required: true
+        description: 'The tags to apply to the Docker image.'
+      images:
+        type: string
+        required: true
+        description: 'The images to publish'
+  workflow_dispatch:
+
+jobs:
+  build-and-push-image:
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    environment: ${{ inputs.environment }}
+    steps:
+
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        # Only log in to Docker Hub if the event is a release
+        if: ${{ inputs.environment == 'docker-publish' }}
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          # default to ghcr.io for workflow_dispatch
+          images: ${{ inputs.images || format('ghcr.io/{0}', github.repository) }}
+          # use the branch + sha if workflow_dispatch
+          tags: ${{ inputs.tags || format('type=raw,value={0}-{1}', github.ref_name, github.sha) }}
+
+      - name: Push to Registry(s)
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          provenance: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}