Workflow Refactoring Recommendations

[daronco]

Created 2026-01-27 via Copilot.
Ideas on how to organize better the actions we have.

Analysis of potential consolidations and improvements for reusability.

Non-Breaking Changes

These changes improve maintainability without affecting existing consumers.

1. Extract Composite Actions

Create reusable composite actions for repeated patterns:

a) SSH Agent Setup (/.github/actions/setup-ssh/action.yml)

• Used in: lb-go-build, lb-go-lint, lb-go-tests, lb-push-scan-image, all-build-push-scan-harbor
• Saves: ~50 lines of duplicated YAML
• Benefit: Single source of truth for SSH configuration

b) File Change Detection (/.github/actions/detect-changes/action.yml)

• Used in: lb-go-tests, lb-node-tests, lb-py-tests, data-py-uv-tests
• Saves: ~40 lines of duplicated YAML
• Benefit: Consistent file change detection with configurable patterns

c) Trivy Scanning (/.github/actions/trivy-scan/action.yml)

• Used in: lb-scan, lb-push-scan-image, all-build-push-scan-harbor
• Saves: ~60 lines of duplicated YAML
• Benefit: Unified security scanning with consistent severity thresholds

d) Coverage Reporting (/.github/actions/report-coverage/action.yml)

• Used in: lb-go-tests, lb-py-tests, data-py-uv-tests
• Saves: ~30 lines of duplicated YAML
• Benefit: Standardized coverage reporting to PRs

2. Enhance all-build-push-scan-harbor

Add DockerHub base image pulling capability to make it a complete replacement for all-build-push-image. No breaking changes to existing consumers of either workflow.

3. Refactor all-gen-changelog-ai

Break the 429-line workflow into smaller, testable composite actions:

• PR information gathering
• Claude interaction wrapper
• Changelog file manipulation

Breaking Changes

These require coordination with consuming repositories.

1. Consolidate Python Workflows

Replace 3 lint workflows → 1 unified workflow

• Deprecate: lb-py-lint, lb-py-pdm-lint, data-py-uv-lint
• Create: all-py-lint.yml with package-manager input (pip/pdm/uv)
• Impact: Consumers must update workflow references and add package-manager parameter
• Migration effort: Low (simple parameter addition)

Replace 2 test workflows → 1 unified workflow

• Deprecate: lb-py-tests, data-py-uv-tests
• Create: all-py-tests.yml with package-manager input
• Impact: Consumers must update workflow references
• Migration effort: Low

2. Deprecate all-build-push-image

• Replace with: all-build-push-scan-harbor (after enhancement build(deps): bump webfactory/ssh-agent from 0.5.4 to 0.9.0 #2 above)
• Rationale: Superset functionality with optional scanning and SSH support
• Impact: Consumers must change workflow reference
• Migration effort: Minimal (same inputs, more features)

3. Consolidate Ruby Lint Workflows

• Deprecate: lb-ruby-lint
• Enhance: portal-ruby-lint with optional ruby-version input
• Behavior: Use .ruby-version if input not provided, use input otherwise
• Impact: Consumers using lb-ruby-lint must update reference
• Migration effort: Low