feat: Update public workflows to be able to pull reusable-workflows

.github/workflows/on-pull-request.yaml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     container: qctrl/ci-images:python-3.11-ci
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Download CI tool
         shell: bash
         run: |
@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     container: qctrl/ci-images:python-3.11-ci
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Download CI tool
       shell: bash
       run: |
@@ -54,7 +54,7 @@ jobs:
       matrix:
         python: ["3.10", "3.11", "3.12", "3.13"]
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Download CI tool
       shell: bash
       run: |
@@ -72,7 +72,7 @@ jobs:
     if: github.event.pull_request.head.repo.fork == true
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Build Sphinx Image
       run: |
         docker build -f ./docs/Dockerfile

.github/workflows/on-push.yaml

@@ -10,33 +10,37 @@ on:
 jobs:
   housekeeping:
     runs-on: ubuntu-latest
-    container: qctrl/ci-images:python-3.11-ci
     steps:
-      - uses: actions/checkout@v4
-      - name: Download CI tool
-        shell: bash
-        run: |
-          curl -sSL http://ci.q-ctrl.com | bash -
-      - name: Vault Login
-        run: |
-          ./ci vault login -r ${{ secrets.VAULT_ROLE_ID }} -s ${{ secrets.VAULT_SECRET_ID }}
-      - name: Inject environment variables
-        run: |
-          /scripts/ci env prepareGitHub
-      - name: Perform housekeeping checks
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          git config --global --add safe.directory $GITHUB_WORKSPACE
-          git config --global user.email "robot@q-ctrl.com"
-          git config --global user.name "Q-CTRL Robot"
-          /scripts/housekeeping.sh
+      - uses: actions/checkout@v6
+      - name: Generate GitHub App token
+        id: app-token
+        uses: actions/create-github-app-token@v3
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+          repositories: reusable-workflows
+      - name: Checkout reusable workflows
+        uses: actions/checkout@v6
+        with:
+          repository: qctrl/reusable-workflows
+          token: ${{ steps.app-token.outputs.token }}
+          path: .github/reusable-workflows
+          persist-credentials: false
+          ref: actions/poetry/housekeeping/v2
+      - name: Run housekeeping
+        uses: ./.github/reusable-workflows/.github/actions/poetry/housekeeping
+        with:
+          vault-role-id: ${{ secrets.VAULT_ROLE_ID }}
+          vault-secret-id: ${{ secrets.VAULT_SECRET_ID }}
+      - name: Cleanup reusable workflows checkout
+        if: always()
+        run: rm -rf .github/reusable-workflows
 
   linting:
     runs-on: ubuntu-latest
     container: qctrl/ci-images:python-3.11-ci
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Download CI tool
         shell: bash
         run: |
@@ -59,7 +63,7 @@ jobs:
       matrix:
         python: ["3.10", "3.11", "3.12", "3.13"]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Download CI tool
         shell: bash
         run: |
@@ -79,7 +83,7 @@ jobs:
     runs-on: ubuntu-latest
     container: qctrl/ci-images:python-3.11-ci
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Download CI tool
         shell: bash
         run: |

.github/workflows/on-release.yaml

@@ -9,9 +9,32 @@ jobs:
     runs-on: ubuntu-latest
     container: qctrl/ci-images:python-3.11-ci
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
+      - name: Generate GitHub App token
+        id: app-token
+        uses: actions/create-github-app-token@v3
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+          repositories: reusable-workflows
+      - name: Checkout reusable workflows
+        uses: actions/checkout@v6
+        with:
+          repository: qctrl/reusable-workflows
+          token: ${{ steps.app-token.outputs.token }}
+          path: .github/reusable-workflows
+          persist-credentials: false
+          ref: actions/poetry/housekeeping/v2
+      - name: Run housekeeping
+        uses: ./.github/reusable-workflows/.github/actions/poetry/housekeeping
+        with:
+          vault-role-id: ${{ secrets.VAULT_ROLE_ID }}
+          vault-secret-id: ${{ secrets.VAULT_SECRET_ID }}
+      - name: Cleanup reusable workflows checkout
+        if: always()
+        run: rm -rf .github/reusable-workflows
       - name: Download CI tool
         shell: bash
         run: |
@@ -22,14 +45,6 @@ jobs:
       - name: Inject environment variables
         run: |
           ./ci env prepareGitHub
-      - name: Update version in code
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          git config --global --add safe.directory $GITHUB_WORKSPACE
-          git config --global user.email "robot@q-ctrl.com"
-          git config --global user.name "Q-CTRL Robot"
-          /scripts/housekeeping.sh
       - name: Publish publicly
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -43,10 +58,28 @@ jobs:
     runs-on: ubuntu-latest
     container: qctrl/ci-images:python-3.11-ci
     steps:
+      - name: Generate GitHub App token
+        id: app-token
+        uses: actions/create-github-app-token@v3
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+          repositories: reusable-workflows
+      - name: Checkout reusable workflows
+        uses: actions/checkout@v6
+        with:
+          repository: qctrl/reusable-workflows
+          token: ${{ steps.app-token.outputs.token }}
+          path: .github/reusable-workflows
+          persist-credentials: false
+          ref: actions/docs/update-docs/v1
       - name: Update docs repo
-        uses: qctrl/reusable-workflows/.github/actions/docs/update-docs@master
+        uses: ./.github/reusable-workflows/.github/actions/docs/update-docs
         with:
           source_branch: master
           target_branch: master
           vault-role-id: ${{ secrets.VAULT_ROLE_ID }}
           vault-secret-id: ${{ secrets.VAULT_SECRET_ID }}
+      - name: Cleanup reusable workflows checkout
+        if: always()
+        run: rm -rf .github/reusable-workflows