ci: rework ci

Restructures the ci, renames some of the arguments and their values and adds a documentation.

.github/workflows/01_pr.yml

@@ -0,0 +1,22 @@
+name: pr
+
+permissions: {}
+
+on:
+  pull_request:
+    branches:
+      - master
+      - develop
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  ci:
+    uses: ./.github/workflows/100_ci.yml
+    permissions:
+      packages: write
+      contents: write
+      security-events: write
+    secrets: inherit

.github/workflows/02_push.yml

@@ -0,0 +1,22 @@
+name: push
+
+permissions: {}
+
+on:
+  push:
+    branches:
+      - master
+      - develop
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  ci:
+    uses: ./.github/workflows/100_ci.yml
+    permissions:
+      packages: write
+      contents: write
+      security-events: write
+    secrets: inherit

.github/workflows/release.yaml → .github/workflows/03_release.yaml

@@ -11,22 +11,9 @@ defaults:
   run:
     shell: bash
 
-env:
-  SKIP_INTEGRATION_TESTS: 'none' # 'none', 'non-required', 'all', 'self-hosted-notary'
-
 jobs:
-  conditionals:
-    runs-on: ubuntu-latest
-    outputs:
-      skip_integration_tests: ${{ steps.conditionals.outputs.skip_integration_tests }}
-    steps:
-      - name: CI conditionals
-        id: conditionals
-        run: |
-          echo "skip_integration_tests=${SKIP_INTEGRATION_TESTS}" >> ${GITHUB_OUTPUT}
-
   build:
-    uses: ./.github/workflows/.reusable-build.yml
+    uses: ./.github/workflows/101_build.yml
     permissions:
       packages: write
     secrets: inherit
@@ -49,8 +36,8 @@ jobs:
           exit 1
 
   integration-test:
-    uses: ./.github/workflows/.reusable-integration-test.yml
-    needs: [conditionals, build, version-match]
+    uses: ./.github/workflows/107_integration-test.yml
+    needs: [build, version-match]
     permissions:
       packages: read
     secrets: inherit
@@ -59,11 +46,9 @@ jobs:
       repo_owner: ${{ github.repository_owner }}
       build_image_repository: ${{ needs.build.outputs.build_registry }}/${{ needs.build.outputs.build_repo }}
       build_tag: ${{ needs.build.outputs.build_tag }}
-      skip: ${{ needs.conditionals.outputs.skip_integration_tests }}
-      cosign_public_key: ${{ needs.build.outputs.cosign_public_key }}
 
   publish:
-    uses: ./.github/workflows/.reusable-publish.yml
+    uses: ./.github/workflows/200_publish.yml
     needs: [build, version-match, integration-test]
     permissions:
       contents: write

.github/workflows/publish.yml → .github/workflows/04_publish.yml

@@ -1,4 +1,4 @@
-name: publish
+name: manual_publish
 
 permissions: {}
 
@@ -20,7 +20,7 @@ on:
 
 jobs:
   publish:
-    uses: ./.github/workflows/.reusable-publish.yml
+    uses: ./.github/workflows/200_publish.yml
     permissions:
       contents: write
     with:

.github/workflows/05_nightly.yaml

@@ -0,0 +1,31 @@
+name: nightly
+
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+permissions: {}
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  ci:
+    uses: ./.github/workflows/100_ci.yml
+    permissions:
+      packages: write
+      contents: write
+      security-events: write
+    secrets: inherit
+    with:
+      unit_tests: skip-all
+      sast: skip-all
+      docs: skip-all
+      integration_tests: skip-all
+      output_type: table
+
+  cleanup-registry:
+    uses: ./.github/workflows/201_cleanup-registry.yml
+    needs: [ci]
+    secrets: inherit