chore: update to uds-common v0.3.9 and add upgrade-tests

Author: Racer159

.github/workflows/ci-docs-shim.yaml

@@ -0,0 +1,20 @@
+name: CI Docs Shim
+
+on:
+  pull_request:
+    branches: [main]
+    types: [milestoned, opened, synchronize]
+
+jobs:
+  run-test:
+    name: ${{ matrix.type }} ${{ matrix.flavor }}
+    runs-on: "ubuntu-latest"
+    timeout-minutes: 20
+    strategy:
+      matrix:
+        flavor: [upstream, registry1]
+        type: [install, upgrade]
+    steps:
+      - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }}
+        run: |
+          echo "Documentation-only change detected; marking ${{ matrix.type }} ${{ matrix.flavor }} as successful."

.github/workflows/commitlint.yaml

@@ -8,4 +8,4 @@ on:
 jobs:
   validate:
     name: Validate
-    uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@417b9c2bc088f664c616c9929a2b3ce448d251f7
+    uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9

.github/workflows/lint.yaml

@@ -0,0 +1,35 @@
+name: Scan
+
+on:
+  # This workflow is triggered on pull requests to the main branch.
+  pull_request:
+    branches: [main]
+    types: [milestoned, opened, synchronize]
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    name: Lint
+    permissions:
+      contents: read # Allows reading the repo contents
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Environment setup
+        uses: defenseunicorns/uds-common/.github/actions/setup@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
+        with:
+          registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
+          registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+          ghToken: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install lint deps
+        run: |
+          uds run lint:deps
+
+      - name: Lint the repository
+        run: |
+          uds run lint:yaml

.github/workflows/pull-requests.yaml

@@ -5,6 +5,10 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   tag-new-version:
     name: Tag New Version
@@ -15,18 +19,18 @@ jobs:
     steps:
       - name: Create release tag
         id: tag
-        uses: google-github-actions/release-please-action@cc61a07e2da466bebbc19b3a7dd01d6aecb20d1e # v4
+        uses: google-github-actions/release-please-action@a37ac6e4f6449ce8b3f7607e4d97d0146028dc0b # v4.1.0
       - id: release-flag
         run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT
 
   publish-package:
-    strategy:
-      matrix:
-        flavor: [upstream, registry1]
     needs: tag-new-version
     if: ${{ needs.tag-new-version.outputs.release_created == 'true' }}
     runs-on: ubuntu-latest
-    name: Publish package
+    name: Publish ${{ matrix.flavor }}
+    strategy:
+      matrix:
+        flavor: [upstream, registry1]
 
     permissions:
       contents: read
@@ -36,23 +40,17 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@417b9c2bc088f664c616c9929a2b3ce448d251f7
-
-      - name: Iron Bank Login
-        run: uds zarf tools registry login -u "${{secrets.IRON_BANK_ROBOT_USERNAME}}" -p "${{secrets.IRON_BANK_ROBOT_PASSWORD}}" registry1.dso.mil
-
-      - name: Login to GHCR
-        uses: docker/login-action@v3
+        uses: defenseunicorns/uds-common/.github/actions/setup@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
         with:
-          registry: ghcr.io
-          username: dummy
-          password: ${{ secrets.GITHUB_TOKEN }}
+          registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
+          registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+          ghToken: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Publish Package
         run: uds run -f tasks/publish.yaml package --set FLAVOR=${{ matrix.flavor }}
 
       - name: Save logs
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/save-logs@417b9c2bc088f664c616c9929a2b3ce448d251f7
+        uses: defenseunicorns/uds-common/.github/actions/save-logs@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
         with:
-          suffix: '${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}'
+          suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}

.github/workflows/tag-and-release.yaml

@@ -0,0 +1,64 @@
+name: Test
+
+on:
+  pull_request:
+    branches: [main]
+    types: [milestoned, opened, synchronize]
+    paths-ignore:
+      - "**.md"
+      - "**.jpg"
+      - "**.png"
+      - "**.gif"
+      - "**.svg"
+      - "adr/**"
+      - "docs/**"
+      - ".gitignore"
+      - "renovate.json"
+      - ".release-please-config.json"
+      - "release-please-config.json"
+      - "oscal-component.yaml"
+      - "CODEOWNERS"
+      - "LICENSE"
+      - "CONTRIBUTING.md"
+      - "SECURITY.md"
+
+
+# Abort prior jobs in the same workflow / PR
+concurrency:
+  group: test-${{ github.ref }}-${{ inputs.package }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: ${{ matrix.type }} ${{ matrix.flavor }}
+    runs-on: "uds-ubuntu-big-boy-8-core"
+    strategy:
+      matrix:
+        flavor: [upstream, registry1]
+        type: [install, upgrade]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Environment setup
+        uses: defenseunicorns/uds-common/.github/actions/setup@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
+        with:
+          registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
+          registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+          ghToken: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Test
+        uses: defenseunicorns/uds-common/.github/actions/test@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
+        with:
+          flavor: ${{ matrix.flavor }}
+          type: ${{ matrix.type }}
+
+      - name: Save logs
+        if: always()
+        uses: defenseunicorns/uds-common/.github/actions/save-logs@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
+        with:
+          suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}

.github/workflows/test.yaml

@@ -7,19 +7,19 @@
       ":semanticCommits",
       ":semanticCommitTypeAll(chore)"
     ],
-    "branchConcurrentLimit": 0,
-    "prConcurrentLimit": 0,
-    "prHourlyLimit": 0,
-    "separateMajorMinor": false,
-    "regexManagers":[
-    ],
     "packageRules": [
-      { 
-        "matchFileNames": [".github/**"],
-        "excludePackageNames": ["defenseunicorns/uds-cli"],
-        "groupName": "githubactions",
-        "commitMessageTopic": "githubactions",
-        "pinDigests": true
+      {
+        "groupName": "Postgres Support Dependencies",
+        "labels": ["support-deps"],
+        "commitMessageTopic": "support-deps",
+        "packagePatterns": ["*"]
+      },
+      {
+        "groupName": "Postgres Package Dependencies",
+        "labels": ["package-deps"],
+        "commitMessageTopic": "package-deps",
+        "registryUrls": ["https://registry1.dso.mil"],
+        "matchDatasources": ["docker", "helm", "git-tags"]
       }
     ]
   }