7 files changed, 96 insertions, 136 deletions

diff --git a/.github/workflows/cd-dev.yml b/.github/workflows/cd-dev.yml
new file mode 100644
index 0000000..9610ca9
--- /dev/null
+++ b/.github/workflows/cd-dev.yml
@@ -0,0 +1,31 @@
+name: Create and release development container
+on:
+  workflow_run:
+    workflows: ["Build, test, security"]
+    types:
+      - completed
+    branches:
+      - dev
+jobs:
+  Create-and-release-dev-container:
+    name: Build the dev docker container image and push it to dockerhub
+    runs-on: ubuntu-latest
+    needs: Build
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dawidd6/action-download-artifact@v6
+        with:
+          github_token: ${{ secrets.TOKEN_GITHUB }}
+          workflow: ${{ github.workflow_run.id }}
+          name: dev-build-files
+          path: ./build
+      - uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - uses: docker/build-push-action@v5
+        with:
+          push: true
+          context: .
+          file: ./docker/dev/Dockerfile
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-dev:latest
diff --git a/.github/workflows/main-branch.yml b/.github/workflows/cd.yml
index aaf378c..2419fe2 100644
--- a/.github/workflows/main-branch.yml
+++ b/.github/workflows/cd.yml
@@ -1,4 +1,4 @@
-name: Create release and push production server image to dockerhub
+name: Release and deploy new version
 on:
   push:
     branches:
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..0765ada
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,62 @@
+name: Build, test, security
+on:
+  push:
+    branches-ignore:
+      - main
+jobs:
+  Clone-repo:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - uses: actions/upload-artifact@v3
+        with:
+          name: source-code
+          path: .
+
+  SAST-Unit-tests:
+    runs-on: ubuntu-latest
+    needs: Clone-repo
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          name: source-code
+          path: .
+      - run: make tests
+
+  SAST-clang:
+    runs-on: ubuntu-latest
+    needs: Clone-repo
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          name: source-code
+          path: .
+      - run: make static-analysis
+
+  SAST-flawfinder:
+    runs-on: ubuntu-latest
+    needs: Clone-repo
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          name: source-code
+          path: .
+      - run: sudo apt-get install -y flawfinder
+      - run: make security-analysis
+
+  Build:
+    runs-on: ubuntu-latest
+    needs: [ SAST-Unit-tests, SAST-clang, SAST-flawfinder ]
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          name: source-code
+          path: .
+      - name: Build server and browser
+        run: make dev
+      - uses: actions/upload-artifact@v3
+        with:
+          name: dev-build-files
+          path: ./build
diff --git a/.github/workflows/dev-branch.yml b/.github/workflows/dev-branch.yml
deleted file mode 100644
index 7198d8e..0000000
--- a/.github/workflows/dev-branch.yml
+++ /dev/null
@@ -1,90 +0,0 @@
-name: Tests, analysis and push to dev dockerhub
-on:
-  push:
-    branches:
-      - dev
-jobs:
-  # This is done to prevent potential race conditions;
-  # multiple jobs start with the source code, but since
-  # they have no "needs", one could start a little bit later,
-  # and in meantime a commit could be pushed
-  Clone-repo:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          submodules: recursive
-      - uses: actions/upload-artifact@v3
-        with:
-          name: source-code
-          path: .
-
-  Tests:
-    runs-on: ubuntu-latest
-    needs: Clone-repo
-    steps:
-      - uses: actions/download-artifact@v3
-        with:
-          name: source-code
-          path: .
-      - name: Run tests
-        run: make tests
-  
-  Static-analysis:
-    runs-on: ubuntu-latest
-    needs: Clone-repo
-    steps:
-      - uses: actions/download-artifact@v3
-        with:
-          name: source-code
-          path: .
-      - name: Run satic analysis
-        run: make static-analysis
-
-  Security-analysis:
-    runs-on: ubuntu-latest
-    needs: Clone-repo
-    steps:
-      - uses: actions/download-artifact@v3
-        with:
-          name: source-code
-          path: .
-      - run: sudo apt-get install -y flawfinder
-      - name: Run security analysis
-        run: make security-analysis
-
-  Build:
-    runs-on: ubuntu-latest
-    needs: [ Tests, Static-analysis, Security-analysis ]
-    steps:
-      - uses: actions/download-artifact@v3
-        with:
-          name: source-code
-          path: .
-      - name: Build server and browser
-        run: make dev
-      - uses: actions/upload-artifact@v3
-        with:
-          name: dev-build-files
-          path: ./build
-
-  Build-docker-and-push:
-    name: Build the docker container image and push it to dockerhub
-    runs-on: ubuntu-latest
-    needs: Build
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v3
-        with:
-          name: dev-build-files
-          path: ./build
-      - uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - uses: docker/build-push-action@v5
-        with:
-          push: true
-          context: .
-          file: ./docker/dev/Dockerfile
-          tags: ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-dev:latest
diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml
deleted file mode 100644
index 3ff1833..0000000
--- a/.github/workflows/feature-branch.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-name: Tests and static analysis
-on:
-  push:
-    branches-ignore:
-      - main
-      - dev
-jobs:
-  # This is done to prevent potential race conditions;
-  # multiple jobs start with the source code, but since
-  # they have no "needs", one could start a little bit later,
-  # and in meantime a commit could be pushed
-  Clone-repo:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          submodules: recursive
-      - uses: actions/upload-artifact@v3
-        with:
-          name: source-code
-          path: .
-
-  Tests:
-    runs-on: ubuntu-latest
-    needs: Clone-repo
-    steps:
-      - uses: actions/download-artifact@v3
-        with:
-          name: source-code
-          path: .
-      - name: Run tests
-        run: make tests
-  
-  Static-analysis:
-    runs-on: ubuntu-latest
-    needs: Clone-repo
-    steps:
-      - uses: actions/download-artifact@v3
-        with:
-          name: source-code
-          path: .
-      - name: Run static analysis
-        run: make static-analysis
diff --git a/.github/workflows/main-pr-release.yml b/.github/workflows/main-pr-label.yml
index cc37dc7..73518b9 100644
--- a/.github/workflows/main-pr-release.yml
+++ b/.github/workflows/main-pr-label.yml
@@ -1,4 +1,4 @@
-name: Check for release label inside pull request
+name: Check for release label inside PR to main
 on:
   pull_request:
     types: [opened, edited, reopened, labeled, unlabeled, ready_for_review, review_requested, synchronize]
diff --git a/.github/workflows/main-pr.yml b/.github/workflows/main-pr-redirect.yml
index f68aaaf..52779a6 100644
--- a/.github/workflows/main-pr.yml
+++ b/.github/workflows/main-pr-redirect.yml
@@ -1,4 +1,4 @@
-name: Force to dev PRs not from dev to main
+name: Redirect PR base when it's main and head isn't dev
 on:
   pull_request:
     types: [opened, edited, reopened, synchronize]