separate snap and docker deploy workflows to speed up the process

.github/workflows/docker_deploy_jobs.yaml

@@ -0,0 +1,81 @@
+name: Docker deploy jobs
+on:
+  workflow_call:
+    inputs:
+      dockerTag:
+        required: true
+        description: 'tag to assign docker images'
+        type: string
+    secrets:
+      DOCKERHUB_TOKEN:
+        required: true
+
+permissions:
+  contents: read
+
+env:
+  DOCKER_TAG: "${{ inputs.dockerTag }}"
+
+jobs:
+  # The credentials used in the following jobs are for the shared
+  # certbotbot account on Docker Hub.
+  # They are located under the certbot organization settings,
+  # under Secrets and Variables -> Actions.
+  # DOCKERHUB_USERNAME is saved as a variable.
+  # DOCKERHUB_TOKEN is a secret, and it is a PAT created by
+  # following the instructions at
+  # https://docs.docker.com/security/access-tokens/
+  # with Read and Write permissions. The access token can be deleted
+  # on Docker Hub if these credentials need to be revoked.
+  # The password is a PAT following the advice given by
+  # https://github.com/docker/login-action?tab=readme-ov-file#docker-hub
+  publish_docker_by_arch:
+    name: Publish docker by arch
+    runs-on:
+      - 'ubuntu-24.04'
+    strategy:
+      fail-fast: false
+      matrix:
+        DOCKER_ARCH:
+        - arm32v6
+        - arm64v8
+        - amd64
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v6.0.2
+      with:
+        persist-credentials: false
+    - name: Retrieve Docker images
+      uses: actions/download-artifact@v8.0.1
+      with:
+        name: docker_${{ matrix.DOCKER_ARCH }}
+        path: "${{ github.workspace }}"
+    - name: Load Docker images
+      run: docker load --input ${{ github.workspace }}/images.tar
+      shell: bash
+    - name: Login to Docker Hub
+      uses: docker/login-action@v4.1.0
+      with:
+        username: "${{ vars.DOCKERHUB_USERNAME }}"
+        password: "${{ secrets.DOCKERHUB_TOKEN }}"
+    - name: Deploy the Docker images by architecture
+      run: tools/docker/deploy_images.sh "$DOCKER_TAG" ${{ matrix.DOCKER_ARCH }}
+      shell: bash
+  publish_docker_multiarch:
+    name: Publish docker multiarch
+    needs: publish_docker_by_arch
+    runs-on:
+      - 'ubuntu-24.04'
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v6.0.2
+      with:
+        persist-credentials: false
+    - name: Login to Docker Hub
+      uses: docker/login-action@v4.1.0
+      with:
+        username: "${{ vars.DOCKERHUB_USERNAME }}"
+        password: "${{ secrets.DOCKERHUB_TOKEN }}"
+    - name: Deploy the Docker multiarch manifests
+      run: tools/docker/deploy_manifests.sh "$DOCKER_TAG" all
+      shell: bash

.github/workflows/nightly.yml

@@ -6,8 +6,11 @@ on:
   workflow_dispatch:
 
 jobs:
-  # The first four jobs could be grouped in a separate workflow, but the github actions UI
+  # While many of these jobs could be grouped in a separate workflow, the github actions UI
   # is much nicer if they are instead listed explicitly here.
+  ###########################
+  ####    testing jobs    ###
+  ###########################
   standard_tests_jobs:
     name: Standard tests
     permissions:
@@ -22,6 +25,9 @@ jobs:
       AWS_TEST_FARM_PEM: "${{ secrets.AWS_TEST_FARM_PEM }}"
       AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"
       AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
+  ###########################
+  ####   packaging jobs   ###
+  ###########################
   docker_packaging_jobs:
     name: Docker packaging
     permissions:
@@ -43,22 +49,38 @@ jobs:
     permissions:
       contents: read
     uses: "./.github/workflows/changelog_stage.yml"
-  nightly_deploy_stage:
-    name: Nightly deploy
+  ############################
+  ####     deploy jobs     ###
+  ############################
+  docker_deploy_stage:
+    name: Deploy docker images
     permissions:
       contents: read
     needs:
       - standard_tests_jobs
       - extended_tests_jobs
       - docker_packaging_jobs
-      - snap_packaging_jobs
-    uses: "./.github/workflows/common_deploy_jobs.yml"
+    uses: "./.github/workflows/docker_deploy_jobs.yml"
     secrets:
-      SNAPCRAFTCFG: "${{ secrets.SNAPCRAFTCFG }}"
       DOCKERHUB_TOKEN: "${{ secrets.DOCKERHUB_TOKEN }}"
     with:
       dockerTag: nightly
+  snap_deploy_stage:
+    name: Deploy snaps
+    permissions:
+      contents: read
+    needs:
+      - standard_tests_jobs
+      - extended_tests_jobs
+      - snap_packaging_jobs
+    uses: "./.github/workflows/snap_deploy_jobs.yml"
+    secrets:
+      SNAPCRAFTCFG: "${{ secrets.SNAPCRAFTCFG }}"
+    with:
       snapReleaseChannel: edge
+  ############################
+  ####      rerun job      ###
+  ############################
   re-run:
     needs:
       - standard_tests_jobs
@@ -66,7 +88,8 @@ jobs:
       - docker_packaging_jobs
       - snap_packaging_jobs
       - changelog_stage
-      - nightly_deploy_stage
+      - docker_deploy_stage
+      - snap_deploy_stage
     if: failure() && fromJSON(github.run_attempt) < 3
     permissions:
       actions: write

.github/workflows/snap_deploy_jobs.yaml

@@ -1,11 +1,7 @@
-name: Common deploy jobs
+name: Snap deploy jobs
 on:
   workflow_call:
     inputs:
-      dockerTag:
-        required: true
-        description: 'tag to assign docker images'
-        type: string
       snapReleaseChannel:
         description: 'snap channel to release to'
         required: true
@@ -13,14 +9,11 @@ on:
     secrets:
       SNAPCRAFTCFG:
         required: true
-      DOCKERHUB_TOKEN:
-        required: true
 
 permissions:
   contents: read
 
 env:
-  DOCKER_TAG: "${{ inputs.dockerTag }}"
   SNAP_RELEASE_CHANNEL: "${{ inputs.snapReleaseChannel }}"
 
 jobs:
@@ -91,65 +84,3 @@ jobs:
     - name: Fail
       run: exit 1
       shell: bash
-  # The credentials used in the following jobs are for the shared
-  # certbotbot account on Docker Hub.
-  # They are located under the certbot organization settings,
-  # under Secrets and Variables -> Actions.
-  # DOCKERHUB_USERNAME is saved as a variable.
-  # DOCKERHUB_TOKEN is a secret, and it is a PAT created by
-  # following the instructions at
-  # https://docs.docker.com/security/access-tokens/
-  # with Read and Write permissions. The access token can be deleted
-  # on Docker Hub if these credentials need to be revoked.
-  # The password is a PAT following the advice given by
-  # https://github.com/docker/login-action?tab=readme-ov-file#docker-hub
-  publish_docker_by_arch:
-    name: Publish docker by arch
-    runs-on:
-      - 'ubuntu-24.04'
-    strategy:
-      fail-fast: false
-      matrix:
-        DOCKER_ARCH:
-        - arm32v6
-        - arm64v8
-        - amd64
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v6.0.2
-      with:
-        persist-credentials: false
-    - name: Retrieve Docker images
-      uses: actions/download-artifact@v8.0.1
-      with:
-        name: docker_${{ matrix.DOCKER_ARCH }}
-        path: "${{ github.workspace }}"
-    - name: Load Docker images
-      run: docker load --input ${{ github.workspace }}/images.tar
-      shell: bash
-    - name: Login to Docker Hub
-      uses: docker/login-action@v4.1.0
-      with:
-        username: "${{ vars.DOCKERHUB_USERNAME }}"
-        password: "${{ secrets.DOCKERHUB_TOKEN }}"
-    - name: Deploy the Docker images by architecture
-      run: tools/docker/deploy_images.sh "$DOCKER_TAG" ${{ matrix.DOCKER_ARCH }}
-      shell: bash
-  publish_docker_multiarch:
-    name: Publish docker multiarch
-    needs: publish_docker_by_arch
-    runs-on:
-      - 'ubuntu-24.04'
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v6.0.2
-      with:
-        persist-credentials: false
-    - name: Login to Docker Hub
-      uses: docker/login-action@v4.1.0
-      with:
-        username: "${{ vars.DOCKERHUB_USERNAME }}"
-        password: "${{ secrets.DOCKERHUB_TOKEN }}"
-    - name: Deploy the Docker multiarch manifests
-      run: tools/docker/deploy_manifests.sh "$DOCKER_TAG" all
-      shell: bash