PSDI-UK · brgillis · May 18, 2026 · May 18, 2026 · May 18, 2026 · May 18, 2026
diff --git a/.github/workflows/ci-feature.yml b/.github/workflows/ci-feature.yml
@@ -5,12 +5,14 @@ run-name: CI - Feature branches
 on:
   workflow_dispatch:
   push:
-    branches: [ "feature**" ]
-      
+    branches: ["feature**"]
+
 jobs:
   open-pull-request:
-    # Open a PR if the branch isn't main itself
-    if: ${{ github.head_ref || github.ref_name }} != 'main'
-    uses: ./.github/workflows/job-open-pull-request.yml
+    # Open a PR to main if the branch isn't main itself
+    if: ${{ github.head_ref || github.ref_name  != 'main' }}
+    uses: PSDI-UK/psdi-github-workflows-public/.github/workflows/open-pull-request.yml@b4c884a5fbaa96777c26f1ac6d4eac67531e2fc7
     with:
       target: main
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml
@@ -21,18 +21,25 @@ on:
 
 jobs:
   test-all:
-    if: ${{ github.event_name == 'push' || ! github.event.inputs.skip-tests }}
-
-    uses: ./.github/workflows/job-test-main.yml
-    secrets: inherit # pass all secrets for the environment
+    if: github.event_name == 'push' || github.event.inputs.skip-tests == 'false'
+    uses: PSDI-UK/psdi-github-workflows-public/.github/workflows/test-all.yml@b4c884a5fbaa96777c26f1ac6d4eac67531e2fc7
+    with:
+      source_dir: psdi_variability_plot
+      require_node: true
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
 
   container-push:
-    uses: ./.github/workflows/job-container-push.yml
+    uses: PSDI-UK/psdi-github-workflows-public/.github/workflows/container-push.yml@b4c884a5fbaa96777c26f1ac6d4eac67531e2fc7
     needs: [test-all]
     # Proceed if test-all was successful or skipped
     if: always() &&  (needs.test-all.result == 'skipped' || needs.test-all.result == 'success')
     with:
       container_tag: ${{ github.sha }}
+      service_name: psdi_variability_plot
+      rel_url_path: /variability-plot
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
 
   # Deploy to Kubernetes Job
   # Requires an environment, which must reflect the target environment as defined in the
@@ -43,11 +50,13 @@ jobs:
     needs: [container-push]
     # Proceed if test-all was successful or skipped
     if: always() && (needs.container-push.result == 'success')
-    # Refer to a specific commit for security against supply-chain attacks
-    uses: PSDI-UK/psdi-variability-plot-deployment/.github/workflows/job-external-deployment.yaml@c4c4fb99ce149625b94cdc57da39ad45b1281748
+    uses: PSDI-UK/psdi-github-workflows-public/.github/workflows/deploy.yml@b4c884a5fbaa96777c26f1ac6d4eac67531e2fc7
     with:
       container_tag: ${{ github.sha }}
+      deployment_repo: psdi-variability-plot-deployment
       environment: development
+      prod: false
     secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
       deployment_app_id: ${{ secrets.DEPLOYMENT_APP_ID }}
       deployment_app_private_key: ${{ secrets.DEPLOYMENT_APP_PRIVATE_KEY }}
diff --git a/.github/workflows/ci-pr.yml b/.github/workflows/ci-pr.yml
@@ -19,9 +19,16 @@ on:
 jobs:
   test-python:
     if: github.event.pull_request.draft == false
-    uses: ./.github/workflows/job-test-python.yml
+    uses: PSDI-UK/psdi-github-workflows-public/.github/workflows/test-python.yml@b4c884a5fbaa96777c26f1ac6d4eac67531e2fc7
+    with:
+      source_dir: psdi_variability_plot
+
   test-gui:
     if: github.event.pull_request.draft == false
-    uses: ./.github/workflows/job-test-gui.yml
+    name: Run a simple test of the gui locally
+    uses: PSDI-UK/psdi-github-workflows-public/.github/workflows/test-gui.yml@b4c884a5fbaa96777c26f1ac6d4eac67531e2fc7
     with:
       simple: true
+      require_node: true
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/ci-rc-hotfix.yml b/.github/workflows/ci-rc-hotfix.yml
@@ -9,10 +9,12 @@ on:
 
 jobs:
   open-pull-request:
-    # Open a PR if the branch isn't release itself
-    if: ${{ github.head_ref || github.ref_name }} != 'release'
-    uses: ./.github/workflows/job-open-pull-request.yml
+    # Open a PR to main if the branch isn't main itself
+    if: ${{ github.head_ref || github.ref_name != 'release' }}
+    uses: PSDI-UK/psdi-github-workflows-public/.github/workflows/open-pull-request.yml@b4c884a5fbaa96777c26f1ac6d4eac67531e2fc7
     with:
       target: release
       # Pass an empty string for args, which disables the default -d flag which creates the PR as a draft
-      args: 
+      args:
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
@@ -12,9 +12,17 @@ on:
 
 jobs:
   test-python:
-    uses: ./.github/workflows/job-test-python.yml
+    uses: PSDI-UK/psdi-github-workflows-public/.github/workflows/test-python.yml@b4c884a5fbaa96777c26f1ac6d4eac67531e2fc7
+    with:
+      source_dir: psdi_variability_plot
+
   test-gui:
-    uses: ./.github/workflows/job-test-gui.yml
+    name: Run full tests of the gui locally
+    uses: PSDI-UK/psdi-github-workflows-public/.github/workflows/test-gui.yml@b4c884a5fbaa96777c26f1ac6d4eac67531e2fc7
+    with:
+      require_node: true
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
 
   # The commented out code below runs a code vulnerability scan on the
   # containerised app. This will not work on the free GitHub plan, since
@@ -31,25 +39,34 @@ jobs:
   #  needs: [test-package, test-gui]
 
   tag:
-    uses: ./.github/workflows/job-tag.yml
     needs: [test-python, test-gui]
+    uses: PSDI-UK/psdi-github-workflows-public/.github/workflows/tag.yml@b4c884a5fbaa96777c26f1ac6d4eac67531e2fc7
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
 
   container-push:
-    uses: ./.github/workflows/job-container-push.yml
+    uses: PSDI-UK/psdi-github-workflows-public/.github/workflows/container-push.yml@b4c884a5fbaa96777c26f1ac6d4eac67531e2fc7
     needs: [tag]
     with:
       container_tag: ${{ needs.tag.outputs.container_tag }}
+      service_name: psdi_variability_plot
+      rel_url_path: /variability-plot
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
 
   # Deploy to Kubernetes Job
   # Requires an environment, which must reflect the target environment as defined in the
   # GitHub repository: https://github.com/PSDI-UK/psdi_variability_plot/settings/environments
   # The downstream deploy job leverages on Environment specific secrets, which also must be defined
   deploy-stfc-staging-k8s:
     needs: [tag, container-push]
-    uses: PSDI-UK/psdi-variability-plot-deployment/.github/workflows/job-external-deployment.yaml@c4c4fb99ce149625b94cdc57da39ad45b1281748
+    uses: PSDI-UK/psdi-github-workflows-public/.github/workflows/deploy.yml@b4c884a5fbaa96777c26f1ac6d4eac67531e2fc7
     with:
       container_tag: ${{ needs.tag.outputs.container_tag }}
+      deployment_repo: psdi-variability-plot-deployment
       environment: staging
+      prod: false
     secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
       deployment_app_id: ${{ secrets.DEPLOYMENT_APP_ID }}
       deployment_app_private_key: ${{ secrets.DEPLOYMENT_APP_PRIVATE_KEY }}
diff --git a/.github/workflows/job-anchore-scan.yml b/.github/workflows/job-anchore-scan.yml
diff --git a/.github/workflows/job-container-push.yml b/.github/workflows/job-container-push.yml
diff --git a/.github/workflows/job-open-pull-request.yml b/.github/workflows/job-open-pull-request.yml
diff --git a/.github/workflows/job-tag.yml b/.github/workflows/job-tag.yml