Automate ER diagram generation and chain docs deployment

.github/workflows/codacy.yml

@@ -36,11 +36,11 @@ jobs:
     steps:
       # Checkout the repository to the GitHub Actions runner
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
       - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
+        uses: codacy/codacy-analysis-cli-action@562ee3e92b8e92df8b67e0a5ff8aa8e261919c08 # v4.4.7
         with:
           # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
           # You can also omit the token and run the tools that support default configurations

.github/workflows/codeql.yml

@@ -56,7 +56,7 @@ jobs:
         # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/deploy_docs_github_pages.yml

@@ -1,6 +1,10 @@
 name: Deploy Documentation to GitHub Pages
 
 on:
+  workflow_run:
+    workflows: ["Test Database"]
+    types: [completed]
+    branches: [main]
   push:
     branches:
       - main
@@ -10,6 +14,7 @@ permissions:
   contents: read
   pages: write
   id-token: write
+  actions: read
 
 concurrency:
   group: "pages"
@@ -18,6 +23,10 @@ concurrency:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: >
+      github.event_name == 'push' ||
+      github.event_name == 'workflow_dispatch' ||
+      (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success')
     steps:
       - name: Checkout code
         uses: actions/checkout@v6
@@ -28,18 +37,18 @@ jobs:
           sudo apt-get install -y libcairo2-dev libpango1.0-dev
 
       - name: Install uv
-        uses: astral-sh/setup-uv@v7
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
         with:
           enable-cache: true
 
       - name: Configure GitHub Pages
-        uses: actions/configure-pages@v5
+        uses: actions/configure-pages@v6
 
       - name: Build documentation
         run: uvx --python 3.12 --with "mkdocs-material[imaging]" "mkdocs<2" build --site-dir _site
 
       - name: Upload Pages artifact
-        uses: actions/upload-pages-artifact@v4
+        uses: actions/upload-pages-artifact@v5
         with:
           path: _site
 
@@ -52,4 +61,4 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v4
+        uses: actions/deploy-pages@v5

.github/workflows/deploy_docs_naoj.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: [self-hosted, pfs-etc]
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Set up Python and build docs with uv
         run: |

.github/workflows/test_database.yml

@@ -5,10 +5,15 @@ on:
     branches: [main]
   push:
     branches: [main]
+    paths-ignore:
+      - 'diagrams/**'
+      - 'docs/tbls/**'
 
 jobs:
   test:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
 
     services:
       postgres:
@@ -27,13 +32,15 @@ jobs:
           --health-retries 5
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up tbls
-        uses: k1low/setup-tbls@v1
+        uses: k1low/setup-tbls@f25e3d013a596865b2db90dac7ee19e9f15b5780 # v1.4.0
 
       - name: Install uv
-        uses: astral-sh/setup-uv@v4
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
         with:
           enable-cache: true
 
@@ -142,9 +149,47 @@ jobs:
         run: |
           uv run pfs-targetdb-cli update-catalog-active 1004 true -c ~/.pfs/test_db_config.toml --verbose --commit
 
-      - name: Generate ER diagram
-        run: |
-          uv run pfs-targetdb-cli diagram -c ~/.pfs/test_db_config.toml --generator tbls --output-dir ./diagram-test
+      - name: Generate tbls ER diagram
+        run: |
+          uv run pfs-targetdb-cli diagram \
+            -c ~/.pfs/test_db_config.toml \
+            --generator tbls \
+            --output-dir docs/tbls
+
+      - name: Generate SchemaCrawler ER diagram
+        run: |
+          docker run \
+            --network host \
+            --user "$(id -u):$(id -g)" \
+            --mount type=bind,source="${GITHUB_WORKSPACE}",target=/home/schcrwlr \
+            --rm \
+            schemacrawler/schemacrawler:v16.22.2 \
+            /opt/schemacrawler/bin/schemacrawler.sh \
+            --server=postgresql \
+            --host=localhost \
+            --port=5432 \
+            --database=test_targetdb \
+            --schemas=public \
+            --user=postgres \
+            --password=postgres \
+            --info-level=standard \
+            --command=schema \
+            --output-format=pdf \
+            --output-file=/home/schcrwlr/diagrams/erdiagram_targetdb_latest.pdf \
+            --title="PFS Target Database" \
+            --portable-names
+
+      - name: Commit and push updated ER diagrams
+        if: github.event_name == 'push'
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add docs/tbls/ diagrams/
+          git diff --staged --quiet || (
+            git commit -m "chore: update ER diagrams [skip ci]" &&
+            git pull --rebase origin main &&
+            git push origin main
+          )
 
       #   - name: Run tests
       #     run: |

.github/workflows/update-copyright.yml

@@ -76,7 +76,7 @@ jobs:
 
       - name: Create Pull Request
         if: steps.check_changes.outputs.has_changes == 'true'
-        uses: peter-evans/create-pull-request@v8
+        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: "chore: update copyright year to ${{ steps.year.outputs.current_year }}"