ci: adopt centralized actions from github-actions repo

.github/workflows/build-and-publish-image.yaml

@@ -41,7 +41,7 @@ jobs:
 
       - name: Login to GHCR
         if: github.event_name != 'pull_request'
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | podman login ghcr.io -u ${{ github.actor }} --password-stdin
+        uses: tankdonut/github-actions/actions/ghcr-login@v1
 
       - name: Build and Push Container
         if: github.event_name != 'pull_request'

.github/workflows/bump-tool-versions.yaml

@@ -35,9 +35,7 @@ jobs:
       - run: uv sync
 
       - name: Configure git
-        run: |
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+        uses: tankdonut/github-actions/actions/git-bot-config@v1
 
       - name: Run Update Automation
         run: |

.github/workflows/lint-and-test.yaml

@@ -6,39 +6,17 @@ on:
     branches:
       - main
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
 jobs:
   pre-commit:
-    permissions:
-      contents: read
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v6
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
-      - name: Cache asdf Tools
-        uses: actions/cache@v5
-        id: cache-asdf
-        with:
-          path: ~/.asdf
-          key: asdf-${{ runner.os }}-${{ hashFiles('.tool-versions') }}
-
-      - name: Install Dependencies via asdf
-        uses: asdf-vm/actions/install@v4
-
-      - name: Install Python Dependencies
-        run: uv sync
-
-      - name: Cache pre-commit hooks
-        uses: actions/cache@v5
-        with:
-          path: ~/.cache/pre-commit
-          key: pre-commit-${{ hashFiles('.tool-versions', '.pre-commit-config.yaml') }}
-
       - name: Execute pre-commit
-        run: uv run pre-commit run --show-diff-on-failure --color=always --all-files
+        uses: tankdonut/github-actions/actions/pre-commit@v1
+        with:
+          install_uv_deps: "true"
+          uv_sync_args: "--group dev"
+          extra_args: "--show-diff-on-failure --color=always"

.github/workflows/prune-ghcr-images.yaml

@@ -8,17 +8,14 @@ on:
 env:
   SEMVER_REGEX: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$
 
+permissions:
+  packages: write
+
 jobs:
-  cleanup-ghcr:
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write # Required to delete images
-    steps:
-      - name: Cleanup Stale GHCR Images
-        uses: dataaxiom/ghcr-cleanup-action@cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4
-        with:
-          package: ${{ github.event.repository.name }}
-          keep-n-tagged: 10
-          exclude-tags: v.*,latest,${{ github.event.repository.default_branch }},${{ env.SEMVER_REGEX }}
-          delete-untagged: true
-          use-regex: true
+  prune:
+    uses: tankdonut/github-actions/.github/workflows/prune-ghcr.yaml@v1
+    with:
+      packages: '["${{ github.event.repository.name }}"]'
+      exclude-tags: "v.*,latest,${{ github.event.repository.default_branch }},${{ env.SEMVER_REGEX }}"
+      keep-n-tagged: "10"
+    secrets: inherit

.github/workflows/release.yaml

@@ -153,14 +153,18 @@ jobs:
           pyproject.write_text(content)
           "
 
+      - name: Configure git
+        if: >-
+          steps.check-version-changes.outputs.has_changes == 'true' &&
+          steps.idempotency.outputs.skip != 'true'
+        uses: tankdonut/github-actions/actions/git-bot-config@v1
+
       - name: Commit and push changes
         if: >-
           steps.check-version-changes.outputs.has_changes == 'true' &&
           steps.idempotency.outputs.skip != 'true'
         run: |
           TAG="${{ steps.calver.outputs.calver_tag }}"
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
           git add CHANGELOG.md pyproject.toml
           git commit -m "chore: release ${TAG}"
           git push origin main
@@ -175,6 +179,14 @@ jobs:
             | tar -xzf - crane
           sudo mv crane /usr/local/bin/crane
 
+      - name: Login to GHCR
+        if: >-
+          steps.check-version-changes.outputs.has_changes == 'true' &&
+          steps.idempotency.outputs.skip != 'true'
+        uses: tankdonut/github-actions/actions/ghcr-login@v1
+        with:
+          runtime: "crane"
+
       - name: Tag container image
         if: >-
           steps.check-version-changes.outputs.has_changes == 'true' &&
@@ -185,7 +197,6 @@ jobs:
           IMAGE="ghcr.io/${{ github.repository }}"
           TAG="${{ steps.calver.outputs.calver_tag }}"
           DIGEST="${{ github.sha }}"
-          echo "${GITHUB_TOKEN}" | crane auth login ghcr.io -u "${{ github.actor }}" --password-stdin
           for i in $(seq 1 10); do
             if crane digest "${IMAGE}@${DIGEST}" 2>/dev/null; then
               echo "Image found, tagging..."

.gitignore

@@ -188,4 +188,4 @@ cython_debug/
 
 # oh-my-openagent
 #  Orchestration state, plans, and notepads for AI agent workflows
-.sisyphus/
+.omo/