Add workflow_run to trigger all workflows again after formatting

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/loculus-project/loculus?shareId=XXXX-XXXX-XXXX-XXXX).

backend/.github/workflows/backend-image.yml

@@ -0,0 +1,112 @@
+name: backend-image
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      build_arm:
+        type: boolean
+        description: "Build for ARM as well"
+        default: false
+        required: false
+  workflow_call:
+    inputs:
+      build_arm:
+        type: string
+        description: "Build for ARM as well"
+        default: "false"
+        required: true
+  workflow_run:
+    workflows: ["Format website code"]
+    types:
+      - completed
+env:
+  DOCKER_IMAGE_NAME: ghcr.io/loculus-project/backend
+  BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
+  BUILD_ARM: ${{ github.event.inputs.build_arm || inputs.build_arm || github.ref == 'refs/heads/main' }}
+  sha: ${{ github.event.pull_request.head.sha || github.sha }}
+concurrency:
+  group: ci-${{ github.ref == 'refs/heads/main' && github.run_id || github.ref }}-backend
+  cancel-in-progress: true
+jobs:
+  backend-image:
+    name: Build Backend Docker Image # Don't change: Referenced by .github/workflows/update-argocd-metadata.yml
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    env:
+      DOCKER_IMAGE_NAME: ghcr.io/loculus-project/backend
+    permissions:
+      packages: write
+      contents: read
+      checks: read
+    steps:
+      - name: Shorten sha
+        run: echo "sha=${sha::7}" >> $GITHUB_ENV
+      - uses: actions/checkout@v4
+      - name: Add filename hash to environment
+        run: |
+          # This needs to be a separate step because hashFiles is done before the run steps
+          find backend -type f -print | sort | sha256sum > backend/filename_hash
+          cat backend/filename_hash
+      - name: Generate files hash
+        id: files-hash
+        run: |
+          DIR_HASH=$(echo -n ${{ hashFiles('backend/**', '.github/workflows/backend-image.yml') }})
+          echo "DIR_HASH=$DIR_HASH${{ env.BUILD_ARM == 'true' && '-arm' || '' }}" >> $GITHUB_ENV
+          rm backend/filename_hash
+      - name: Setup Docker metadata
+        id: dockerMetadata
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.DOCKER_IMAGE_NAME }}
+          tags: |
+            type=raw,value=${{ env.DIR_HASH }}
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+            type=raw,value=commit-${{ env.sha }}
+            type=raw,value=${{ env.BRANCH_NAME }}
+            type=raw,value=${{ env.BRANCH_NAME }}-arm,enable=${{ env.BUILD_ARM }}
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Check if image exists
+        id: check-image
+        run: |
+          EXISTS=$(docker manifest inspect ${{ env.DOCKER_IMAGE_NAME }}:${{ env.DIR_HASH }} > /dev/null 2>&1 && echo "true" || echo "false")
+          echo "CACHE_HIT=$EXISTS" >> $GITHUB_ENV
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Set up JDK
+        if: env.CACHE_HIT == 'false'
+        uses: actions/setup-java@v4
+        with:
+          java-version: "21"
+          distribution: "adopt"
+      - name: Setup Gradle
+        if: env.CACHE_HIT == 'false'
+        uses: gradle/actions/setup-gradle@v4
+      - name: Build Backend
+        if: env.CACHE_HIT == 'false'
+        working-directory: ./backend
+        run: ./gradlew bootJar
+      - name: Build and push image if input files changed
+        if: env.CACHE_HIT == 'false'
+        uses: docker/build-push-action@v6
+        with:
+          context: ./backend
+          push: true
+          tags: ${{ steps.dockerMetadata.outputs.tags }}
+          cache-from: type=gha,scope=backend-${{ github.ref }}
+          cache-to: type=gha,mode=max,scope=backend-${{ github.ref }}
+          platforms: ${{ env.BUILD_ARM == 'true' && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
+      - name: Retag and push existing image if cache hit
+        if: env.CACHE_HIT == 'true'
+        run: |
+          TAGS=(${{ steps.dockerMetadata.outputs.tags }})
+          for TAG in "${TAGS[@]}"; do
+            docker buildx imagetools create --tag $TAG ${{ env.DOCKER_IMAGE_NAME }}:${{ env.DIR_HASH }}
+          done

backend/.github/workflows/backend-tests.yml

@@ -0,0 +1,50 @@
+name: backend-tests
+on:
+  pull_request:
+    paths:
+      - "backend/**"
+      - ".github/workflows/backend-tests.yml"
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+  workflow_run:
+    workflows: ["Format website code"]
+    types:
+      - completed
+concurrency:
+  group: ci-${{ github.ref == 'refs/heads/main' && github.run_id || github.ref }}-backend-tests
+  cancel-in-progress: true
+jobs:
+  Tests:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    env:
+      CROSSREF_USERNAME: ${{ secrets.CROSSREF_USERNAME }}
+      CROSSREF_PASSWORD: ${{ secrets.CROSSREF_PASSWORD }}
+      CROSSREF_ENDPOINT: ${{ secrets.CROSSREF_ENDPOINT }}
+      CROSSREF_DOI_PREFIX: ${{ secrets.CROSSREF_DOI_PREFIX }}
+    steps:
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN_READ_PUBLIC }}
+      - uses: actions/checkout@v4
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: "21"
+          distribution: "adopt"
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+      - name: Execute Tests
+        uses: nick-fields/retry@v3
+        with:
+          command: cd ./backend && ./gradlew test
+          max_attempts: 3
+          timeout_minutes: 10
+          retry_wait_seconds: 1
+      - name: Check Format And Lint
+        run: ./gradlew ktlintCheck
+        working-directory: ./backend

backend/.github/workflows/build-arm-images.yaml

@@ -0,0 +1,49 @@
+# Trigger a build of all docker images including ARM images
+
+on:
+  workflow_dispatch:
+permissions:
+  contents: read
+  packages: write
+  checks: read
+workflow_run:
+  workflows: ["Format website code"]
+  types:
+    - completed
+jobs:
+  trigger-backend:
+    uses: ./.github/workflows/backend-image.yml
+    with:
+      build_arm: true
+  trigger-config-preprocessor:
+    uses: ./.github/workflows/config-preprocessor-image.yml
+    with:
+      build_arm: true
+  trigger-dummy-preprocessing:
+    uses: ./.github/workflows/preprocessing-dummy-image.yml
+    with:
+      build_arm: true
+  trigger-ingest:
+    uses: ./.github/workflows/ingest-image.yml
+    with:
+      build_arm: true
+  trigger-ena-submission:
+    uses: ./.github/workflows/ena-submission-image.yaml
+    with:
+      build_arm: true
+  trigger-ena-submission-flyway:
+    uses: ./.github/workflows/ena-submission-flyway-image.yaml
+    with:
+      build_arm: true
+  trigger-keycloakify:
+    uses: ./.github/workflows/keycloakify-image.yml
+    with:
+      build_arm: true
+  trigger-preprocessing-nextclade:
+    uses: ./.github/workflows/preprocessing-nextclade-image.yml
+    with:
+      build_arm: true
+  trigger-website:
+    uses: ./.github/workflows/website-image.yml
+    with:
+      build_arm: true

backend/.github/workflows/clean-cache-post-merge.yml

@@ -0,0 +1,54 @@
+# Copied from
+# https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#usage-limits-and-eviction-policy
+name: cleanup caches by a branch
+on:
+  pull_request_target:
+    types:
+      - closed
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: "Branch name"
+        required: false
+        default: ""
+  workflow_run:
+    workflows: ["Format website code"]
+    types:
+      - completed
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      actions: write
+    steps:
+      - name: Setup Branch Name
+        id: setup-branch
+        run: |
+          if [ "${{ github.event.inputs.branch }}" != "" ]; then
+            echo "branch=${{ github.event.inputs.branch }}" >> $GITHUB_OUTPUT
+          elif [ "${{ github.head_ref }}" != "" ]; then
+            echo "branch=${{ github.head_ref }}" >> $GITHUB_OUTPUT
+          else
+            echo "branch=${{ github.ref_name }}" >> $GITHUB_OUTPUT
+          fi
+      - name: Cleanup
+        run: |
+          gh extension install actions/gh-actions-cache
+
+          echo "Fetching list of cache key"
+          cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 )
+
+          ## Setting this to not fail the workflow while deleting cache keys.
+          set +e
+          echo "Deleting caches..."
+          for cacheKey in $cacheKeysForPR
+          do
+              echo "Deleting $cacheKey"
+              gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
+          done
+          echo "Done"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO: ${{ github.repository }}
+          BRANCH: ${{ steps.setup-branch.outputs.branch }}

backend/.github/workflows/codeql.yml

@@ -0,0 +1,66 @@
+name: "CodeQL Advanced"
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  schedule:
+    - cron: '26 9 * * 2' # Run on Tuesday mornings, in addition to PRs
+  workflow_run:
+    workflows: ["Format website code"]
+    types:
+      - completed
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: 'ubuntu-latest'
+    permissions:
+      # required for all workflows
+      security-events: write
+      # required to fetch internal or private CodeQL packs
+      packages: read
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: java-kotlin
+            build-mode: manual
+          - language: javascript-typescript
+            build-mode: none
+          - language: python
+            build-mode: none
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+      - if: matrix.language == 'java-kotlin' && matrix.build-mode == 'manual'
+        name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: "21"
+          distribution: "adopt"
+      - if: matrix.language == 'java-kotlin' && matrix.build-mode == 'manual'
+        name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+      - if: matrix.language == 'java-kotlin' && matrix.build-mode == 'manual'
+        shell: bash
+        run: |
+          cd backend
+          export JAVA_OPTS="-Xmx4096m"
+          ./gradlew --no-daemon -Dorg.gradle.jvmargs=-Xmx1g build --info --stacktrace -x ktlintCheck -x test
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"