CI: Add GHA for verification

Issue-ID: CIMAN-33
Signed-off-by: Jessica Wagantall <>
Change-Id: I73239abdb7f227e81dbf357279426d150fa8f346
diff --git a/.github/workflows/gerrit-verify.yaml b/.github/workflows/gerrit-verify.yaml
new file mode 100644
index 0000000..7ef90b2
--- /dev/null
+++ b/.github/workflows/gerrit-verify.yaml
@@ -0,0 +1,140 @@
+name: Gerrit Verify
+# yamllint disable-line rule:truthy
+  workflow_dispatch:
+    inputs:
+        description: "Branch that change is against"
+        required: true
+        type: string
+        description: "The ID for the change"
+        required: true
+        type: string
+        description: "The Gerrit number"
+        required: true
+        type: string
+        description: "URL to the change"
+        required: true
+        type: string
+        description: "Type of Gerrit event"
+        required: true
+        type: string
+        description: "The patch number for the change"
+        required: true
+        type: string
+        description: "The revision sha"
+        required: true
+        type: string
+        description: "Project in Gerrit"
+        required: true
+        type: string
+        description: "Gerrit refspec of change"
+        required: true
+        type: string
+  group: ${{ github.event.inputs.GERRIT_CHANGE_ID || github.run_id }}
+  cancel-in-progress: true
+  prepare:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clear votes
+        uses: lfit/gerrit-review-action@v0.3
+        with:
+          host: ${{ vars.GERRIT_SERVER }}
+          username: ${{ vars.GERRIT_SSH_USER }}
+          key: ${{ secrets.GERRIT_SSH_PRIVKEY }}
+          known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
+          gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }}
+          gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }}
+          vote-type: clear
+      - name: Allow replication
+        run: sleep 10s
+  # run pre-commit tox env separately to get use of more parallel processing
+  pre-commit:
+    needs: prepare
+    runs-on: ubuntu-latest
+    steps:
+      - uses: lfit/checkout-gerrit-change-action@v0.2
+        with:
+          gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
+          delay: "0s"
+      - uses: actions/setup-python@v4
+        with:
+          python-version: "3.11"
+      - name: Run static analysis and format checkers
+        run: pipx run tox -e pre-commit
+  tox:
+    needs: prepare
+    runs-on: ubuntu-latest
+    steps:
+      - uses: lfit/checkout-gerrit-change-action@v0.2
+        with:
+          gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
+          delay: "0s"
+      - uses: actions/setup-python@v4
+        id: setup-python
+        with:
+          python-version: "3.11"
+      - name: Run tests
+        run: >-
+          TOX_SKIP_ENV=pre-commit pipx run tox
+  jjb-validation:
+    needs: prepare
+    runs-on: ubuntu-latest
+    steps:
+      - uses: lfit/checkout-gerrit-change-action@v0.2
+        with:
+          gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
+          delay: "0s"
+      - uses: actions/setup-python@v4
+        id: setup-python
+        with:
+          python-version: "3.11"
+      - name: Run JJB Verify
+        run: |
+          python -m pip install --upgrade pip
+          pip install jenkins-job-builder
+          mkdir -p "${HOME}/.config/jenkins_jobs"
+          cat << EOF > "${HOME}/.config/jenkins_jobs/jenkins_jobs.ini"
+          [job_builder]
+          ignore_cache=True
+          keep_descriptions=False
+          include_path=.
+          recursive=True
+          query_plugins_info=False
+          config-xml=True
+          EOF
+          jenkins-jobs test -o archives/job-configs jjb/
+  vote:
+    if: ${{ always() }}
+    needs: [prepare, pre-commit, tox, jjb-validation]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: technote-space/workflow-conclusion-action@v3
+      - name: Set vote
+        uses: lfit/gerrit-review-action@v0.3
+        with:
+          host: ${{ vars.GERRIT_SERVER }}
+          username: ${{ vars.GERRIT_SSH_USER }}
+          key: ${{ secrets.GERRIT_SSH_PRIVKEY }}
+          known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
+          gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }}
+          gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }}
+          vote-type: ${{ env.WORKFLOW_CONCLUSION }}