Cleanup and improve robustness of Github actions.

.github/workflows/check-container-build.yml

@@ -1,27 +1,19 @@
 name: Check container build
 
 on:
-  # Triggers the workflow on push or pull request events but only for the "master" branch
   push:
     branches: [ "master" ]
   pull_request:
     branches: [ "master" ]
 
-  # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  # This workflow contains a single job called "build"
   build:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
 
-      # Run the build
       - name: Build the container
         run: docker build .

.github/workflows/check-doc-build.yml

@@ -1,36 +1,31 @@
 name: Check documentation build
 
 on:
-  # Triggers the workflow on push or pull request events but only for the "master" branch
   push:
     branches: [ "master" ]
   pull_request:
     branches: [ "master" ]
 
-  # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  # This workflow contains a single job called "build"
   build:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
 
-      # Run the tests
-      - name: Install dependencies
-        run: sudo apt install build-essential python3-dev libpq-dev libffi-dev libssl-dev libkrb5-dev zlib1g-dev
+      - name: Install platform dependencies
+        run: |
+          sudo apt update
+          sudo apt upgrade -y
+          sudo apt install -y build-essential python3-dev python3-pip libpq-dev libffi-dev libssl-dev libkrb5-dev zlib1g-dev
 
-      - name: Install requirements
-        run: pip install -r requirements.txt
-
-      - name: Install additional Python dependencies
-        run: pip install "pyOpenSSL>=23.*" sphinx sphinxcontrib-youtube
+      - name: Install Python dependencies
+        run: |
+          sudo pip install --upgrade pip
+          sudo pip install -r requirements.txt
+          sudo pip install "pyOpenSSL>=23.*" sphinx sphinxcontrib-youtube
 
       - name: Check the documentation
         run: make docs

.github/workflows/check-epub-build.yml

@@ -1,36 +1,31 @@
 name: Check ePub build
 
 on:
-  # Triggers the workflow on push or pull request events but only for the "master" branch
   push:
     branches: [ "master" ]
   pull_request:
     branches: [ "master" ]
 
-  # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  # This workflow contains a single job called "build"
   build:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
 
-      # Run the tests
-      - name: Install dependencies
-        run: sudo apt install build-essential python3-dev libpq-dev libffi-dev libssl-dev libkrb5-dev zlib1g-dev
+      - name: Install platform dependencies
+        run: |
+          sudo apt update
+          sudo apt upgrade -y
+          sudo apt install -y build-essential python3-dev python3-pip libpq-dev libffi-dev libssl-dev libkrb5-dev zlib1g-dev
 
-      - name: Install requirements
-        run: pip install -r requirements.txt
-
-      - name: Install additional Python dependencies
-        run: pip install "pyOpenSSL>=23.*" sphinx sphinxcontrib-youtube
+      - name: Install Python dependencies
+        run: |
+          sudo pip install --upgrade pip
+          sudo pip install -r requirements.txt
+          sudo pip install "pyOpenSSL>=23.*" sphinx sphinxcontrib-youtube
 
       - name: Check the ePub build
         run: make docs-epub

.github/workflows/check-javascript-style.yml

@@ -1,36 +1,36 @@
 name: Check Javascript style
 
 on:
-  # Triggers the workflow on push or pull request events but only for the "master" branch
   push:
     branches: [ "master" ]
   pull_request:
     branches: [ "master" ]
 
-  # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  # This workflow contains a single job called "build"
   build:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
 
-      # Run the tests
-      - name: Install nodejs
-        run: sudo apt install nodejs
-        
-      - name: Install yarn
+      - name: Install platform dependencies
+        run: |
+          sudo apt update
+          sudo apt upgrade -y
+          sudo apt install -y nodejs npm
+
+      - name: Install Node dependencies
         run: sudo npm install --global yarn
-        
+
       - name: Install Node modules
-        run: cd web && yarn install
+        run: |
+          export CPPFLAGS="-DPNG_ARM_NEON_OPT=0"
+          cd web
+          yarn install
 
       - name: Run the linter
-        run: cd web && yarn run linter
+        run: |
+          cd web
+          yarn run linter

.github/workflows/check-pdf-build.yml

@@ -1,36 +1,31 @@
 name: Check PDF build
 
 on:
-  # Triggers the workflow on push or pull request events but only for the "master" branch
   push:
     branches: [ "master" ]
   pull_request:
     branches: [ "master" ]
 
-  # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  # This workflow contains a single job called "build"
   build:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
 
-      # Run the tests
-      - name: Install dependencies
-        run: sudo apt install build-essential python3-dev libpq-dev libffi-dev libssl-dev libkrb5-dev zlib1g-dev latexmk texlive-latex-recommended tex-gyre texlive-latex-extra
+      - name: Install platform dependencies
+        run: |
+          sudo apt update
+          sudo apt upgrade -y
+          sudo apt install -y build-essential python3-dev python3-pip libpq-dev libffi-dev libssl-dev libkrb5-dev zlib1g-dev latexmk texlive-latex-recommended tex-gyre texlive-latex-extra
 
-      - name: Install requirements
-        run: pip install -r requirements.txt
-
-      - name: Install additional Python dependencies
-        run: pip install "pyOpenSSL>=23.*" sphinx sphinxcontrib-youtube
+      - name: Install Python requirements
+        run: |
+          sudo pip install --upgrade pip
+          sudo pip install -r requirements.txt
+          sudo pip install "pyOpenSSL>=23.*" sphinx sphinxcontrib-youtube
 
       - name: Check the PDF build
         run: make docs-pdf

.github/workflows/check-python-build.yml

@@ -1,36 +1,31 @@
 name: Check Python build
 
 on:
-  # Triggers the workflow on push or pull request events but only for the "master" branch
   push:
     branches: [ "master" ]
   pull_request:
     branches: [ "master" ]
 
-  # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  # This workflow contains a single job called "build"
   build:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
 
-      # Run the tests
-      - name: Install dependencies
-        run: sudo apt install build-essential python3-dev libpq-dev libffi-dev libssl-dev libkrb5-dev zlib1g-dev
+      - name: Install platform dependencies
+        run: |
+          sudo apt update
+          sudo apt upgrade -y
+          sudo apt install -y build-essential python3-dev python3-pip libpq-dev libffi-dev libssl-dev libkrb5-dev zlib1g-dev
 
-      - name: Install requirements
-        run: pip install -r requirements.txt
-
-      - name: Install additional Python dependencies
-        run: pip install "pyOpenSSL>=23.*" sphinx sphinxcontrib-youtube
+      - name: Install Python dependencies
+        run: |
+          sudo pip install --upgrade pip
+          sudo pip install -r requirements.txt
+          sudo pip install "pyOpenSSL>=23.*" sphinx sphinxcontrib-youtube
 
       - name: Check the Python wheel build
         run: make pip

.github/workflows/check-python-style.yml

@@ -1,30 +1,30 @@
 name: Check Python style
 
 on:
-  # Triggers the workflow on push or pull request events but only for the "master" branch
   push:
     branches: [ "master" ]
   pull_request:
     branches: [ "master" ]
 
-  # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  # This workflow contains a single job called "build"
   build:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
 
-      # Run the tests
-      - name: Install pycodestyle
-        run: pip install pycodestyle
+      - name: Install platform dependencies
+        run: |
+          sudo apt update
+          sudo apt upgrade -y
+          sudo apt install -y python3-pip
+
+      - name: Install Python dependencies
+        run: |
+          sudo pip install --upgrade pip
+          sudo pip install pycodestyle
 
       - name: Check the documentation
         run: pycodestyle --config=.pycodestyle docs/
@@ -36,4 +36,4 @@ jobs:
         run: pycodestyle --config=.pycodestyle web/
 
       - name: Check the tools
-        run: pycodestyle --config=.pycodestyle tools/
+        run: pycodestyle --config=.pycodestyle tools/

.github/workflows/check-tarball-build.yml

@@ -1,36 +1,31 @@
 name: Check tarball build
 
 on:
-  # Triggers the workflow on push or pull request events but only for the "master" branch
   push:
     branches: [ "master" ]
   pull_request:
     branches: [ "master" ]
 
-  # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  # This workflow contains a single job called "build"
   build:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
 
-      # Run the tests
-      - name: Install dependencies
-        run: sudo apt install build-essential python3-dev libpq-dev libffi-dev libssl-dev libkrb5-dev zlib1g-dev
+      - name: Install platform dependencies
+        run: |
+          sudo apt update
+          sudo apt upgrade -y
+          sudo apt install -y build-essential python3-dev python3-pip libpq-dev libffi-dev libssl-dev libkrb5-dev zlib1g-dev
 
-      - name: Install requirements
-        run: pip install -r requirements.txt
-
-      - name: Install additional Python dependencies
-        run: pip install "pyOpenSSL>=23.*" sphinx sphinxcontrib-youtube
+      - name: Install Python dependencies
+        run: |
+          sudo pip install --upgrade pip
+          sudo pip install -r requirements.txt
+          sudo pip install "pyOpenSSL>=23.*" sphinx sphinxcontrib-youtube
 
       - name: Check the tarball build
         run: make src

.github/workflows/check-translations.yml

@@ -1,30 +1,25 @@
 name: Check translations
 
 on:
-  # Triggers the workflow on push or pull request events but only for the "master" branch
   push:
     branches: [ "master" ]
   pull_request:
     branches: [ "master" ]
 
-  # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  # This workflow contains a single job called "build"
   build:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
 
-      # Run the tests
-      - name: Install dependencies
-        run: sudo apt install python3-babel
+      - name: Install platform dependencies
+        run: |
+          sudo apt update
+          sudo apt upgrade -y
+          sudo apt install -y python3-babel python3-jinja2
 
       - name: Check we can extract messages
         run: make msg-extract

.github/workflows/sonarqube-scan.yml

@@ -1,36 +1,34 @@
+# This workflow requires the following configuration in Github
+#
+# Variables:
+#   SONARQUBE_PROJECT_KEY - The project key in SonarQube
+#
+# Secrets:
+#   SONARQUBE_TOKEN - SonarQube API token
+#   SONARQUBE_HOST - The URL of the SonarQube host
+
 name: SonarQube scan
 
 on:
-  # Triggers the workflow on push events but only for the "master" branch
   push:
     branches: [ "master" ]
 
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
-
-# Concurrent SonarQube runs can cause problems if they report times out of order
 concurrency:
   group: sonarqube
   cancel-in-progress: false
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-
-  # This workflow contains a single job called "build"
   build:
+    # Only run if the project key is set
     if: vars.SONARQUBE_PROJECT_KEY != null
 
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
-      # Run the scan
       - name: Create the scan properties file
         run: |
           cat <<EOF > sonar-project.properties