chore: refactor model push job into separate workflow

Signed-off-by: Sam Gammon <sam@elide.ventures>

Author: sgammon

.github/workflows/checks.model.yml

@@ -115,46 +115,6 @@ jobs:
       - name: "Check: Buf Breaking"
         uses: bufbuild/buf-breaking-action@a074e988ee34efcd4927079e79c611f428354c01 # v1.1.3
         continue-on-error: ${{ inputs.ignore_breaking }}
-#        continue-on-error: ${{ contains(github.event.pull_request.labels.*.name, 'ci:buf-breaking-ignore') }}
         with:
           against: https://github.com/elide-dev/elide.git#branch=main
           input: proto
-
-  ##
-  ## Job: Buf Push
-  ##
-  buf-push:
-    name: "Protocol: Push"
-    runs-on: ubuntu-latest
-    if: inputs.push
-    needs: ["buf-lint", "buf-breaking"]
-    defaults:
-      run:
-        shell: bash
-#    if: |
-#      (
-#        github.ref == 'refs/heads/stable' ||
-#        github.ref == 'refs/heads/main' ||
-#        startsWith(github.ref, 'refs/tags/v')
-#      )
-    permissions:
-      contents: "read"
-    steps:
-      - name: "Setup: Harden Runner"
-        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
-        with:
-          egress-policy: audit
-      - name: "Setup: Checkout"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          fetch-depth: 0
-          persist-credentials: false
-      - name: "Setup: Buf"
-        uses: bufbuild/buf-setup-action@382440cdb8ec7bc25a68d7b4711163d95f7cc3aa # v1.28.1
-        with:
-          github_token: ${{ github.token }}
-      - name: "Push: BSR"
-        uses: bufbuild/buf-push-action@a654ff18effe4641ebea4a4ce242c49800728459 # v1.2.0
-        with:
-          buf_token: ${{ secrets.BUF_TOKEN }}
-          input: proto

.github/workflows/job.deploy-model.yml

@@ -0,0 +1,49 @@
+name: Model
+
+"on":
+  workflow_dispatch: {}
+  workflow_call:
+    secrets:
+      BUF_TOKEN:
+        required: true
+
+permissions:
+  contents: read
+
+concurrency:
+  group: "deploy"
+  cancel-in-progress: false
+
+jobs:
+  ##
+  ## Job: Buf Push
+  ##
+  buf-push:
+    name: "Protocol: Push"
+    runs-on: ubuntu-latest
+    if: inputs.push
+    needs: ["buf-lint", "buf-breaking"]
+    defaults:
+      run:
+        shell: bash
+    permissions:
+      contents: "read"
+    steps:
+      - name: "Setup: Harden Runner"
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+      - name: "Setup: Checkout"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+      - name: "Setup: Buf"
+        uses: bufbuild/buf-setup-action@382440cdb8ec7bc25a68d7b4711163d95f7cc3aa # v1.28.1
+        with:
+          github_token: ${{ github.token }}
+      - name: "Push: BSR"
+        uses: bufbuild/buf-push-action@a654ff18effe4641ebea4a4ce242c49800728459 # v1.2.0
+        with:
+          buf_token: ${{ secrets.BUF_TOKEN }}
+          input: proto

.github/workflows/on.pr.yml

@@ -199,6 +199,8 @@ jobs:
       BUF_TOKEN: ${{ secrets.BUF_TOKEN }}
     permissions:
       contents: "read"
+    with:
+      ignore_breaking: ${{ contains(github.event.pull_request.labels.*.name, 'ci:buf-breaking-ignore') }}
 
   ##
   ## Job: Check for Wrapper

.github/workflows/on.push.yml

@@ -38,17 +38,13 @@ jobs:
   ##
   ## Job: Checks for Models
   ##
-  check-model:
-    name: "Checks"
-    uses: ./.github/workflows/checks.model.yml
+  publish-model:
+    name: "Publish"
+    uses: ./.github/workflows/job.deploy-model.yml
     secrets:
       BUF_TOKEN: ${{ secrets.BUF_TOKEN }}
     permissions:
       contents: "read"
-    with:
-      push: true
-      lint: false
-      breakcheck: false
 
   ##
   ## Job: Check for Wrapper