Move ISOs to a separate workflow

Author: alexiri

.github/workflows/build-iso.yml

@@ -0,0 +1,74 @@
+---
+name: Build ISO
+on:
+  pull_request:
+  push:
+    branches:
+      - 'main'
+    paths-ignore:
+      - '**/README.md'
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  set-env:
+    runs-on: ubuntu-latest
+    outputs:
+      LATEST_TAG: ${{ steps.set.outputs.LATEST_TAG }}
+      REGISTRY: ${{ steps.set.outputs.REGISTRY }}
+      REGISTRY_USER: ${{ steps.set.outputs.REGISTRY_USER }}
+      PLATFORMS: ${{ steps.set.outputs.PLATFORMS }}
+      IMAGE_PATH: ${{ steps.set.outputs.IMAGE_PATH }}
+      IMAGE_NAME: ${{ steps.set.outputs.IMAGE_NAME }}
+      IS_SIGNED: ${{ steps.set.outputs.IS_SIGNED }}
+    steps:
+      - name: Set environment variables
+        id: set
+        run: |
+          # Pick a latest tag based on the event type
+          if [[ "${{ github.ref }}" != "refs/heads/${{ github.event.repository.default_branch }}" ]]; then
+            echo "LATEST_TAG=${{ github.ref_name }}" >> $GITHUB_OUTPUT
+          else
+            echo "LATEST_TAG=latest" >> $GITHUB_OUTPUT
+          fi
+
+          REGISTRY=ghcr.io
+          REGISTRY_USER=${{ github.actor }}
+          IMAGE_PATH=${{ github.repository_owner }}
+          PLATFORMS="amd64,arm64"
+
+          echo "REGISTRY=${REGISTRY}" >> $GITHUB_OUTPUT
+          echo "REGISTRY_USER=${REGISTRY_USER}" >> $GITHUB_OUTPUT
+          echo "IMAGE_PATH=${IMAGE_PATH}" >> $GITHUB_OUTPUT
+          echo "IMAGE_NAME=${REGISTRY}/${IMAGE_PATH}/${{ github.event.repository.name }}" >> $GITHUB_OUTPUT
+          echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_OUTPUT
+
+          # This is a workaround so that the expansion of secrets.SIGNING_SECRET doesn't break the if statement
+          SECRET=$(cat <<EOF
+          ${{ secrets.SIGNING_SECRET }}
+          EOF
+          )
+          if [ -z "${SECRET}" ]; then
+            echo "IS_SIGNED=false" >> $GITHUB_OUTPUT
+          else
+            echo "IS_SIGNED=true" >> $GITHUB_OUTPUT
+          fi
+
+  build-iso:
+    name: Build ISO
+    needs: [set-env, build-image, test-image]
+    uses: AlmaLinux/desktop-bootc-ci/.github/workflows/build-iso.yml@v3
+    with:
+      image-name: "${{ github.event.repository.name }}"
+      image: ${{ needs.build-image.outputs.image-ref }}@${{ needs.build-image.outputs.digest }}
+      update_origin_ref: "${{ needs.set-env.outputs.IMAGE_NAME }}:${{ needs.set-env.outputs.LATEST_TAG }}"
+      update_is_signed: ${{ needs.set-env.outputs.IS_SIGNED == 'true' }}
+      config-file: ./iso.toml
+      platforms: ${{ needs.set-env.outputs.PLATFORMS }}
+      REGISTRY: ${{ needs.set-env.outputs.REGISTRY }}
+      REGISTRY_USER: ${{ needs.set-env.outputs.REGISTRY_USER }}
+    secrets:
+      REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/build.yml

@@ -106,22 +106,6 @@ jobs:
             ${{ env.IMAGE_REF }} \
             /bin/bash /tmp/test.sh
 
-  build-iso:
-    name: Build ISO
-    needs: [set-env, build-image, test-image]
-    uses: AlmaLinux/desktop-bootc-ci/.github/workflows/build-iso.yml@v3
-    with:
-      image-name: "${{ github.event.repository.name }}"
-      image: ${{ needs.build-image.outputs.image-ref }}@${{ needs.build-image.outputs.digest }}
-      update_origin_ref: "${{ needs.set-env.outputs.IMAGE_NAME }}:${{ needs.set-env.outputs.LATEST_TAG }}"
-      update_is_signed: ${{ needs.set-env.outputs.IS_SIGNED == 'true' }}
-      config-file: ./iso.toml
-      platforms: ${{ needs.set-env.outputs.PLATFORMS }}
-      REGISTRY: ${{ needs.set-env.outputs.REGISTRY }}
-      REGISTRY_USER: ${{ needs.set-env.outputs.REGISTRY_USER }}
-    secrets:
-      REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
   promote-image:
     name: Promote image
     needs: [set-env, build-image, test-image]