atomic-workstation/.github/workflows/build-iso.yml at d9ddadf102a4eb30725cbf66bd7c58f47ba0994b · AlmaLinux/atomic-workstation · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
---
# ba0fde3d-bee7-4307-b97b-17d0d20aff50
name: Build ISO
on:
  workflow_dispatch:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
  cancel-in-progress: true

jobs:
  set-env:
    runs-on: ubuntu-latest
    outputs:
      LATEST_TAG: ${{ steps.set.outputs.LATEST_TAG }}
      REGISTRY: ${{ steps.set.outputs.REGISTRY }}
      REGISTRY_USER: ${{ steps.set.outputs.REGISTRY_USER }}
      PLATFORMS: ${{ steps.set.outputs.PLATFORMS }}
      IMAGE_PATH: ${{ steps.set.outputs.IMAGE_PATH }}
      IMAGE_NAME: ${{ steps.set.outputs.IMAGE_NAME }}
      IMAGE_REF: ${{ steps.set.outputs.IMAGE_REF }}
      IS_SIGNED: ${{ steps.set.outputs.IS_SIGNED }}
    steps:
      - name: Checkout github actions
        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4

      - name: Set environment variables
        uses: ./.github/actions/config
        id: set

  build-iso:
    name: Build ISO
    needs: set-env
    uses: AlmaLinux/atomic-ci/.github/workflows/build-iso.yml@v9
    with:
      image-name: "${{ needs.set-env.outputs.IMAGE_NAME }}"
      image: "${{ needs.set-env.outputs.IMAGE_REF }}:${{ needs.set-env.outputs.LATEST_TAG }}"
      update_origin_ref: "${{ needs.set-env.outputs.IMAGE_REF }}:${{ needs.set-env.outputs.LATEST_TAG }}"
      update_is_signed: ${{ needs.set-env.outputs.IS_SIGNED == 'true' }}
      config-file: ./iso.toml
      platforms: ${{ needs.set-env.outputs.PLATFORMS }}
      REGISTRY: ${{ needs.set-env.outputs.REGISTRY }}
      REGISTRY_USER: ${{ needs.set-env.outputs.REGISTRY_USER }}
      upload-to-github: false
      upload-to-cloudflare: false
      upload-to-s3: true
      s3-path: "${{ needs.set-env.outputs.IMAGE_NAME }}/${{ needs.set-env.outputs.LATEST_TAG }}"
      bucket: "almalinux-atomic"
      aws-default-region: "us-east-1"
    secrets:
      REGISTRY_TOKEN: ${{ secrets.QUAY_PASSWORD }}
      AWS_ROLE_ARN: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/SIG_Atomic_GHA
    permissions:
      id-token: write
      contents: read
      packages: write