---
name: Build ISOs

on:
  workflow_dispatch:
    inputs:
      upload-to-s3:
        description: "Upload to S3"
        required: false
        default: false
        type: boolean
      platform:
        required: true
        type: choice
        options:
          - amd64
          - arm64
  pull_request:
    branches:
      - main
    paths:
      - './iso.toml'
      - './.github/workflows/build-iso.yml'
      - './Justfile'

env:
  IMAGE_REGISTRY: "ghcr.io/${{ github.repository }}"
  DEFAULT_TAG: "latest"

concurrency:
  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
  cancel-in-progress: true

jobs:
  build:
    name: Build ISOs
    runs-on: ${{ inputs.platform == 'amd64' && 'ubuntu-24.04' || 'ubuntu-24.04-arm' }}
    strategy:
      fail-fast: false
    permissions:
      contents: read
      packages: read
      id-token: write

    steps:
      - name: lower case the image registry in case of any capitalization
        run: |
          echo "IMAGE_REGISTRY=${IMAGE_REGISTRY,,}" >> ${GITHUB_ENV}
      
      - name: Install dependencies
        if: inputs.platform == 'arm64'
        run: |
          set -x
          sudo apt update -y
          sudo apt install -y \
            podman

      - name: Maximize build space
        if: inputs.platform != 'arm64'
        uses: ublue-os/remove-unwanted-software@cc0becac701cf642c8f0a6613bbdaf5dc36b259e # v9
        with:
          remove-codeql: true

      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

      - name: Setup Just
        uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3

      - name: Build ISO
        id: build
        uses: ublue-os/bootc-image-builder-action@main
        with:
          bootc-image-builder-image: ghcr.io/centos-workstation/bootc-image-builder:latest
          use-librepo: true
          config-file: ./iso.toml
          image: ${{ env.IMAGE_REGISTRY }}:${{ env.DEFAULT_TAG }}

      - name: Upload ISOs and Checksum to Job Artifacts
        if: inputs.upload-to-s3 != true && github.event_name != 'pull_request'
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
        with:
          path: ${{ steps.build.outputs.output-directory }}
          if-no-files-found: error
          retention-days: 0
          compression-level: 0
          overwrite: true
      
      - name: Upload to S3
        if: inputs.upload-to-s3 == true && github.event_name != 'pull_request'
        shell: bash
        env:
          RCLONE_CONFIG_S3_TYPE: s3
          RCLONE_CONFIG_S3_PROVIDER: ${{ secrets.S3_PROVIDER }}
          RCLONE_CONFIG_S3_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY_ID }}
          RCLONE_CONFIG_S3_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_ACCESS_KEY }}
          RCLONE_CONFIG_S3_REGION: ${{ secrets.S3_REGION }}
          RCLONE_CONFIG_S3_ENDPOINT: ${{ secrets.S3_ENDPOINT }}
          SOURCE_DIR: ${{ steps.build.outputs.output-directory }}
        run: |
          sudo apt-get update
          sudo apt-get install -y rclone
          rclone copy $SOURCE_DIR S3:${{ secrets.S3_BUCKET_NAME }}