Split build and release workflows

Author: dmolesUC

.github/workflows/build.yml

@@ -1,8 +1,10 @@
 name: Build
-on: [ push, pull_request, release, workflow_dispatch ]
+on: [ push, pull_request, workflow_dispatch ]
 env:
   REGISTRY: ghcr.io
+
 jobs:
+  # TODO: DRY w/release.yml
   setup:
     runs-on: ubuntu-latest
 
@@ -62,7 +64,7 @@ jobs:
     runs-on: ubuntu-latest
 
     container:
-      image:  ${{ needs.build.outputs.build_image }}
+      image: ${{ needs.build.outputs.build_image }}
 
     defaults:
       run:
@@ -91,7 +93,7 @@ jobs:
           name: artifacts
           path: /opt/app/artifacts/**
 
-  # TODO: DRY push and push-release
+  # TODO: DRY w/release.yml
   push:
     if: github.event_name != 'release'
 
@@ -126,41 +128,3 @@ jobs:
           dst: |
             ${{ steps.meta.outputs.tags }}
 
-  # TODO: DRY push and push-release
-  push-release:
-    if: github.event_name == 'release' && github.event.action == 'published'
-
-    needs: [setup]
-    env:
-      BASE_IMAGE_NAME: ${{ needs.setup.outputs.base_image_name }}
-      BUILD_IMAGE: ${{ needs.setup.outputs.build_image }}
-
-    runs-on: ubuntu-latest
-
-    permissions:
-      packages: write
-
-    steps:
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v3
-        with:
-          images: ${{ env.BASE_IMAGE_NAME }}
-          tags:
-            type=semver,pattern={{major}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{version}}
-
-      - name: Log in to the Container registry
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Tag and push image
-        uses: akhilerm/tag-push-action@v2.0.0
-        with:
-          src: ${{ env.BUILD_IMAGE }}
-          dst: |
-            ${{ steps.meta.outputs.tags }}

.github/workflows/release.yml

@@ -0,0 +1,69 @@
+name: Release
+
+on:
+  release:
+    types:
+      - published
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  # TODO: DRY w/build.yml
+  setup:
+    runs-on: ubuntu-latest
+
+    steps:
+      # See https://github.com/docker/build-push-action/blob/v2.10.0/TROUBLESHOOTING.md#repository-name-must-be-lowercase
+      - name: Sanitize image name
+        uses: actions/github-script@v6
+        id: image-name
+        with:
+          result-encoding: string
+          script: return '${{ env.REGISTRY }}/${{ github.repository }}'.toLowerCase()
+
+      - name: Get short SHA
+        run: |
+          echo SHORT_SHA="${GITHUB_SHA:0:7}" >> $GITHUB_ENV
+
+    outputs:
+      base_image_name: ${{ steps.image-name.outputs.result }}
+      build_image: ${{ steps.image-name.outputs.result }}:${{ env.SHORT_SHA }}
+
+  # TODO: DRY w/build.yml
+  push-release:
+    needs: setup
+    env:
+      BASE_IMAGE_NAME: ${{ needs.setup.outputs.base_image_name }}
+      BUILD_IMAGE: ${{ needs.setup.outputs.build_image }}
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      packages: write
+
+    steps:
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ${{ env.BASE_IMAGE_NAME }}
+          tags:
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{version}}
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Tag and push image
+        uses: akhilerm/tag-push-action@v2.0.0
+        with:
+          src: ${{ env.BUILD_IMAGE }}
+          dst: |
+            ${{ steps.meta.outputs.tags }}