diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml new file mode 100644 index 0000000..de0daa7 --- /dev/null +++ b/.github/workflows/publish-docker.yml @@ -0,0 +1,54 @@ +name: 🐋 Publish Image + +on: + push: + tags: + - 'v*' + +permissions: + contents: write + attestations: write + packages: write + id-token: write + +jobs: + docker: + runs-on: ubuntu-latest + steps: + build_image: + if: github.repository == 'PCSX2/web-api' + needs: + - cut_release + name: "Build and Publish Image" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@v6 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v2 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 56f2bd9..56b88f9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,11 +19,10 @@ env: permissions: contents: write - attestations: write - packages: write jobs: cut_release: + if: github.repository == 'PCSX2/web-api' name: Cut Release runs-on: ubuntu-latest outputs: @@ -31,7 +30,6 @@ jobs: steps: # Docs - https://github.com/mathieudutour/github-tag-action - name: Bump Version and Push Tag - if: github.repository == 'PCSX2/web-api' id: tag_version uses: mathieudutour/github-tag-action@v6.2 with: @@ -42,56 +40,9 @@ jobs: - name: Create Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: gh release create ${{ steps.tag_version.outputs.new_tag }} --generate-notes --draft --repo ${{ github.repository }} + run: gh release create ${{ steps.tag_version.outputs.new_tag }} --generate-notes --repo ${{ github.repository }} - name: Output new tag id: set_tag run: | - echo "new_tag=${{ steps.tag_version.outputs.new_tag }}" >> $GITHUB_OUTPUT - - build_image: - if: github.repository == 'PCSX2/web-api' - needs: - - cut_release - name: "Build and Publish Image" - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ needs.cut_release.outputs.new_tag }} - - - name: Log in to the Container registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - - name: Build and push Docker image - id: push - uses: docker/build-push-action@v6 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - name: Generate artifact attestation - uses: actions/attest-build-provenance@v2 - with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} - subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true - - - name: Publish Release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - TAG_VAL=${{ needs.cut_release.outputs.new_tag }} - gh release edit ${TAG_VAL} --draft=false --repo open-goal/jak-project \ No newline at end of file + echo "new_tag=${{ steps.tag_version.outputs.new_tag }}" >> $GITHUB_OUTPUT \ No newline at end of file