From fd61703ebd250ed1c1506927d379ac3c39dd382a Mon Sep 17 00:00:00 2001 From: Yosh Date: Wed, 12 Mar 2025 11:32:38 +0100 Subject: [PATCH 1/2] Publish a `:latest` tag --- .github/workflows/publish.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e6143bb..9c87a29 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -79,7 +79,7 @@ jobs: - name: Normalize COMPONENT_NAME and Append .wasm run: echo "COMPONENT_NAME_UNDERSCORED=${COMPONENT_NAME//-/_}.wasm" >> $GITHUB_ENV - - name: Publish to GitHub Container Registry + - name: Publish `:` to GitHub Container Registry if: github.event_name != 'workflow_dispatch' id: publish uses: bytecodealliance/wkg-github-action@v5 @@ -92,6 +92,19 @@ jobs: homepage: ${{ env.COMPONENT_HOMEPAGE }} licenses: ${{ env.COMPONENT_LICENSES }} + - name: Publish `:latest` release to GitHub Container Registry + if: github.event_name != 'workflow_dispatch' + id: publish + uses: bytecodealliance/wkg-github-action@v5 + with: + file: target/wasm32-wasip1/release/${{ env.COMPONENT_NAME_UNDERSCORED }} + oci-reference-without-tag: ghcr.io/${{ env.IMAGE_NAME }}/${{ env.COMPONENT_NAME }} + version: latest + description: ${{ env.COMPONENT_DESCRIPTION }} + source: ${{ env.COMPONENT_SOURCE }} + homepage: ${{ env.COMPONENT_HOMEPAGE }} + licenses: ${{ env.COMPONENT_LICENSES }} + - name: Sign the wasm component if: github.event_name != 'workflow_dispatch' run: cosign sign --yes ghcr.io/${{ env.IMAGE_NAME }}/${{ env.COMPONENT_NAME }}@${{ steps.publish.outputs.digest }} From 564297693b643f2a877450033a777f37c7e83b1a Mon Sep 17 00:00:00 2001 From: Yosh Date: Wed, 12 Mar 2025 11:35:44 +0100 Subject: [PATCH 2/2] Fix component signing --- .github/workflows/publish.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9c87a29..f2a2c6d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -81,7 +81,7 @@ jobs: - name: Publish `:` to GitHub Container Registry if: github.event_name != 'workflow_dispatch' - id: publish + id: publish_versioned uses: bytecodealliance/wkg-github-action@v5 with: file: target/wasm32-wasip1/release/${{ env.COMPONENT_NAME_UNDERSCORED }} @@ -92,9 +92,13 @@ jobs: homepage: ${{ env.COMPONENT_HOMEPAGE }} licenses: ${{ env.COMPONENT_LICENSES }} + - name: Sign the versioned wasm component + if: github.event_name != 'workflow_dispatch' + run: cosign sign --yes ghcr.io/${{ env.IMAGE_NAME }}/${{ env.COMPONENT_NAME }}@${{ steps.publish_versioned.outputs.digest }} + - name: Publish `:latest` release to GitHub Container Registry if: github.event_name != 'workflow_dispatch' - id: publish + id: publish_latest uses: bytecodealliance/wkg-github-action@v5 with: file: target/wasm32-wasip1/release/${{ env.COMPONENT_NAME_UNDERSCORED }} @@ -105,6 +109,7 @@ jobs: homepage: ${{ env.COMPONENT_HOMEPAGE }} licenses: ${{ env.COMPONENT_LICENSES }} - - name: Sign the wasm component + - name: Sign the latest wasm component if: github.event_name != 'workflow_dispatch' - run: cosign sign --yes ghcr.io/${{ env.IMAGE_NAME }}/${{ env.COMPONENT_NAME }}@${{ steps.publish.outputs.digest }} + run: cosign sign --yes ghcr.io/${{ env.IMAGE_NAME }}/${{ env.COMPONENT_NAME }}@${{ steps.publish_latest.outputs.digest }} +