Edit test-release and release workflows

CoinFabrik · Jun 18, 2024 · 7de053e · 7de053e
1 parent 73b1319
commit 7de053e
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 9 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,6 +7,8 @@ on:
 
 env:
   PYTHONUNBUFFERED: 1
+  REGISTRY: coinfabrik
+  IMAGE_NAME: scout
 
 jobs:
   filter-paths:
@@ -35,8 +37,8 @@ jobs:
             clippy_config:
               - 'scout-audit-clippy-config/**'
 
-  release:
-    name: Release
+  crates-release:
+    name: Release to crates.io
     needs: filter-paths
     runs-on: ubuntu-latest
     steps:
@@ -71,3 +73,53 @@ jobs:
       - name: Publish Clippy Config
         if: ${{ needs.filter-paths.outputs.clippy-config == 'true' }}
         run: python scripts/publish-to-crates-io.py --crate-path scout-audit-clippy-config
+
+  docker-release:
+    name: Release to Docker Hub
+    runs-on: ubuntu-latest
+    needs: filter-paths
+    if: ${{ needs.filter-paths.outputs.scout-audit == 'true' }}
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+      id-token: write
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Get scout version
+        id: scout-version
+        run: |
+          version=$(cat apps/cargo-scout-audit/Cargo.toml | grep '^version' | head -1 | awk -F '"' '{print $2}')
+          echo "Version extracted: $version"
+          echo "version=$version" >> $GITHUB_OUTPUT
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build Docker image
+        id: push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          cache-from: type=gha
+          cache-to: type=gha
+          push: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ steps.scout-version.outputs.version }},
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:latest
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
diff --git a/.github/workflows/test-release.yml b/.github/workflows/test-release.yml
@@ -118,12 +118,6 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
       - name: Build Docker image
         id: push
         uses: docker/build-push-action@v5
@@ -132,7 +126,7 @@ jobs:
           file: ./Dockerfile
           cache-from: type=gha
           cache-to: type=gha
-          push: true
+          push: false
           tags: |
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ steps.scout-version.outputs.version }},
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:latest