fix(ci): updates existing ci job to work with new docker publishing. (#30)

2025-12-21 13:23:14 +01:00 · 2024-06-19 20:05:28 -04:00
parent b4f7d2152a
commit dd1c09fe0c
5 changed files with 2 additions and 180 deletions
--- a/.github/workflows/binaries-publish.yaml
+++ b/.github/workflows/binaries-publish.yaml
@@ -1,12 +1,8 @@
-name: Publish Release
+name: Publish Release Binaries

 on:
  push:
-    tags:
-      - v*
-
-env:
-  FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+    tags: [ 'v*.*.*' ]

 jobs:
  backend-tests:
@@ -49,29 +45,3 @@ jobs:
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-  publish-tag:
-    name: "Publish Tag"
-    uses: sysadminsmedia/homebox/.github/workflows/partial-publish.yaml@main
-    with:
-      release: true
-      tag: ${{ github.ref_name }}
-    secrets:
-      GH_TOKEN: ${{ secrets.CR_PAT }}
-
-  deploy-docs:
-    name: Deploy docs
-    needs:
-      - publish-tag
-      - goreleaser
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout main
-        uses: actions/checkout@v4
-
-      - name: Deploy docs
-        uses: mhausenblas/mkdocs-deploy-gh-pages@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          CONFIG_FILE: docs/mkdocs.yml
-          EXTRA_PACKAGES: build-base
--- a/.github/workflows/docker-publish-rootless.yaml
+++ b/.github/workflows/docker-publish-rootless.yaml
@@ -88,21 +88,6 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max

-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          TAGS: ${{ steps.metadata.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
-
      - name: Attest
        uses: actions/attest-build-provenance@v1
        id: attest
--- a/.github/workflows/docker-publish.yaml
+++ b/.github/workflows/docker-publish.yaml
@@ -85,21 +85,6 @@ jobs:
          platforms: linux/amd64,linux/arm64,linux/arm/v7
          cache-from: type=gha
          cache-to: type=gha,mode=max
-
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          TAGS: ${{ steps.meta.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
        
      - name: Attest
        uses: actions/attest-build-provenance@v1
--- a/.github/workflows/partial-publish.yaml
+++ b/.github/workflows/partial-publish.yaml
@@ -1,89 +0,0 @@
-name: Frontend / E2E
-
-on:
-  workflow_call:
-    inputs:
-      tag:
-        required: true
-        type: string
-      release:
-        required: false
-        type: boolean
-        default: false
-
-    secrets:
-      GH_TOKEN:
-        required: true
-
-jobs:
-  publish:
-    name: "Publish Homebox"
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: "1.20"
-
-      - name: Set up QEMU
-        id: qemu
-        uses: docker/setup-qemu-action@v3
-        with:
-          image: tonistiigi/binfmt:latest
-          platforms: all
-
-      - name: install buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          install: true
-
-      - name: login to container registry
-        run: docker login ghcr.io --username hay-kot --password $CR_PAT
-        env:
-          CR_PAT: ${{ secrets.GH_TOKEN }}
-
-      - name: build nightly image
-        if: ${{ inputs.release == false }}
-        run: |
-          docker build --push --no-cache \
-            --tag=ghcr.io/sysadminsmedia/homebox:${{ inputs.tag }} \
-            --build-arg=COMMIT=$(git rev-parse HEAD) \
-            --build-arg=BUILD_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
-            --platform=linux/amd64,linux/arm64,linux/arm/v7 .
-
-      - name: build nightly-rootless image
-        if: ${{ inputs.release == false }}
-        run: |
-          docker build --push --no-cache \
-            --tag=ghcr.io/sysadminsmedia/homebox:${{ inputs.tag }}-rootless \
-            --build-arg=COMMIT=$(git rev-parse HEAD) \
-            --build-arg=BUILD_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
-            --file Dockerfile.rootless \
-            --platform=linux/amd64,linux/arm64,linux/arm/v7 .
-
-      - name: build release tagged the image
-        if: ${{ inputs.release == true }}
-        run: |
-          docker build --push --no-cache \
-            --tag ghcr.io/sysadminsmedia/homebox:nightly \
-            --tag ghcr.io/sysadminsmedia/homebox:latest \
-            --tag ghcr.io/sysadminsmedia/homebox:${{ inputs.tag }} \
-            --build-arg VERSION=${{ inputs.tag }} \
-            --build-arg COMMIT=$(git rev-parse HEAD) \
-            --build-arg BUILD_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
-            --platform linux/amd64,linux/arm64,linux/arm/v7 .
-
-      - name: build release tagged the rootless image
-        if: ${{ inputs.release == true }}
-        run: |
-          docker build --push --no-cache \
-            --tag ghcr.io/sysadminsmedia/homebox:nightly-rootless \
-            --tag ghcr.io/sysadminsmedia/homebox:latest-rootless \
-            --tag ghcr.io/sysadminsmedia/homebox:${{ inputs.tag }}-rootless \
-            --build-arg VERSION=${{ inputs.tag }} \
-            --build-arg COMMIT=$(git rev-parse HEAD) \
-            --build-arg BUILD_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
-            --platform linux/amd64,linux/arm64,linux/arm/v7  \
-            --file Dockerfile.rootless .
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -1,29 +0,0 @@
-name: Publish Dockers
-
-on:
-  push:
-    branches:
-      - main
-
-env:
-  FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
-
-jobs:
-  deploy:
-    name: "Deploy Nightly to Fly.io"
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: superfly/flyctl-actions/setup-flyctl@master
-      - run: flyctl deploy --remote-only
-
-  publish-nightly:
-    name: "Publish Nightly"
-    if: github.event_name != 'release'
-    uses: sysadminsmedia/homebox/.github/workflows/partial-publish.yaml@main
-    with:
-      tag: nightly
-    secrets:
-      GH_TOKEN: ${{ secrets.CR_PAT }}
-
-