fix: push before signing #87

Summary
Jobs
- build
- release
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/package.yaml at 2d5313c

	name: Release Debian package

	on:
	push:
	tags:
	- "v..*" # run on semver tags
	- "v..-" # run on pre-release tags
	workflow_dispatch:
	inputs:
	tag:
	description: 'Tag to stable release'
	required: true
	default: 'v0.0.0'

	jobs:
	build:
	runs-on: ubuntu-latest
	if: github.event_name == 'push'
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- uses: oven-sh/setup-bun@v2

	- name: Install dependencies
	run: bun install --frozen-lockfile

	- name: Build Next.js application
	run: bun run build

	- name: Extract version from tag
	id: extract_version
	run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV

	- name: Update control file version
	run: \|
	sed -i "s/^Version: .*/Version: ${VERSION}/" debian/DEBIAN/control

	- name: Prepare Debian package structure
	run: \|
	cp -rT .next/standalone debian/usr/share/dashboard
	cp -r .next/static debian/usr/share/dashboard/.next
	cp -r public debian/usr/share/dashboard

	- name: Build Debian package
	run: dpkg-deb --build debian relayer-admin-dashboard.deb

	- name: Install cosign
	uses: sigstore/cosign-installer@v3

	- name: Sign debian package
	env:
	COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	COSIGN_YES: true
	run:
	cosign sign-blob --key env://COSIGN_PRIVATE_KEY relayer-admin-dashboard.deb
	cosign public-key --key env://COSIGN_PRIVATE_KEY > cosign.pub

	- name: Release
	uses: softprops/action-gh-release@v2
	with:
	files: \|
	relayer-admin-dashboard.deb
	relayer-admin-dashboard.deb.sig
	cosign.pub
	generate_release_notes: true
	make_latest: true
	prerelease: ${{ contains(github.ref_name, '-') }}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3
	with:
	platforms: linux/amd64,linux/arm64

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to DockerHub
	uses: docker/login-action@v3
	with:
	username: ${{ vars.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Build relayer image
	id: build-and-push-relayer
	uses: docker/build-push-action@v6
	with:
	context: https://github.com/icon-project/relayer-docker.git#:admin-dashboard
	platforms: linux/amd64,linux/arm64
	push: true
	build-args: \|
	- DASHBOARD_VERSION=${{ github.ref_name }}
	tags: \|
	iconcommunity/relayer-admin-dashboard:unstable
	iconcommunity/relayer-admin-dashboard:${{ github.ref_name }}

	- name: Sign relayer image
	env:
	COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	COSIGN_YES: true
	run: \|
	cosign sign --key env://COSIGN_PRIVATE_KEY iconcommunity/relayer-admin-dashboard:unstable
	cosign sign --key env://COSIGN_PRIVATE_KEY iconcommunity/relayer-admin-dashboard:${{ github.ref_name }}

	release:
	runs-on: ubuntu-latest
	if: github.event_name == 'workflow_dispatch'
	steps:
	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to DockerHub
	uses: docker/login-action@v3
	with:
	username: ${{ vars.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Pull relayer image
	run: docker pull iconcommunity/relayer-admin-dashboard:${{ github.event.inputs.tag }}

	- name: Tag with stable
	run: docker tag iconcommunity/relayer-admin-dashboard:${{ github.event.inputs.tag }} iconcommunity/relayer-admin-dashboard:stable

	- name: Push relayer image
	run: docker push iconcommunity/relayer-admin-dashboard:stable

	- name: Install cosign
	uses: sigstore/cosign-installer@v3

	- name: Sign relayer image
	env:
	COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	COSIGN_YES: true
	run: \|
	cosign sign --key env://COSIGN_PRIVATE_KEY iconcommunity/relayer-admin-dashboard:stable

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: push before signing #87

Workflow file

fix: push before signing #87

Jobs

Run details

Workflow file for this run