fix(ci): updates existing ci job to work with new docker publishing. (#…

…30)

.github/workflows/tag.yaml → .github/workflows/binaries-publish.yaml

@@ -1,12 +1,8 @@
-name: Publish Release
+name: Publish Release Binaries
 
 on:
   push:
-    tags:
-      - v*
-
-env:
-  FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+    tags: [ 'v*.*.*' ]
 
 jobs:
   backend-tests:
@@ -49,29 +45,3 @@ jobs:
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-  publish-tag:
-    name: "Publish Tag"
-    uses: sysadminsmedia/homebox/.github/workflows/partial-publish.yaml@main
-    with:
-      release: true
-      tag: ${{ github.ref_name }}
-    secrets:
-      GH_TOKEN: ${{ secrets.CR_PAT }}
-
-  deploy-docs:
-    name: Deploy docs
-    needs:
-      - publish-tag
-      - goreleaser
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout main
-        uses: actions/checkout@v4
-
-      - name: Deploy docs
-        uses: mhausenblas/mkdocs-deploy-gh-pages@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          CONFIG_FILE: docs/mkdocs.yml
-          EXTRA_PACKAGES: build-base

.github/workflows/docker-publish-rootless.yaml

@@ -88,21 +88,6 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          TAGS: ${{ steps.metadata.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
-
       - name: Attest
         uses: actions/attest-build-provenance@v1
         id: attest

.github/workflows/docker-publish.yaml

@@ -85,21 +85,6 @@ jobs:
           platforms: linux/amd64,linux/arm64,linux/arm/v7
           cache-from: type=gha
           cache-to: type=gha,mode=max
-
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          TAGS: ${{ steps.meta.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
 
       - name: Attest
         uses: actions/attest-build-provenance@v1