ci: hopefully final CI fixes (#87)

xTVaser · web-flow · commit 3eb4f56ea6a4 · 2025-02-26T21:19:48.000-05:00
diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml
@@ -0,0 +1,54 @@
+name: 🐋 Publish Image
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+  attestations: write
+  packages: write
+  id-token: write
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      build_image:
+    if: github.repository == 'PCSX2/web-api'
+    needs:
+      - cut_release
+    name: "Build and Publish Image"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -19,19 +19,17 @@ env:
 
 permissions:
   contents: write
-  attestations: write
-  packages: write
 
 jobs:
   cut_release:
+    if: github.repository == 'PCSX2/web-api'
     name: Cut Release
     runs-on: ubuntu-latest
     outputs:
       new_tag: ${{ steps.set_tag.outputs.new_tag }}
     steps:
       # Docs - https://github.com/mathieudutour/github-tag-action
       - name: Bump Version and Push Tag
-        if: github.repository == 'PCSX2/web-api'
         id: tag_version
         uses: mathieudutour/github-tag-action@v6.2
         with:
@@ -42,56 +40,9 @@ jobs:
       - name: Create Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh release create ${{ steps.tag_version.outputs.new_tag }} --generate-notes --draft --repo ${{ github.repository }}
+        run: gh release create ${{ steps.tag_version.outputs.new_tag }} --generate-notes --repo ${{ github.repository }}
 
       - name: Output new tag
         id: set_tag
         run: |
-          echo "new_tag=${{ steps.tag_version.outputs.new_tag }}" >> $GITHUB_OUTPUT
-
-  build_image:
-    if: github.repository == 'PCSX2/web-api'
-    needs:
-      - cut_release
-    name: "Build and Publish Image"
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ needs.cut_release.outputs.new_tag }}
-
-      - name: Log in to the Container registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-
-      - name: Build and push Docker image
-        id: push
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-
-      - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v2
-        with:
-          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
-          subject-digest: ${{ steps.push.outputs.digest }}
-          push-to-registry: true
-
-      - name: Publish Release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          TAG_VAL=${{ needs.cut_release.outputs.new_tag }}
-          gh release edit ${TAG_VAL} --draft=false --repo open-goal/jak-project
+          echo "new_tag=${{ steps.tag_version.outputs.new_tag }}" >> $GITHUB_OUTPUT
