From c789625529e076111649139be203d1d55c42235e Mon Sep 17 00:00:00 2001
From: Alex Gartner <git@agartner.com>
Date: Thu, 11 Jul 2024 15:28:53 -0700
Subject: [PATCH] HACK: update release workflow for fork

---
 .github/workflows/release.yml | 41 ++++++++---------------------------
 action.yml                    |  2 +-
 2 files changed, 10 insertions(+), 33 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 18dcb04171..fc3f00b747 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,25 +17,17 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.23.1'
-      - name: Install Cosign
-        uses: sigstore/cosign-installer@v3
-        with:
-          cosign-release: 'v2.4.0'
-      - name: Store Cosign private key in a file
-        run: 'echo "$COSIGN_KEY" > /tmp/cosign.key'
-        shell: bash
-        env:
-          COSIGN_KEY: ${{secrets.COSIGN_KEY}}
+          go-version: '1.22.7'
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-      - name: Login to DockerHub
+      - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
-          username: ${{secrets.DOCKER_USERNAME}}
-          password: ${{secrets.DOCKER_PASSWORD}}
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Generate SBOM
         uses: CycloneDX/gh-gomod-generate-sbom@v2
         with:
@@ -45,33 +37,18 @@ jobs:
         uses: docker/metadata-action@v5
         id: meta
         with:
-          images: securego/gosec
+          images: ghcr.io/${{ github.repository_owner }}/gosec
           flavor: |
             latest=true
           tags: |
             type=sha,format=long
             type=semver,pattern={{version}}
-      - name: Release Binaries
-        uses: goreleaser/goreleaser-action@v6
-        with:
-          version: latest
-          args: release --clean
-        env:
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
       - name: Release Docker Image
         uses: docker/build-push-action@v6
         id: relimage
         with:
           platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le
-          tags: ${{steps.meta.outputs.tags}}
-          labels: ${{steps.meta.outputs.labels}}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
           push: true
-          build-args: GO_VERSION=1.23
-      - name: Sign Docker Image
-        run: cosign sign --yes --key /tmp/cosign.key ${DIGEST}
-        env:
-          TAGS: ${{steps.meta.outputs.tags}}
-          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
-          COSIGN_PRIVATE_KEY: /tmp/cosign.key
-          DIGEST: ${{steps.relimage.outputs.digest}}
+          build-args: GO_VERSION=1.22
diff --git a/action.yml b/action.yml
index a505455018..384cf0b0ef 100644
--- a/action.yml
+++ b/action.yml
@@ -10,7 +10,7 @@ inputs:
 
 runs:
     using: 'docker'
-    image: 'docker://securego/gosec:2.21.4'
+    image: 'docker://ghcr.io/zeta-chain/gosec:2.21.4-zeta'
     args:
       - ${{ inputs.args }}