Attempt to fix release recipe

Icikowski · Jan 11, 2022 · 834ba97 · 834ba97
1 parent 030fa8e
commit 834ba97
Showing 1 changed file with 8 additions and 7 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -116,7 +116,7 @@ jobs:
     needs: [prerelease]
     if: (needs.prerelease.result == 'success')
     outputs:
-      imageId: ${{ steps.docker.outputs.imageId }}
+      imageId: ${{ steps.push.outputs.imageId }}
     env:
       GPTS_VERSION: ${{ needs.prerelease.outputs.version }}
       GPTS_COMMIT_ID: ${{ needs.prerelease.outputs.commitId }}
@@ -137,6 +137,7 @@ jobs:
       - name: Log into registry
         run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
       - name: Push image
+        id: push
         working-directory: application
         run: |
           IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$GPTS_IMAGE
@@ -145,31 +146,31 @@ jobs:
           docker tag $GPTS_IMAGE $IMAGE_ID:$GPTS_VERSION
           docker push $IMAGE_ID:$GPTS_VERSION
 
-          echo ::set-output name=imageId::$IMAGE_ID
+          echo ::set-output name=imageId::${IMAGE_ID}:${GPTS_VERSION}
       - name: Sign image
         env:
           COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
-          IMAGE_ID: ${{ steps.docker.outputs.imageId }}
+          IMAGE_ID: ${{ steps.push.outputs.imageId }}
         run: |
           echo ${COSIGN_PRIVATE_KEY} >/tmp/cosign.key
-          cosign sign --key >/tmp/cosign.key ${IMAGE_ID}
+          cosign sign --key /tmp/cosign.key ${IMAGE_ID}
   verify-signature:
+    name: Image signature verification
     runs-on: ubuntu-latest
     needs: [docker]
     if: (needs.docker.result == 'success')
     env:
-      IMAGE_ID: ${{ steps.docker.outputs.imageId }}
+      IMAGE_ID: ${{ needs.docker.outputs.imageId }}
     permissions:
-      packages: read
+      packages: write
       contents: read
     steps:
       - name: Install Cosign
         uses: sigstore/cosign-installer@main
       - name: Verify signature
         env:
           COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
-          IMAGE_ID: ${{ steps.docker.outputs.imageId }}
         run: |
           echo ${COSIGN_PUBLIC_KEY} >/tmp/cosign.pub
           cosign verify --key /tmp/cosign.pub ${IMAGE_ID}