khongsomeo · trhgquan · Dec 10, 2024 · Dec 9, 2024 · Dec 9, 2024 · Dec 9, 2024
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,67 +1,115 @@
 name: Release
 
 on:
-  push:
-    tags:
-      - '*'
+    push:
+        tags:
+            - "*"
+
+env:
+    REGISTRY: ghcr.io
+    IMAGE_NAME: ${{ github.repository }}
 
 jobs:
-  release-build:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: ['windows-latest', 'ubuntu-latest']
-
-    steps:
-    - uses: actions/checkout@v2
-      name: Checkout repository
-
-    - name: make
-      run: make
-
-    - name: Upload artifacts
-      uses: actions/upload-artifact@v2
-      with:
-        name: build-executable
-        path: |
-          data/
-          main
-          main.exe
-          readme.md
-          LICENSE
-        if-no-files-found: error
-
-    - name: cleaning afterworks
-      run: make clean
-
-  create-release:
-    runs-on: ubuntu-latest
-    needs: release-build
-    steps:
-      - name: Download artifacts from previous build
-        uses: actions/download-artifact@v2
-        with:
-          name: build-executable
-
-      - name: Zipping release artifact
-        uses: vimtor/action-zip@v1
-        with:
-          files: data/ main main.exe readme.md LICENSE
-          recursive: false
-          dest: release.zip
-
-      - name: Drafting a new release
-        uses: release-drafter/release-drafter@v5
-        id: draft-new-release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Upload release asset
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.draft-new-release.outputs.upload_url }}
-          asset_path: release.zip
-          asset_name: release.zip
-          asset_content_type: application/zip
+    release-build:
+        runs-on: ${{ matrix.os }}
+        strategy:
+            matrix:
+                os: ["windows-latest", "ubuntu-latest"]
+
+        steps:
+            - uses: actions/checkout@v2
+              name: Checkout repository
+
+            - name: make
+              run: make
+
+            - name: Upload artifacts
+              uses: actions/upload-artifact@v4
+              with:
+                  name: build-executable-${{ matrix.os }}
+                  path: |
+                      data/
+                      main
+                      main.exe
+                      readme.md
+                      LICENSE
+                  if-no-files-found: error
+                  overwrite: true
+
+            - name: cleaning afterworks
+              run: make clean
+
+    create-release:
+        runs-on: ubuntu-latest
+        needs: release-build
+        steps:
+            - name: Download artifacts from previous build
+              uses: actions/download-artifact@v4
+              with:
+                  pattern: build-executable-*
+                  merge-multiple: true
+
+            - name: Zipping release artifact
+              uses: vimtor/action-zip@v1
+              with:
+                  files: data/ main main.exe readme.md LICENSE
+                  recursive: false
+                  dest: release.zip
+
+            - name: Drafting a new release
+              uses: release-drafter/release-drafter@v5
+              id: draft-new-release
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+            - name: Upload release asset
+              uses: actions/upload-release-asset@v1
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              with:
+                  upload_url: ${{ steps.draft-new-release.outputs.upload_url }}
+                  asset_path: release.zip
+                  asset_name: release.zip
+                  asset_content_type: application/zip
+
+    build-and-push-image:
+        runs-on: ubuntu-latest
+
+        permissions:
+            contents: read
+            packages: write
+            attestations: write
+            id-token: write
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v4
+
+            - name: Log in to the Container Registry
+              uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+              with:
+                  registry: ${{ env.REGISTRY }}
+                  username: ${{ github.actor }}
+                  password: ${{ secrets.GITHUB_TOKEN }}
+
+            - name: Extract metadata (tags, labels) for Docker
+              id: meta
+              uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+              with:
+                  images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+            - name: Build and push Docker image
+              id: push
+              uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+              with:
+                  context: .
+                  push: true
+                  tags: ${{ steps.meta.outputs.tags }}
+                  labels: ${{ steps.meta.outputs.labels }}
+
+            - name: Generate artifact attestation
+              uses: actions/attest-build-provenance@v1
+              with:
+                  subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+                  subject-digest: ${{ steps.push.outputs.digest }}
+                  push-to-registry: true