signed container v4 (#30)

* ci

* ci

* ci

.github/workflows/release.yml → .github/workflows/ci.yml

@@ -1,9 +1,14 @@
-name: release
+name: ci
 
 on:
   push:
+    branches:
+      - 'main'
     tags:
       - 'v*'
+  pull_request:
+    branches:
+      - 'main'
 
 jobs:
   docker:
@@ -14,17 +19,20 @@ jobs:
       id-token: write # needed for signing the images with GitHub OIDC Token
     steps:
     - uses: actions/checkout@v4
+
     - uses: docker/metadata-action@v5
       id: docker_meta
       with:
         images: ghcr.io/${{ github.repository }}
-      tags: |
-        type=ref,event=tag
+        tags: |
+          type=ref,event=tag
+
     - uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}        
+
     - uses: docker/build-push-action@v5
       id: build_and_push
       with:
@@ -35,7 +43,7 @@ jobs:
 
     - uses: sigstore/cosign-installer@v3
     - name: Sign the images with GitHub OIDC Token
-      if: ${{ github.event_name != 'pull_request' }}
+      if: github.event_name != 'pull_request'
       env:
         DIGEST: ${{ steps.build_and_push.outputs.digest }}
         TAGS: ${{ steps.docker_meta.outputs.tags }}

.github/workflows/pull-request.yml

@@ -45,30 +45,3 @@ jobs:
     - uses: shogo82148/actions-goveralls@v1
       with:
         path-to-profile: profile.cov
-
-  docker:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      id-token: write # needed for signing the images with GitHub OIDC Token
-    steps:
-    - uses: actions/checkout@v4
-    - uses: docker/metadata-action@v5
-      id: docker_meta
-      with:
-        images: ghcr.io/${{ github.repository }}
-        tags: |
-          type=ref,event=tag
-    - uses: docker/login-action@v3
-      with:
-        registry: ghcr.io
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}        
-    - uses: docker/build-push-action@v5
-      id: build_and_push
-      with:
-        context: .
-        push: ${{ github.event_name != 'pull_request' }}
-        tags: ${{ steps.docker_meta.outputs.tags }}
-        labels: ${{ steps.docker_meta.outputs.labels }}

README.md

@@ -1,7 +1,7 @@
 # myip
 "What's my IP" application
 
-[![release](https://github.com/kuoss/myip/actions/workflows/release.yml/badge.svg)](hhttps://github.com/kuoss/myip/actions/workflows/release.yml)
+[![ci](https://github.com/kuoss/myip/actions/workflows/ci.yml/badge.svg)](https://github.com/kuoss/myip/actions/workflows/ci.yml)
 [![pull-request](https://github.com/kuoss/myip/actions/workflows/pull-request.yml/badge.svg)](https://github.com/kuoss/myip/actions/workflows/pull-request.yml)
 [![Coverage Status](https://coveralls.io/repos/github/kuoss/myip/badge.svg?branch=main)](https://coveralls.io/github/kuoss/myip?branch=main)
 [![GitHub license](https://img.shields.io/github/license/kuoss/myip.svg)](https://github.com/kuoss/myip/blob/main/LICENSE)