Wait for build to finish (AST-000)

cx-daniel-greenspan · cx-daniel-greenspan · commit f25aab6aaf76 · 2025-01-15T09:29:44.000+02:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -29,113 +29,6 @@ permissions:
   contents: write
 
 jobs:
-  build:
-    runs-on: macos-13
-    env:
-      AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
-      APPLE_DEVELOPER_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
-      APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
-      COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
-      COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
-      COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4.0.0
-        with:
-          fetch-depth: 0
-      - name: Install Go
-        uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 #v4
-        with:
-          go-version-file: go.mod
-      - name: Import Code-Signing Certificates
-        uses: Apple-Actions/import-codesign-certs@253ddeeac23f2bdad1646faac5c8c2832e800071 #v1
-        with:
-          # The certificates in a PKCS12 file encoded as a base64 string
-          p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
-          # The password used to import the PKCS12 file.
-          p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
-      - name: Updating and upgrading brew to a specific version
-        run: |
-          brew --version
-          cd $(brew --repo)
-          git fetch --tags
-          git checkout 4.4.15
-          export HOMEBREW_NO_AUTO_UPDATE=1
-          brew --version
-
-      - name: Install gon
-        run: |
-          brew install Bearer/tap/gon
-      - name: Setup Docker on macOS
-        if: inputs.dev == false
-        uses: douglascamata/setup-docker-macos-action@4fe96839fcba8a2d746e020d00a89a37afbc7dc9  #v1-alpha.15
-      - name: Test docker
-        if: inputs.dev == false
-        run: |
-          docker version
-          docker info
-      - name: Login to Docker Hub
-        if: inputs.dev == false
-        uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 #v1
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Install Cosign
-        if: inputs.dev == false
-        run: |
-          brew install sigstore/tap/cosign
-
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2
-        with:
-          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
-          aws-region: ${{ secrets.AWS_ASSUME_ROLE_REGION }}
-      - name: Tag
-        run: |
-          echo ${{ inputs.tag }}
-          echo "NEXT_VERSION=${{ inputs.tag }}" >> $GITHUB_ENV
-          tag=${{ inputs.tag }}
-          message='${{ inputs.tag }}: PR #${{ github.event.pull_request.number }} ${{ github.event.pull_request.title }}'
-          git config user.name "${GITHUB_ACTOR}"
-          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
-          git tag -a "${tag}" -m "${message}"
-          git push origin "${tag}"
-      - name: Build GoReleaser Args
-        run: |
-          args='release --clean --debug'
-          if [ ${{ inputs.dev }} = true ]; then
-            args=${args}' --config=".goreleaser-dev.yml"'
-          fi
-          echo "GR_ARGS=${args}" >> $GITHUB_ENV
-      - name: Echo GoReleaser Args
-        run: echo ${{ env.GR_ARGS }}
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 #v3
-        with:
-          version: v1.18.2
-          args: ${{ env.GR_ARGS }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GO_BOT_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-          S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }}
-          S3_BUCKET_REGION: ${{ secrets.S3_BUCKET_REGION }}
-          SIGNING_REMOTE_SSH_USER: ${{ secrets.SIGNING_REMOTE_SSH_USER }}
-          SIGNING_REMOTE_SSH_HOST: ${{ secrets.SIGNING_REMOTE_SSH_HOST }}
-          SIGNING_REMOTE_SSH_PRIVATE_KEY: ${{ secrets.SIGNING_REMOTE_SSH_PRIVATE_KEY }}
-          SIGNING_HSM_CREDS: ${{ secrets.SIGNING_HSM_CREDS }}
-      - name: Sign Docker Image with Cosign
-        if: inputs.dev == false
-        run: |
-          cosign sign --yes --key env://COSIGN_PRIVATE_KEY checkmarx/ast-cli:${{ inputs.tag }}
-
-      - name: Verify Docker image signature
-        if: inputs.dev == false
-        run: |
-          echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
-          cosign verify --key cosign.pub checkmarx/ast-cli:${{ inputs.tag }}
-        env:
-          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
 
   notify:
     needs: build
@@ -146,3 +39,4 @@ jobs:
       cli_release_version: ""
       release_author: "Phoenix Team"
       release_url: https://github.com/Checkmarx/ast-cli/releases/tag/${{ inputs.tag }}
+    secrets: inherit
