.github/workflows/docker_release.yml

name: Build and Push Docker Image
# https://github.com/sigstore/cosign
on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Docker image tag'
        required: true
        default: 'latest'

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    
    permissions:
      contents: read
      id-token: write

    steps:
    - name: Check out code
      uses: actions/checkout@v3
      
    - name: Install cosign
      uses: sigstore/cosign-installer@v3

    - name: Log in to Docker Hub
      uses: docker/login-action@v2
      with:
        registry: docker.io
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}

    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v2

    - name: Build and push Docker image
      uses: docker/build-push-action@v4
      with:
        context: .
        push: true
        tags: |
          opentensorfdn/bittensor:${{ github.event.inputs.tag }}
          opentensorfdn/bittensor:latest
        provenance: false

    - name: Sign the images with GitHub OIDC Token
      env:
        DIGEST: ${{ steps.build.outputs.digest }}
        TAGS: ${{ steps.build.outputs.tags }}
      run: |
        echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}