From e98d97a271857efe14e6f15d8971d452b2d1a2d5 Mon Sep 17 00:00:00 2001
From: Felix Nie <hongtuo.nie@u.nus.edu>
Date: Wed, 07 May 2025 19:56:18 +0000
Subject: [PATCH] feat(i18n): readermode translations and icon (#1961)

---
 .github/workflows/docker-build-push.yaml |   37 ++++---------------------------------
 1 files changed, 4 insertions(+), 33 deletions(-)

diff --git a/.github/workflows/docker-build-push.yaml b/.github/workflows/docker-build-push.yaml
index e72c967..ee7efa7 100644
--- a/.github/workflows/docker-build-push.yaml
+++ b/.github/workflows/docker-build-push.yaml
@@ -3,7 +3,7 @@
 on:
   push:
     branches: [v4]
-  tags: ["v*"]
+    tags: ["v*"]
   pull_request:
     branches: [v4]
     paths:
@@ -25,7 +25,7 @@
         with:
           fetch-depth: 1
       - name: Inject slug/short variables
-        uses: rlespinasse/github-slug-action@v4.4.1
+        uses: rlespinasse/github-slug-action@v5.1.0
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
@@ -37,7 +37,7 @@
             network=host
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@v3.7.0
+        uses: sigstore/cosign-installer@v3.8.2
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         if: github.event_name != 'pull_request'
@@ -78,7 +78,7 @@
         id: build-and-push
         uses: docker/build-push-action@v6
         with:
-          push: true
+          push: ${{ github.event_name != 'pull_request' }}
           build-args: |
             GIT_SHA=${{ env.GITHUB_SHA }}
             DOCKER_LABEL=sha-${{ env.GITHUB_SHA_SHORT }}
@@ -86,32 +86,3 @@
           labels: ${{ steps.meta.outputs.labels || steps.meta-pr.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha
-
-      - name: Sign the released image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          COSIGN_EXPERIMENTAL: "true"
-        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }}
-      - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
-        uses: aquasecurity/trivy-action@master
-        if: ${{ github.event_name != 'pull_request' }}
-        with:
-          image-ref: "ghcr.io/${{ github.repository_owner }}/quartz:sha-${{ env.GITHUB_SHA_SHORT }}"
-          format: "github"
-          output: "dependency-results.sbom.json"
-          github-pat: ${{ secrets.GITHUB_TOKEN }}
-          scanners: "vuln"
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        if: ${{ github.event_name != 'pull_request' }}
-        with:
-          image-ref: "ghcr.io/${{ github.repository_owner }}/quartz:sha-${{ env.GITHUB_SHA_SHORT }}"
-          format: "sarif"
-          output: "trivy-results.sarif"
-          severity: "CRITICAL"
-          scanners: "vuln"
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        if: ${{ github.event_name != 'pull_request' }}
-        with:
-          sarif_file: "trivy-results.sarif"

--
Gitblit v1.10.0