HACK: update release workflow for fork

Author: gartnera

.github/workflows/release.yml

@@ -18,24 +18,16 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: '1.22.5'
-      - name: Install Cosign
-        uses: sigstore/cosign-installer@v3
-        with:
-          cosign-release: 'v2.2.4'
-      - name: Store Cosign private key in a file
-        run: 'echo "$COSIGN_KEY" > /tmp/cosign.key'
-        shell: bash
-        env:
-          COSIGN_KEY: ${{secrets.COSIGN_KEY}}
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-      - name: Login to DockerHub
+      - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
-          username: ${{secrets.DOCKER_USERNAME}}
-          password: ${{secrets.DOCKER_PASSWORD}}
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Generate SBOM
         uses: CycloneDX/gh-gomod-generate-sbom@v2
         with:
@@ -45,33 +37,18 @@ jobs:
         uses: docker/metadata-action@v5
         id: meta
         with:
-          images: securego/gosec
+          images: ghcr.io/${{ github.repository_owner }}/gosec
           flavor: |
             latest=true
           tags: |
             type=sha,format=long
             type=semver,pattern={{version}}
-      - name: Release Binaries
-        uses: goreleaser/goreleaser-action@v6
-        with:
-          version: latest
-          args: release --clean
-        env:
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
       - name: Release Docker Image
         uses: docker/build-push-action@v6
         id: relimage
         with:
           platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le
-          tags: ${{steps.meta.outputs.tags}}
-          labels: ${{steps.meta.outputs.labels}}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
           push: true
           build-args: GO_VERSION=1.22
-      - name: Sign Docker Image
-        run: cosign sign --yes --key /tmp/cosign.key ${DIGEST}
-        env:
-          TAGS: ${{steps.meta.outputs.tags}}
-          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
-          COSIGN_PRIVATE_KEY: /tmp/cosign.key
-          DIGEST: ${{steps.relimage.outputs.digest}}

action.yml

@@ -10,7 +10,7 @@ inputs:
 
 runs:
     using: 'docker'
-    image: 'docker://securego/gosec:2.20.0'
+    image: 'docker://ghcr.io/zeta-chain/gosec:2.21.0-zeta'
     args:
       - ${{ inputs.args }}