From 500890f391d676a84931324af51bf5b79dafa0fe Mon Sep 17 00:00:00 2001
From: Taylor Ludwig <taylorludwig@gmail.com>
Date: Tue, 2 Sep 2025 15:56:11 -0700
Subject: [PATCH 1/2] switch to new shared workflow with dynamic workflow and
 job names

Signed-off-by: Taylor Ludwig <taylorludwig@gmail.com>
---
 .../workflows/build_and_release_image.yaml    | 89 ++++---------------
 1 file changed, 17 insertions(+), 72 deletions(-)

diff --git a/.github/workflows/build_and_release_image.yaml b/.github/workflows/build_and_release_image.yaml
index 2f2135de..bbba21eb 100644
--- a/.github/workflows/build_and_release_image.yaml
+++ b/.github/workflows/build_and_release_image.yaml
@@ -1,79 +1,24 @@
-name: Release with goreleaser
+name: GoReleaser
+run-name: GoReleaser ${{ startsWith(github.ref, 'refs/tags/v') && 'Release' || 'Snapshot' }}
 
 on:
+  workflow_dispatch:
+  pull_request:
   push:
     tags:
       - v*
 
-permissions: write-all # Necessary for the generate-build-provenance action with containers
-
 jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install cross-compilation tools
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
-
-      - name: Set up latest stable Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: stable
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Checkout out the repo
-        uses: actions/checkout@v4
-        with:
-          fetch-tags: 1
-          fetch-depth: 1
-
-      # Set environment variables required by GoReleaser
-      - name: Set build environment variables
-        run: |
-          echo "GIT_STATE=$(if git diff-index --quiet HEAD --; then echo 'clean'; else echo 'dirty'; fi)" >> $GITHUB_ENV
-          echo "BUILD_HOST=$(hostname)" >> $GITHUB_ENV
-          echo "GO_VERSION=$(go version | awk '{print $3}')" >> $GITHUB_ENV
-          echo "BUILD_USER=$(whoami)" >> $GITHUB_ENV
-
-      - name: Docker Login
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Release with goreleaser
-        uses: goreleaser/goreleaser-action@v6
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-        with:
-          version: '~> v2'
-          args: release --clean
-        id: goreleaser
-
-      - name: Process goreleaser output
-        id: process_goreleaser_output
-        run: |
-          echo "const fs = require('fs');" > process.js
-          echo 'const artifacts = ${{ steps.goreleaser.outputs.artifacts }}' >> process.js
-          echo "const firstNonNullDigest = artifacts.find(artifact => artifact.extra && artifact.extra.Digest != null)?.extra.Digest;" >> process.js
-          echo "console.log(firstNonNullDigest);" >> process.js
-          echo "fs.writeFileSync('digest.txt', firstNonNullDigest);" >> process.js
-          node process.js
-          echo "digest=$(cat digest.txt)" >> $GITHUB_OUTPUT
-
-      - name: Attest power-control binary amd64
-        uses: actions/attest-build-provenance@v1
-        with:
-          subject-path: dist/pcs_linux_amd64_v3/power-control
-      - name: Attest power-control binary arm64
-        uses: actions/attest-build-provenance@v1
-        with:
-          subject-path: dist/pcs_linux_arm64_v8.0/power-control
-      - name: Generate build provenance
-        uses: actions/attest-build-provenance@v1
-        with:
-          subject-name: ghcr.io/openchami/pcs
-          subject-digest: ${{ steps.process_goreleaser_output.outputs.digest }}
-          push-to-registry: true
\ No newline at end of file
+  goreleaser:
+    name: GoReleaser ${{ startsWith(github.ref, 'refs/tags/v') && 'Release' || 'Snapshot' }}
+    # TODO: Switch to openchami once tagged
+    uses: taylorludwig/openchami-github-actions/.github/workflows/go-build-release.yml@feature/go-build-release-tweaks
+    # uses: OpenCHAMI/github-actions/.github/workflows/go-build-release.yml@v3.3
+    with:
+      fetch-depth: 1
+      pre-build-commands: |
+        sudo apt-get update
+        sudo apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
+      goreleaser-version: "~> v2"
+      attestation-binary-path: "dist/pcs_linux_amd64_v3/power-control, dist/pcs_linux_arm64_v8.0/power-control"
+      registry-name: ghcr.io/openchami/pcs

From 45a4ade451e195dafad45c3074dc4afb6584f185 Mon Sep 17 00:00:00 2001
From: Taylor Ludwig <taylorludwig@gmail.com>
Date: Thu, 4 Sep 2025 10:52:39 -0700
Subject: [PATCH 2/2] switch to openchami workflow ref

Signed-off-by: Taylor Ludwig <taylorludwig@gmail.com>
---
 .github/workflows/build_and_release_image.yaml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build_and_release_image.yaml b/.github/workflows/build_and_release_image.yaml
index bbba21eb..6552b92d 100644
--- a/.github/workflows/build_and_release_image.yaml
+++ b/.github/workflows/build_and_release_image.yaml
@@ -11,9 +11,8 @@ on:
 jobs:
   goreleaser:
     name: GoReleaser ${{ startsWith(github.ref, 'refs/tags/v') && 'Release' || 'Snapshot' }}
-    # TODO: Switch to openchami once tagged
-    uses: taylorludwig/openchami-github-actions/.github/workflows/go-build-release.yml@feature/go-build-release-tweaks
-    # uses: OpenCHAMI/github-actions/.github/workflows/go-build-release.yml@v3.3
+    # TODO: Switch to openchami tag once tagged
+    uses: OpenCHAMI/github-actions/.github/workflows/go-build-release.yml@9b25637
     with:
       fetch-depth: 1
       pre-build-commands: |