From 6fcafc45617cb1a5dd5e4392f1e9c9e7bc536ec9 Mon Sep 17 00:00:00 2001
From: Debendra Oli <debendraoli@pm.me>
Date: Mon, 25 Nov 2024 20:34:56 +0545
Subject: [PATCH 1/7] add: release cosign pub key

---
 release/cosign.pub | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 release/cosign.pub

diff --git a/release/cosign.pub b/release/cosign.pub
new file mode 100644
index 00000000..5a52e143
--- /dev/null
+++ b/release/cosign.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEA8aqhFqounF+m2BwOy2N/kYL59tO
+7tKk12iIR5mKhhhfA4ptXopAxGlo79cddKjqXDHtVUzNQg4tccwKK1tWEw==
+-----END PUBLIC KEY-----

From 0d4fbfc6432b66933f3c5557e850c42725a6d4c5 Mon Sep 17 00:00:00 2001
From: Debendra Oli <debendraoli@pm.me>
Date: Mon, 25 Nov 2024 20:36:01 +0545
Subject: [PATCH 2/7] add: cosign the binaries

---
 .github/workflows/release.yml |  4 +++-
 .goreleaser.yaml              | 13 +++++++++++++
 Makefile                      |  6 +++++-
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a4edaffe..5e3c9fd4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -20,11 +20,13 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.22
+          go-version: 1.23
 
       - run: echo https://github.com/icon-project/centralized-relay/blob/${GITHUB_REF#refs/tags/}/CHANGELOG.md#${GITHUB_REF#refs/tags/} > ../release_notes.md
 
       - name: release publish
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
+          COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
         run: make release
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 7c52f991..3366b698 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -105,3 +105,16 @@ checksum:
 release:
   prerelease: auto
   draft: true
+  extra_files:
+    - glob: dist/*.sig
+
+signs:
+  - cmd: cosign
+    stdin: "{{ .Env.COSIGN_PWD }}"
+    args:
+      - "sign-blob"
+      - "--key=env://COSIGN_KEY"
+      - "--output-signature=${signature}"
+      - "${artifact}"
+      - "--yes"
+    artifacts: all
diff --git a/Makefile b/Makefile
index 60ed959b..0de9a2f8 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ test-all:
 	@go test -v ./...
 
 PACKAGE_NAME          := github.com/icon-project/centralized-relay
-GOLANG_CROSS_VERSION  ?= v1.22.4
+GOLANG_CROSS_VERSION  ?= v1.23.3
 LIBWASM_VERSION 		 ?= v2.1.0
 
 SYSROOT_DIR     ?= sysroots
@@ -59,6 +59,8 @@ release-dry-run:
 	@docker run \
 		--rm \
 		--env LIBWASM_VERSION=$(LIBWASM_VERSION) \
+		--env COSIGN_PWD \
+		--env COSIGN_KEY \
 		-v /var/run/docker.sock:/var/run/docker.sock \
 		-v `pwd`:/go/src/$(PACKAGE_NAME) \
 		-w /go/src/$(PACKAGE_NAME) \
@@ -71,6 +73,8 @@ release:
 		--rm \
 		--env GITHUB_TOKEN \
 		--env LIBWASM_VERSION=$(LIBWASM_VERSION) \
+		--env COSIGN_PWD \
+		--env COSIGN_KEY \
 		-v /var/run/docker.sock:/var/run/docker.sock \
 		-v `pwd`:/go/src/$(PACKAGE_NAME) \
 		-w /go/src/$(PACKAGE_NAME) \

From 5b9f6b52dddf89dedcaf2bbd5c229e7fa89b7a4d Mon Sep 17 00:00:00 2001
From: Debendra Oli <debendraoli@pm.me>
Date: Thu, 28 Nov 2024 11:33:20 +0545
Subject: [PATCH 3/7] add: dispatch workflow trigger for docker build

---
 .github/workflows/release.yml | 14 +++++++++++++-
 .goreleaser.yaml              |  2 +-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5e3c9fd4..82e465df 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,4 +1,4 @@
-name: "Release"
+name: Release
 
 on:
   push:
@@ -9,6 +9,9 @@ on:
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      actions: write
     steps:
       - name: Delete unnecessary tools folder for space
         run: rm -rf /opt/hostedtoolcache
@@ -30,3 +33,12 @@ jobs:
           COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
           COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
         run: make release
+
+      - name: Trigger relayer-docker build
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          curl -X POST -H "Accept: application/vnd.github.v3+json" \
+          -H "Authorization: token $GITHUB_TOKEN" \
+          https://api.github.com/repos/icon-project/relayer-docker/dispatches \
+          -d '{"event_type":"trigger-build","client_payload":{"tag":"${GITHUB_REF#refs/tags/}"}}'
\ No newline at end of file
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 3366b698..117c58e9 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -104,7 +104,7 @@ checksum:
 
 release:
   prerelease: auto
-  draft: true
+  draft: false
   extra_files:
     - glob: dist/*.sig
 

From e9fdaad6b0d52f034abeaf3944b69492accdfc1d Mon Sep 17 00:00:00 2001
From: Debendra Oli <debendraoli@pm.me>
Date: Thu, 28 Nov 2024 12:10:35 +0545
Subject: [PATCH 4/7] add: trigger workflow

---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 82e465df..f7bcc999 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -41,4 +41,4 @@ jobs:
           curl -X POST -H "Accept: application/vnd.github.v3+json" \
           -H "Authorization: token $GITHUB_TOKEN" \
           https://api.github.com/repos/icon-project/relayer-docker/dispatches \
-          -d '{"event_type":"trigger-build","client_payload":{"tag":"${GITHUB_REF#refs/tags/}"}}'
\ No newline at end of file
+          -d '{"event_type":"trigger-build","client_payload":{"tag":"${GITHUB_REF#refs/tags/}"}}'

From 65fdef74e28c92ba98d7a0439dafa361597df375 Mon Sep 17 00:00:00 2001
From: Debendra Oli <debendraoli@pm.me>
Date: Thu, 28 Nov 2024 15:34:49 +0545
Subject: [PATCH 5/7] rf: secrets var

---
 .github/workflows/release.yml | 6 +++---
 Makefile                      | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f7bcc999..6ea98826 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,7 +10,7 @@ jobs:
   goreleaser:
     runs-on: ubuntu-latest
     permissions:
-      contents: write
+      contents: read
       actions: write
     steps:
       - name: Delete unnecessary tools folder for space
@@ -30,8 +30,8 @@ jobs:
       - name: release publish
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
-          COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
         run: make release
 
       - name: Trigger relayer-docker build
diff --git a/Makefile b/Makefile
index 0de9a2f8..3876d537 100644
--- a/Makefile
+++ b/Makefile
@@ -59,8 +59,8 @@ release-dry-run:
 	@docker run \
 		--rm \
 		--env LIBWASM_VERSION=$(LIBWASM_VERSION) \
-		--env COSIGN_PWD \
-		--env COSIGN_KEY \
+		--env COSIGN_PASSWORD \
+		--env COSIGN_PRIVATE_KEY \
 		-v /var/run/docker.sock:/var/run/docker.sock \
 		-v `pwd`:/go/src/$(PACKAGE_NAME) \
 		-w /go/src/$(PACKAGE_NAME) \

From 6e786522e51ba004516ba1c9cb86cbf0fd7c5c22 Mon Sep 17 00:00:00 2001
From: Debendra Oli <debendraoli@pm.me>
Date: Thu, 28 Nov 2024 15:38:46 +0545
Subject: [PATCH 6/7] rf(Makefile): secrets var

---
 Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 3876d537..9929dd62 100644
--- a/Makefile
+++ b/Makefile
@@ -73,8 +73,8 @@ release:
 		--rm \
 		--env GITHUB_TOKEN \
 		--env LIBWASM_VERSION=$(LIBWASM_VERSION) \
-		--env COSIGN_PWD \
-		--env COSIGN_KEY \
+		--env COSIGN_PASSWORD \
+		--env COSIGN_PRIVATE_KEY \
 		-v /var/run/docker.sock:/var/run/docker.sock \
 		-v `pwd`:/go/src/$(PACKAGE_NAME) \
 		-w /go/src/$(PACKAGE_NAME) \

From f6bf0104a098abfaafa65f3ead052c2a8ef23ae5 Mon Sep 17 00:00:00 2001
From: Debendra Oli <debendraoli@pm.me>
Date: Mon, 2 Dec 2024 10:46:17 +0545
Subject: [PATCH 7/7] rm: remote trigger

---
 .github/workflows/release.yml | 46 ++++++++++++++++++++++++++---------
 .goreleaser.yaml              |  6 ++---
 Makefile                      | 10 ++++----
 3 files changed, 43 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6ea98826..3331be3a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,16 +9,11 @@ on:
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      actions: write
     steps:
       - name: Delete unnecessary tools folder for space
         run: rm -rf /opt/hostedtoolcache
 
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
       - name: Set up Go
         uses: actions/setup-go@v5
@@ -34,11 +29,40 @@ jobs:
           COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
         run: make release
 
-      - name: Trigger relayer-docker build
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build relayer image
+        id: build-and-push-relayer
+        uses: docker/build-push-action@v6
+        with:
+          context: https://github.com/icon-project/relayer-docker.git#relayer
+          platforms: linux/amd64,linux/arm64
+          push: true
+          build-args: |
+            - RELAYER_VERSION=${{ github.ref }}
+          tags: |
+            iconcommunity/centralized-relay:latest
+            iconcommunity/centralized-relay:${{ github.ref }}
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@v3
+
+      - name: Sign relayer image
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
         run: |
-          curl -X POST -H "Accept: application/vnd.github.v3+json" \
-          -H "Authorization: token $GITHUB_TOKEN" \
-          https://api.github.com/repos/icon-project/relayer-docker/dispatches \
-          -d '{"event_type":"trigger-build","client_payload":{"tag":"${GITHUB_REF#refs/tags/}"}}'
+          cosign sign --key env://COSIGN_PRIVATE_KEY iconcommunity/centralized-relay:latest
+          cosign sign --key env://COSIGN_PRIVATE_KEY iconcommunity/centralized-relay:${{ github.ref }}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 117c58e9..74e9f109 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -110,11 +110,11 @@ release:
 
 signs:
   - cmd: cosign
-    stdin: "{{ .Env.COSIGN_PWD }}"
+    stdin: "{{ .Env.COSIGN_PASSWORD }}"
     args:
       - "sign-blob"
-      - "--key=env://COSIGN_KEY"
-      - "--output-signature=${signature}"
       - "${artifact}"
+      - "--key=env://COSIGN_PRIVATE_KEY"
+      - "--output-signature=${signature}"
       - "--yes"
     artifacts: all
diff --git a/Makefile b/Makefile
index 9929dd62..bb7a634b 100644
--- a/Makefile
+++ b/Makefile
@@ -56,11 +56,12 @@ SYSROOT_ARCHIVE ?= sysroots.tar.bz2
 
 .PHONY: release-dry-run
 release-dry-run:
+	@echo "dry-run release..."
 	@docker run \
 		--rm \
 		--env LIBWASM_VERSION=$(LIBWASM_VERSION) \
-		--env COSIGN_PASSWORD \
-		--env COSIGN_PRIVATE_KEY \
+		--env COSIGN_PASSWORD=$(COSIGN_PASSWORD) \
+		--env COSIGN_PRIVATE_KEY=$(COSIGN_PRIVATE_KEY) \
 		-v /var/run/docker.sock:/var/run/docker.sock \
 		-v `pwd`:/go/src/$(PACKAGE_NAME) \
 		-w /go/src/$(PACKAGE_NAME) \
@@ -68,13 +69,12 @@ release-dry-run:
 		--clean --auto-snapshot
 
 .PHONY: release
-release:
 	docker run \
 		--rm \
 		--env GITHUB_TOKEN \
 		--env LIBWASM_VERSION=$(LIBWASM_VERSION) \
-		--env COSIGN_PASSWORD \
-		--env COSIGN_PRIVATE_KEY \
+		--env COSIGN_PASSWORD=(env COSIGN_PASSWORD) \
+		--env COSIGN_PRIVATE_KEY(env COSIGN_PRIVATE_KEY) \
 		-v /var/run/docker.sock:/var/run/docker.sock \
 		-v `pwd`:/go/src/$(PACKAGE_NAME) \
 		-w /go/src/$(PACKAGE_NAME) \