Switch to release search API

.github/workflows/dockerimage.yml

@@ -17,15 +17,7 @@ jobs:
     steps:
       - name: Set IMAGE
         run: echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}"
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
-        with:
-          fetch-depth: 0
-          fetch-tags: true
-      - name: Install cosign
-        if: github.ref == 'refs/heads/main'
-        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
-        with:
-          cosign-release: v2.1.1
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
       - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
       - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
       - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
@@ -43,7 +35,6 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
-        id: build-and-push
         with:
           context: ${{ env.IMAGE }}
           platforms: linux/amd64,linux/arm64
@@ -52,33 +43,40 @@ jobs:
           sbom: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-      - name: Sign the published Docker image
-        if: github.ref == 'refs/heads/main'
-        env:
-          TAGS: ${{ steps.meta.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
-          COSIGN_PASSWORD: ''
-          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
-        run: \echo "${TAGS}" | \xargs -I {} cosign sign --key <(\echo "${COSIGN_PRIVATE_KEY}") --yes "{}@${DIGEST}" \
-          -a "workflow=${{ github.workflow }}" \
-          -a "repo=${{ github.repository }}" \
-          -a "branch=${{ github.ref_name }}" \
-          -a "ref=${{ github.sha }}"
       - name: Test the Docker image
         working-directory: ${{ env.IMAGE }}
         run: docker compose -f docker-compose.test.yml run sut
-      - name: Set RELEASE
+      - name: Set VERSION
         if: github.ref == 'refs/heads/main'
         run: |
           # shellcheck disable=SC2086
-          RC="$(\grep ${IMAGE}/Dockerfile -e '^FROM' | \head -n 1 | \sed -e 's/^.*://; s/@.*$//;')"
-          if [[ "${RC}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] && ! \git show-ref --tags --verify --quiet "refs/tags/v${RC}" ; then
-            \echo "RELEASE=${RC}" >> "${GITHUB_ENV}"
+          VERSION="$(\grep ${IMAGE}/Dockerfile -e '^FROM' | \head -n 1 | \sed -e 's/@.*$//; s/^.*://;')"
+          if [[ "${VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] ; then
+            \echo "VERSION=${VERSION}" >> "${GITHUB_ENV}"
           fi
+      - name: Check if release already exists
+        if: env.VERSION != ''
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        id: check-release
+        with:
+          script: |
+            const { VERSION } = process.env
+            github.rest.repos.getReleaseByTag({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              tag: `v${VERSION}`,
+            }).catch(function(error) {
+              if (error.status === 404) {
+	        core.info(`Release v${VERSION} not found`)
+	      } else {
+                throw error
+              }
+            })
+          result-encoding: string
       - name: Trigger release
-        if: env.RELEASE != ''
+        if: env.VERSION != '' && steps.check-release.outputs.result == 'undefined'
         uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4
         env:
           GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
         with:
-          tag_name: v${{ env.RELEASE }}
+          tag_name: v${{ env.VERSION }}