Build and publish Docker images #75

	name: Build and publish Docker images

	on:
	push:
	branches:
	- el9-php81
	workflow_dispatch:

	permissions:
	contents: read
	packages: write

	env:
	IMAGE_NAME: tuleap-aio-dev

	jobs:
	build:
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@v3
	- name: Get lowercase base image name
	run: echo BASE_IMAGE_NAME="$(echo ${{ github.repository_owner }} \| tr '[A-Z]' '[a-z]')" >> $GITHUB_ENV
	- name: Build image
	run: docker build -t ghcr.io/${{ env.BASE_IMAGE_NAME }}/${{ env.IMAGE_NAME }}:${GITHUB_REF#refs/heads/} --label org.opencontainers.image.revision=${{ github.sha }} --label workflow_run_id=${{ github.run_id }} .
	- name: Install Cosign
	uses: sigstore/[email protected]
	- name: Log into ghcr.io
	run: echo "${{ secrets.GITHUB_TOKEN }}" \| docker login ghcr.io -u ${{ github.actor }} --password-stdin
	- name: Publish image
	run: docker push ghcr.io/${{ env.BASE_IMAGE_NAME }}/${{ env.IMAGE_NAME }}:${GITHUB_REF#refs/heads/}
	- name: Sign image
	env:
	VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
	run: \|
	export VAULT_TOKEN=$(curl "$VAULT_ADDR"/v1/auth/approle/login --silent --fail -X POST --data '{"role_id": "${{ secrets.VAULT_ROLE_ID_SIGNING }}", "secret_id": "${{ secrets.VAULT_SECRET_ID_SIGNING }}"}' \| jq -r '.auth.client_token')
	cosign sign --yes --tlog-upload=true --key hashivault://tuleap-additional-tools-signing "$(docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/${{ env.BASE_IMAGE_NAME }}/${{ env.IMAGE_NAME }}:${GITHUB_REF#refs/heads/})"

Provide feedback