Bump golang.org/x/net from 0.17.0 to 0.23.0 #30

	name: container-images

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main

	jobs:
	build-and-push-images:
	runs-on: ubuntu-latest

	permissions:
	contents: read
	packages: write

	strategy:
	matrix:
	image:
	- function-mmsys-test-encode
	- function-mmsys-test-scene-detection
	- function-noop
	- function-sleep
	- gateway-nbmp
	- workflow-manager
	- workflow-manager-helper
	- workflow-opentelemetry-adapter
	- workflow-vacuum

	steps:
	- uses: actions/checkout@v4

	- uses: docker/login-action@v3
	if: ${{ github.event_name == 'push' }}
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: set up Docker buildx
	uses: docker/setup-buildx-action@v3
	with:
	platforms: linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x

	# FIXME: disable provenance due to https://github.com/snok/container-retention-policy/issues/63
	- name: build and push container images
	run: \|
	case "${{ github.event_name }}" in
	push) BUILDX_OUTPUT='--push' ;;
	*) BUILDX_OUTPUT='' ;;
	esac

	make image-${{ matrix.image }} \
	IMAGE_PLATFORMS=linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x \
	BUILDX_OUTPUT="${BUILDX_OUTPUT} --provenance=false"

	- name: delete untagged container images
	uses: snok/container-retention-policy@v2
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	token-type: github-token
	account-type: org
	org-name: nagare-media
	image-names: engine/${{ matrix.image }}
	untagged-only: true
	cut-off: 1 day ago UTC

Provide feedback