Docker build and push #24

	name: Docker build and push

	on:
	push:
	tags: [ 'v..*' ]
	workflow_run:
	workflows: ['Get latest awsebcli']
	types:
	- completed
	workflow_dispatch:

	env:
	IMAGE_NAME: ph200/aws-eb-cli

	jobs:
	build:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	# This is used to complete the identity challenge
	# with sigstore/fulcio when running outside of PRs.
	id-token: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v3

	# Install the cosign tool except on PR
	# https://github.com/sigstore/cosign-installer
	- name: Install cosign
	if: github.event_name != 'pull_request'
	uses: sigstore/cosign-installer@main

	- name: Setup Docker buildx
	uses: docker/setup-buildx-action@v2

	- name: Log into Docker Hub
	if: github.event_name != 'pull_request'
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Get awsebcli version
	if: github.event_name != 'pull_request'
	run: \|
	echo "ebver=$(cat VERSION)" >> $GITHUB_ENV

	- name: Extract Docker metadata
	id: meta
	uses: docker/metadata-action@v4
	with:
	images: ${{ env.IMAGE_NAME }}
	tags: \|
	latest
	${{ env.ebver }}

	- name: Build and push
	id: build-and-push
	uses: docker/build-push-action@v4
	with:
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	cache-from: type=gha
	cache-to: type=gha,mode=max

	- name: Sign the published Docker image
	if: ${{ github.event_name != 'pull_request' }}
	run: xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }}

Provide feedback