feat: Added workflow to build and push images to ghcr #23

	name: Publish and Sign Container Image

	env:
	REGISTRY: ghcr.io

	on:
	push:
	branches:
	- main
	paths:
	- .github/workflows/build.yml
	- "**/Dockerfile"
	schedule:
	- cron: "17 07 * * 0"

	jobs:
	build-push-image:
	runs-on: ubuntu-24.04

	permissions:
	contents: read
	packages: write
	id-token: write

	strategy:
	fail-fast: false
	matrix:
	include:
	- image: spotify
	file: distroboxes/spotify/Containerfile
	- image: steam
	file: distroboxes/steam/Containerfile

	steps:
	- name: Setup Docker buildx
	uses: docker/setup-buildx-action@v3

	- name: Install cosign
	uses: sigstore/cosign-installer@v3
	with:
	cosign-release: "v2.4.1"

	- name: Extract metadata (tags, labels) for Docker
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.image }}-container
	tags: \|
	latest
	type=sha,format=long

	- name: Log into ${{ env.REGISTRY }}
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.repository_owner }}
	password: ${{ github.token }}

	- name: Build and push container image
	id: push-step
	uses: docker/build-push-action@v6
	with:
	push: true
	file: ${{ matrix.file }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	cache-from: type=gha
	cache-to: type=gha,mode=max

	- name: Sign the container image
	run: cosign sign --yes ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.image }}-container@${{ steps.push-step.outputs.digest }} ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.image }}-container:latest

Provide feedback