Back to non-testing buildkit #11

	name: docker-build

	on:
	push:
	branches: ["main"]
	# Publish semver tags as releases.
	tags: ["v..*"]
	pull_request_target:
	branches: ["main"]

	env:
	# github.repository as <account>/<repo>
	IMAGE_NAME: openpubkey/demo
	SHA: ${{ github.event.pull_request.head.sha \|\| github.event.after }}
	DOCKERFILE_PATH: Dockerfile

	jobs:
	build:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	id-token: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	with:
	ref: ${{ env.SHA }}

	- name: Expose GitHub Runtime
	uses: crazy-max/ghaction-github-runtime@v2

	- name: Setup Docker buildx
	uses: docker/[email protected]
	with:
	driver-opts: \|
	image=openpubkey/buildkit:opk-signing
	env.ACTIONS_ID_TOKEN_REQUEST_URL=${{ env.ACTIONS_ID_TOKEN_REQUEST_URL }}
	env.ACTIONS_ID_TOKEN_REQUEST_TOKEN=${{ env.ACTIONS_ID_TOKEN_REQUEST_TOKEN }}

	- name: Log into registry
	if: ${{ github.event_name == 'push' \|\| github.event.inputs.push }}
	uses: docker/[email protected]
	with:
	username: jonnystoten2
	password: ${{ secrets.DOCKERHUB_WRITE_PAT }}

	- name: Extract Docker metadata
	id: meta
	uses: docker/[email protected]
	with:
	images: ${{ env.IMAGE_NAME }}

	- name: Build and push Docker image on push
	id: build-and-push
	uses: docker/[email protected]
	with:
	context: .
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	platforms: "linux/amd64,linux/arm64"
	sbom: true
	provenance: true
	cache-from: type=gha
	cache-to: type=gha,mode=max

Provide feedback