Add GHCR login step to allow signing

.github/workflows/build.yml

@@ -1,4 +1,4 @@
-name: Push to GHCR
+name: Build image
 on:
   push:
   workflow_dispatch:
@@ -7,12 +7,13 @@ on:
 env:
     IMAGE_NAME: ${{ github.event.repository.name }}
     IMAGE_TAGS: latest ${{ github.sha }}
-    IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+    REGISTRY: ghcr.io
+    IMAGE_REGISTRY: ${{env.REGISTRY}}/${{ github.repository_owner }}
     REGISTRY_USER: ${{ github.actor }}
     REGISTRY_PASSWORD: ${{ github.token }}
 
 jobs:
-  push-ghcr:
+  build-push:
     name: Build and push image
     runs-on: ubuntu-22.04
     strategy:
@@ -56,6 +57,14 @@ jobs:
           extra-args: |
             --disable-content-trust
 
+      # Login to GHCR to sign the image
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+
       - name: Sign image with a key
         run: |
           cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ env.IMAGE_REGISTRY }}/${{ steps.build_image.outputs.image }}@${DIGEST}