From 46e301b2cd87048a087fb25ef47e263d4105ad49 Mon Sep 17 00:00:00 2001
From: clement-dufour <clmnt.dufour@gmail.com>
Date: Wed, 29 May 2024 00:25:38 +0200
Subject: [PATCH] Add GHCR login step to allow signing

---
 .github/workflows/build.yml | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 1052288..1752506 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,4 +1,4 @@
-name: Push to GHCR
+name: Build image
 on:
   push:
   workflow_dispatch:
@@ -7,12 +7,13 @@ on:
 env:
     IMAGE_NAME: ${{ github.event.repository.name }}
     IMAGE_TAGS: latest ${{ github.sha }}
-    IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+    REGISTRY: ghcr.io
+    IMAGE_REGISTRY: ${{env.REGISTRY}}/${{ github.repository_owner }}
     REGISTRY_USER: ${{ github.actor }}
     REGISTRY_PASSWORD: ${{ github.token }}
 
 jobs:
-  push-ghcr:
+  build-push:
     name: Build and push image
     runs-on: ubuntu-22.04
     strategy:
@@ -56,6 +57,14 @@ jobs:
           extra-args: |
             --disable-content-trust
 
+      # Login to GHCR to sign the image
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+
       - name: Sign image with a key
         run: |
           cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ env.IMAGE_REGISTRY }}/${{ steps.build_image.outputs.image }}@${DIGEST}