From f030a4aa170825f2c87575f26840229a4f179cd3 Mon Sep 17 00:00:00 2001
From: iverly <github@iverly.net>
Date: Mon, 15 Jul 2024 17:05:07 +0200
Subject: [PATCH] feat(ci): add build docker images workflow

Signed-off-by: iverly <github@iverly.net>
---
 .github/workflows/build-docker-images.yaml | 71 ++++++++++++++++++++++
 1 file changed, 71 insertions(+)
 create mode 100644 .github/workflows/build-docker-images.yaml

diff --git a/.github/workflows/build-docker-images.yaml b/.github/workflows/build-docker-images.yaml
new file mode 100644
index 0000000..63a1d46
--- /dev/null
+++ b/.github/workflows/build-docker-images.yaml
@@ -0,0 +1,71 @@
+name: Build docker images
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - .github/workflows/build-docker-images.yaml
+      - apps/**/Dockerfile
+      - apps/**/*.Dockerfile
+
+permissions:
+  contents: write
+
+jobs:
+  docker:
+    name: docker
+    concurrency:
+      group: docker
+      cancel-in-progress: false
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - name: ha-linky
+            path: apps/home-assistant
+            dockerfile: ha-linky.Dockerfile
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@v3.5.0
+        with:
+          cosign-release: "v2.2.4"
+
+      - name: Set outputs
+        id: vars
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          push: true
+          tags: ghcr.io/${{ github.repository }}/${{ matrix.name }}:${{ steps.vars.outputs.sha_short }}
+          context: ${{ matrix.path }}
+          file: ${{ matrix.path }}/${{ matrix.dockerfile }}
+          platforms: linux/amd64, linux/arm64
+          provenance: true
+          sbom: true
+
+      - name: Sign the images with GitHub OIDC Token
+        run: |
+          cosign sign --yes ghcr.io/${{ github.repository }}/${{ matrix.name }}:${{ steps.vars.outputs.sha_short }}