1 files changed, 51 insertions, 25 deletions

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 08acff9..a279abe 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -5,34 +5,32 @@ on:
     tags:
     - 'v*'
 
+env:
+  REGISTRY_IMAGE: ghcr.io/museofficial/muse
+
 jobs:
   publish:
     strategy:
       matrix:
         runner-platform:
           - ubuntu-latest
-          - buildjet-4vcpu-ubuntu-2204-arm
+          - namespace-profile-default-arm64
         include:
           - runner-platform: ubuntu-latest
             build-arch: linux/amd64
             tagged-platform: amd64
-          - runner-platform: buildjet-4vcpu-ubuntu-2204-arm
+          - runner-platform: namespace-profile-default-arm64
             build-arch: linux/arm64
             tagged-platform: arm64
     runs-on: ${{ matrix.runner-platform }}
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
     steps:
       - name: Set up Buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: Cache Docker layers
-        # AWS data transfer is pricy
-        if: ${{ matrix.runner-platform != 'buildjet-4vcpu-ubuntu-2204-arm' }}
-        uses: actions/cache@v2
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-prs-${{ matrix.build-arch }}-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-prs-${{ matrix.build-arch }}
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
         uses: docker/login-action@v1
@@ -40,19 +38,26 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Get current time
         uses: josStorer/get-current-time@v2
         id: current-time
 
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
           push: true
-          tags: codetheweb/muse:${{ github.sha }}-${{ matrix.tagged-platform }}
+          tags: |
+            codetheweb/muse:${{ github.sha }}-${{ matrix.tagged-platform }}
+            ${{ env.REGISTRY_IMAGE }}:${{ github.sha }}-${{ matrix.tagged-platform }}
           platforms: ${{ matrix.build-arch }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache,mode=min
           build-args: |
             COMMIT_HASH=${{ github.sha }}
             BUILD_DATE=${{ steps.current-time.outputs.time }}
@@ -61,6 +66,11 @@ jobs:
     name: Combine platform tags
     runs-on: ubuntu-latest
     needs: publish
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
     steps:
       - uses: actions/checkout@v1
 
@@ -73,21 +83,37 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Get tags
-        id: get-tags
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get tags (Docker Hub)
+        id: get-tags-dockerhub
         uses: Surgo/docker-smart-tag-action@v1
         with:
           docker_image: codetheweb/muse
 
-      - name: Combine tags
-        run: docker buildx imagetools create $(echo '${{ steps.get-tags.outputs.tag }}' | tr "," "\0" | xargs -0 printf -- '-t %s ') 'codetheweb/muse:${{ github.sha }}-arm64' 'codetheweb/muse:${{ github.sha }}-amd64'
+      - name: Get tags (ghcr.io)
+        id: get-tags-ghcr
+        uses: Surgo/docker-smart-tag-action@v1
+        with:
+          docker_image: ${{ env.REGISTRY_IMAGE }}
+
+      - name: Combine tags (Docker Hub)
+        run: docker buildx imagetools create $(echo '${{ steps.get-tags-dockerhub.outputs.tag }}' | tr "," "\0" | xargs -0 printf -- '-t %s ') 'codetheweb/muse:${{ github.sha }}-arm64' 'codetheweb/muse:${{ github.sha }}-amd64'
+
+      - name: Combine tags (GitHub Container Registry)
+        run: docker buildx imagetools create $(echo '${{ steps.get-tags-ghcr.outputs.tag }}' | tr "," "\0" | xargs -0 printf -- '-t %s ') '${{ env.REGISTRY_IMAGE }}:${{ github.sha }}-arm64' '${{ env.REGISTRY_IMAGE }}:${{ github.sha }}-amd64'
 
       - name: Update Docker Hub description
         uses: peter-evans/[email protected]
-        env:
-          DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
-          DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
-          DOCKERHUB_REPOSITORY: codetheweb/muse
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: codetheweb/muse
 
   release:
     name: Create GitHub release