ci: attempt to fix DCT key #17

	name: Build and publish signed Docker image

	on:
	workflow_dispatch:
	push:
	branches:
	- main

	jobs:
	multiarch-build:
	name: Build and publish signed image
	runs-on: ubuntu-latest

	env:
	IMAGE_NAME: nginxproxy/${{ github.event.repository.name }}
	IMAGE_TAG: signed

	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Load DCT delegation key
	env:
	DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DCT_KEY_PASSPHRASE }}
	DCT_KEY_PATH: ${{ github.workspace }}/.docker/trust/private/${{ vars.DCT_KEY_ID }}.key
	run: \|
	mkdir -p ${{ github.workspace }}/.docker/trust/private
	chmod -R 700 ${{ github.workspace }}/.docker/trust
	echo "${{ secrets.DCT_KEY_BASE64 }}" \| base64 -d > "$DCT_KEY_PATH"
	chmod 600 "$DCT_KEY_PATH"
	docker trust key load "$DCT_KEY_PATH"

	- name: Login to DockerHub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Build the image
	run: docker build -t ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} .

	- name: Push and sign the image
	env:
	DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DCT_KEY_PASSPHRASE }}
	run: \|
	docker trust sign ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}

	- name: Verify the image signature
	run: \|
	docker trust inspect --pretty ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}

	- name: Remove DCT delegation key
	env:
	DCT_KEY_PATH: ${{ github.workspace }}/.docker/trust/private/${{ vars.DCT_KEY_ID }}.key
	run: \|
	rm "$DCT_KEY_PATH"

Provide feedback