V.0.0.3 #3

	name: Publish package and image to GitHub Packages
	on:
	release:
	types: [created]
	jobs:
	publish:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-java@v3
	with:
	java-version: '17'
	distribution: 'liberica'
	- name: Publish package
	run: mvn --batch-mode deploy
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USER }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	- name: Build image
	run: docker build . --file Dockerfile --platform linux/amd64 --tag "andifalk/supply-chain-security:${GITHUB_REF_NAME}"
	- name: Push image
	run: docker push "andifalk/supply-chain-security:${GITHUB_REF_NAME}"
	- name: Install Cosign
	uses: sigstore/[email protected]
	- name: Sign image with a key
	run: cosign sign --yes --key env://COSIGN_PRIVATE_KEY "${GITHUB_REF_NAME}@${DIGEST}"
	env:
	COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	DIGEST: ${{ steps.build-image.outputs.digest }}

Provide feedback