Use safer secret checking #22

	name: Build and Deploy

	on:
	push:

	env:
	GO_VERSION: "1.21"
	CI_REGISTRY_IMAGE: "${{ secrets.CI_REGISTRY }}/registration-relay"

	jobs:
	lint:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- uses: actions/setup-go@v4
	with:
	go-version: ${{ env.GO_VERSION }}
	cache: true
	- name: Install dependencies
	run: \|
	go install golang.org/x/tools/cmd/goimports@latest
	go install honnef.co/go/tools/cmd/staticcheck@latest
	export PATH="$HOME/go/bin:$PATH"
	python -m pip install pre-commit
	- name: Run pre-commit
	run: \|
	pre-commit run --all-files

	build-docker:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- uses: docker/setup-buildx-action@v2
	- uses: docker/login-action@v2
	with:
	registry: ${{ secrets.CI_REGISTRY }}
	username: ${{ secrets.CI_REGISTRY_USER }}
	password: ${{ secrets.CI_REGISTRY_PASSWORD }}
	- uses: docker/build-push-action@v2
	with:
	context: .
	cache-from: ${{ env.CI_REGISTRY_IMAGE }}:latest
	pull: true
	tags: ${{ env.CI_REGISTRY_IMAGE }}:${{ github.sha }}
	push: true

	deploy-docker:
	runs-on: ubuntu-latest
	if: github.ref == 'refs/heads/main'
	needs:
	- build-docker
	steps:
	- uses: docker/login-action@v2
	with:
	registry: ${{ secrets.CI_REGISTRY }}
	username: ${{ secrets.CI_REGISTRY_USER }}
	password: ${{ secrets.CI_REGISTRY_PASSWORD }}
	- uses: beeper/docker-retag-push-latest@main
	with:
	image: ${{ env.CI_REGISTRY_IMAGE }}

Provide feedback