---

name: CI Workflow

on: push

permissions:
  contents: read

jobs:
  docker-publish:
    defaults:
      run:
        shell: bash

    permissions:
      contents: read
      packages: write

    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4
        with:
          show-progress: false

      - name: Log into registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Docker Build & Push
        run: |
          tag=$(awk -F: '/FROM.*argocd/{ print $2 }' Dockerfile)

          docker buildx build \
            --no-cache \
            --pull \
            --tag ghcr.io/${GITHUB_REPOSITORY,,}:${tag} \
            .
          docker push ghcr.io/${GITHUB_REPOSITORY,,}:${tag}

...