---

name: CI Workflow

on: push

permissions:
  contents: read

jobs:
  docker-publish:
    defaults:
      run:
        shell: bash

    permissions:
      contents: read
      packages: write

    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4
        with:
          show-progress: false

      - name: Log into registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Docker Build
        run: |
          docker buildx build \
            --no-cache \
            --pull \
            --tag ghcr.io/${GITHUB_REPOSITORY,,}:latest \
            .

      - name: Docker Push
        run: |
          docker push ghcr.io/${GITHUB_REPOSITORY,,}:latest
        if: ${{ github.ref == 'refs/heads/master' }}

...