test: fix job permissions to upload container image to registry #12

	name: puppeteer-container

	on:
	push:
	branches: [ "puppeteer-container" ]
	tags: [ v* ]

	jobs:

	build:
	runs-on: ubuntu-latest

	permissions:
	contents: read
	packages: write
	attestations: write
	id-token: write

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: puppeteer

	steps:
	- name: Workaround Windows mess and set git to keep original line endings
	run: git config --global core.autocrlf false

	- uses: actions/checkout@v4

	- run: podman --version

	- name: Build container image
	run: \|
	podman build -t "$IMAGE_NAME" -f puppeteer.containerfile \
	--label "org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
	--label "org.opencontainers.image.description=Puppeteer container" \
	--label "org.opencontainers.image.licenses=MIT"

	- name: List images
	run: podman images

	- name: Test run
	run: podman run --rm --init --userns=keep-id -v $(pwd):/app -w /app $IMAGE_NAME ls -la

	- name: Login in to registry
	if: success()
	run: echo "${{ secrets.GITHUB_TOKEN }}" \| podman login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin

	- name: Push container image
	if: success()
	run: \|
	IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
	IMAGE_ID=$(echo $IMAGE_ID \| tr '[A-Z]' '[a-z]')
	VERSION=$(echo "${{ github.ref }}" \| sed -e 's,./$.$,\1,')
	[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION \| sed -e 's/^v//')
	[ "$VERSION" == "main" ] && VERSION=latest
	echo IMAGE_ID=$IMAGE_ID
	echo VERSION=$VERSION
	podman tag $IMAGE_NAME $IMAGE_ID:$VERSION
	podman push $IMAGE_ID:$VERSION

Provide feedback