Refactoring Juicebox GCP Service (#3) #1

	name: Build and Publish

	on:
	push:
	branches:
	- main

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: ${{ github.repository }}

	jobs:
	build_and_publish:
	name: Build and Publish
	runs-on: ubuntu-latest

	permissions:
	contents: read
	packages: write
	attestations: write
	id-token: write

	steps:
	- name: Checkout Code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Set up Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
	with:
	go-version: "1.22.6"
	check-latest: false

	- name: Build Executable
	run: \|
	go build ./cmd/jb-sw-realm

	- name: Login to GitHub Container Registry
	uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Extract metadata (tags, labels) for Docker
	id: meta
	uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

	- name: Build and push Docker image
	id: push
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
	with:
	context: .
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}

	- name: Generate artifact attestation
	uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
	with:
	subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
	subject-digest: ${{ steps.push.outputs.digest }}
	push-to-registry: true

Provide feedback