Add support for publishing to GitHub Container Registry

Set up GitHub Container Registry as an additional target for Docker images with corresponding login and metadata configuration. This ensures images are published to both Docker Hub and GitHub Container Registry, including proper attestations and metadata.

Signed-off-by: Moritz Friedrich <moritz@matchory.com>

Author: Radiergummi

.github/workflows/docker.yaml

@@ -11,6 +11,9 @@ on:
     # Runs every Monday at 03:00 UTC
     - cron: '0 3 * * 1'
 
+env:
+  REGISTRY: ghcr.io
+
 permissions:
   contents: read
   packages: write
@@ -167,12 +170,19 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Log in to Docker Hub
+      - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKER_USERNAME || vars.DOCKER_USERNAME || github.repository_owner }}
+          username: ${{ vars.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
+      - name: Login to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Determine Image Name
         id: image_name
 
@@ -191,10 +201,13 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ${{ env.IMAGE_NAME }}
+          images: |
+            ${{ env.IMAGE_NAME }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           labels: |
             org.opencontainers.image.title=${{ env.IMAGE_NAME }}
             org.opencontainers.image.version=${{ env.VERSION }}
+            org.opencontainers.vendor="Matchory GmbH"
           tags: |
             type=sha
             type=sha,prefix=${{ env.VERSION }}-
@@ -217,9 +230,16 @@ jobs:
           provenance: mode=max
           sbom: true
 
-      - name: Generate artifact attestation
+      - name: Generate artifact attestation for Docker Hub
         uses: actions/attest-build-provenance@v2
         with:
           subject-name: index.docker.io/${{ env.IMAGE_NAME }}
           subject-digest: ${{ steps.build.outputs.digest }}
           push-to-registry: true
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          subject-digest: ${{ steps.build.outputs.digest }}
+          push-to-registry: true