Build Whisper NPU Server #5

	name: Build Whisper NPU Server

	on:
	workflow_dispatch:
	push:
	branches:
	- main
	paths-ignore:
	- "**.md"
	- "LICENSE"
	pull_request:
	branches:
	- main

	env:
	IMAGE_NAME: whisper-npu-server
	IMAGE_REGISTRY: ghcr.io/mecattaf

	jobs:
	build-and-push:
	name: Build and Push Image
	runs-on: ubuntu-22.04
	permissions:
	contents: read
	packages: write
	id-token: write

	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and Push
	id: build_and_push
	uses: docker/build-push-action@v5
	with:
	context: .
	file: ./Dockerfile
	push: ${{ github.event_name != 'pull_request' }}
	tags: \|
	${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:latest
	${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
	labels: \|
	org.opencontainers.image.source=${{ github.event.repository.html_url }}
	org.opencontainers.image.revision=${{ github.sha }}

	- name: Install cosign
	if: github.event_name != 'pull_request'
	uses: sigstore/[email protected]

	- name: Sign container image
	if: github.event_name != 'pull_request'
	run: \|
	cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}@${TAGS}
	env:
	TAGS: ${{ steps.build_and_push.outputs.digest }}
	COSIGN_EXPERIMENTAL: false
	COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}

Provide feedback