feat: rootfs - build/upload action and Dockerfile #11

	name: Build and Push Rootfs Docker Image

	on:
	push:
	branches:
	- main
	#paths:
	# - 'Dockerfile'
	pull_request: # TODO: remove, we should only be pushing to ECR on merge to main.
	branches:
	- main
	#paths:
	# - 'Dockerfile'
	workflow_dispatch:

	permissions:
	# This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
	# More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
	id-token: write
	contents: write
	pull-requests: write # TODO: remove, we should only be pushing to ECR on merge.

	jobs:
	build-rootfs-image:
	runs-on: ubuntu-latest
	steps:
	- name: configure aws credentials
	uses: aws-actions/configure-aws-credentials@v2
	with:
	aws-region: ${{ secrets.REGION }}
	role-to-assume: ${{ secrets.ROLE }}
	role-session-name: rootfs-ecr-image-upload-session

	- name: checkout repo
	uses: actions/checkout@v3
	with:
	fetch-depth: 0
	persist-credentials: false

	- name: Build, Tag, and Push Image
	run: \|
	# create sha256 of the Dockerfile to use as tag
	HASH=$(sha256sum Dockerfile \| cut -d ' ' -f 1)
	# make empty tempdir for build context
	BUILDCTX=$(mktemp -d)

	DOCKER_BUILDKIT=1 docker build -f Dockerfile -t ${{ secrets.ROOTFS_IMAGE_ECR_REPOSITORY_NAME }}:"$HASH" "$BUILDCTX"
	docker tag ${{ secrets.ROOTFS_IMAGE_ECR_REPOSITORY_NAME }}:"$HASH" ${{ secrets.ROOTFS_IMAGE_ECR_REPOSITORY_NAME }}:"$HASH"
	docker push ${{ secrets.ROOTFS_IMAGE_ECR_REPOSITORY_NAME }}:"$HASH"

Provide feedback