CICD automate the publishing to hub.docker.com (to remove developers machines from the mix)

[duttonw]

To improve supply chain security of the CKAN ecosystem. Can we look at integrating correct tagging on git + auto deployments from github actions into hub.docker.com.

https://docs.github.com/en/actions/use-cases-and-examples/publishing-packages/publishing-docker-images

https://docs.github.com/en/code-security/supply-chain-security/end-to-end-supply-chain/securing-builds#generate-artifact-attestations-for-your-builds
https://en.wikipedia.org/wiki/Supply_chain_attack

[amercader]

That's precisely what we started doing in the last Docker release.

The new release process includes automatic pushing and tagging of the images to Docker Hub via GitHub actions.

There are also some basic tests performed on each push, that can be expanded to account for scenarios not covered initially, like the one reported in #192: ckan/ckan-docker-base#95

This was done as part of the wider effort to automate various publishing operations in CKAN (ckan/ckan#8143). PyPI publication and Docker images are done, we'll tackle deb packages in the coming weeks.

Let me know if you want to suggest further process improvements.