ci: more permissions and env vars

.github/workflows/build-docker.yml

@@ -10,7 +10,9 @@ jobs:
 
   build:
     runs-on: ubuntu-latest
+
     permissions:
+      contents: read
       packages: write
 
     steps:
@@ -41,18 +43,27 @@ jobs:
     - name: Docker Login
       uses: docker/[email protected]
       with:
-        registry: ghcr.io
+        registry: ${{ env.REGISTRY }}
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
-
+
+    - name: Docker Metadata action
+      id: meta
+      uses: docker/[email protected]
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=raw,value=${{ github.run_number }}
+          type=raw,value=latest
+          type=sha
+          
     - name: Build Docker image
       uses: docker/[email protected]
       with:
         context: .
         file: ./Dockerfile
-        tags: |
-          ghcr.io/${{ github.repository }}:${{ github.run_number }}
-          ghcr.io/${{ github.repository }}:latest
+        tags: ${{ steps.meta.output.tags }}
+        labels: ${{ steps.meta.output.labels }}
         push: ${{ github.event_name != 'pull_request' }}
         cache-from: type=local,src=/tmp/.buildx-cache
         cache-to: type=local,dest=/tmp/.buildx-cache