Remove build_container and move publish action (#34)

* Remove build_container and move publish action

* Add readmes

* build and publish from main

Author: TomHennen

.github/workflows/build-tools.yml

@@ -5,15 +5,19 @@ on:
     branches: [ 'main' ]
     tags: [ 'v*' ]
     paths:
-      - tools/** # only rebuild if something under tools changed.
+      # only rebuild if something related to our docker images changed
+      - tools/**
+      - workflows/build-tools.yml
+      - source/tools/**
+      - publish/actions/container/**
   pull_request:
     branches: [ "**" ]
     paths:
       # only rebuild if something related to our docker images changed
       - tools/**
       - workflows/build-tools.yml
-      - actions/docker_builder/**
       - source/tools/**
+      - publish/actions/container/**
   workflow_dispatch:
 
 jobs:
@@ -25,10 +29,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        tool: [tools/build_container, source/tools/osv, source/tools/zizmor]
+        tool: [source/tools/osv, source/tools/zizmor]
     steps:
     - name: "build and publish"
-      uses: tomhennen/wrangle/actions/docker_builder@main
+      uses: tomhennen/wrangle/publish/actions/container@main
       with:
         path: ${{ matrix.tool }}
         imagename: ghcr.io/${{ github.repository }}/${{ matrix.tool }}

publish/README.md

@@ -0,0 +1,5 @@
+# Wrangle Publish
+
+This folder contains all the tools and actions for dealing with publication.
+
+For now it just includes container publication.

publish/actions/container/README.md

@@ -0,0 +1,14 @@
+# Wrangle Publish Container
+
+A GitHub action that builds and publishes a container image following best practices.
+
+This keeps build and publication together because that seems to be standard practice
+for container images (even if it isn't ideal.)
+
+TODO:
+
+- See if we can split build and publication.
+- Scan container for vulns.
+- Sign container image.
+- Generate provenance.
+- Generate SBOM.