Docker Publish #2

	name: Docker Publish

	on:
	workflow_dispatch:
	inputs:
	version:
	description: 'Example: 4.0.0-incubating'
	required: true
	artifact_url:
	description: 'Optional; default resolves from version'
	required: false

	permissions:
	contents: read

	jobs:
	publish:
	if: github.repository == 'apache/bifromq'
	name: "Publish Docker Image"
	runs-on: ubuntu-latest
	env:
	IMAGE_REPO: apache/bifromq
	steps:
	- uses: actions/checkout@v4
	- uses: docker/setup-qemu-action@v3
	- uses: docker/setup-buildx-action@v3
	- name: "Login DockerHub"
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USER }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	- name: "Download and verify artifact"
	run: \|
	set -euo pipefail
	ARTIFACT_URL="${{ inputs.artifact_url }}"
	if [ -z "$ARTIFACT_URL" ]; then
	ARTIFACT_URL="https://downloads.apache.org/incubator/bifromq/${{ inputs.version }}/apache-bifromq-${{ inputs.version }}.tar.gz"
	fi
	curl -fSL "$ARTIFACT_URL" -o /tmp/apache-bifromq-${{ inputs.version }}.tar.gz
	curl -fSL "${ARTIFACT_URL}.sha512" -o /tmp/apache-bifromq-${{ inputs.version }}.tar.gz.sha512
	cd /tmp
	sha512sum --check "apache-bifromq-${{ inputs.version }}.tar.gz.sha512"
	- name: "Build image"
	run: \|
	set -euo pipefail
	chmod +x release/docker-build.sh
	release/docker-build.sh -t "${IMAGE_REPO}:${{ inputs.version }}" "/tmp/apache-bifromq-${{ inputs.version }}.tar.gz"
	- name: "Push image"
	run: \|
	set -euo pipefail
	docker push "${IMAGE_REPO}:${{ inputs.version }}"

Provide feedback