chore: add a container diff to find unexpected changes

Author: rjaegers

.github/workflows/wc-build-push.yml

@@ -160,6 +160,19 @@ jobs:
           echo "digest=$(echo "$output" | jq -r '.manifest.digest // .manifests[0].digest')" >> "$GITHUB_OUTPUT"
         env:
           CONTAINER_VERSION: ${{ steps.metadata.outputs.version }}
+      - run:
+          set -Eeuo pipefail
+          wget -O diffoci https://github.com/reproducible-containers/diffoci/releases/download/v0.1.7/diffoci-v0.1.7.linux-amd64
+          chmod +x diffoci
+          diffoci diff --semantic --report=container-diff.json ${FROM_CONTAINER} ${TO_CONTAINER}
+        env:
+          FROM_CONTAINER: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}:edge
+          TO_CONTAINER: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}:${{ steps.metadata.outputs.version }}
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: container-diff
+          path: container-diff.json
+          retention-days: 10
       - uses: ./.github/actions/container-size-diff
         id: container-size-diff
         with: