fix[ci]: Make image push and sign properly

.github/workflows/docker-publish.yaml

@@ -2,8 +2,7 @@ name: Publish Docker image
 
 on:
   push:
-    branches: ["main"]
-    tags: ["1.1.7"]
+    branches: ["main", "fix-ci"]
   pull_request:
     branches: ["main"]
 
@@ -64,13 +63,17 @@ jobs:
         id: build-and-push
         uses: mr-smithers-excellent/docker-build-push@v6
         with:
-          image: gcups/fajfer
+          image: gcups
           tags: ${{ env.TAG_NAME }}
           registry: ${{ env.REGISTRY }}
+          dockerfile: gcups/Dockerfile
           directory: gcups
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Save digest
+        id: digest-saver
+        run: echo "digest=$(docker manifest inspect ghcr.io/fajfer/gcups:1.1.7 | jq -r '.config.digest')" >> "$GITHUB_OUTPUT"
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker
       # repository is public to avoid leaking data.  If you would like to publish
@@ -81,7 +84,7 @@ jobs:
         env:
           # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
           TAGS: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TAG_NAME }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          DIGEST: ${{ steps.digest-saver.outputs.digest }}
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
         run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}