Check protected production CI

.github/workflows/production_publish-image.yaml

@@ -0,0 +1,44 @@
+name: "Update docker images (production)"
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - feature/preview-images
+  schedule:
+    - cron: "41 9 * * *"
+
+jobs:
+  # Republish the default caddy:2-alpine docker image on Quay.io
+  v2-alpine:
+    runs-on: ubuntu-latest
+    environment: Production
+    steps:
+      - name: "Login to ${{ vars.CI_REGISTRY }}"
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.CI_REGISTRY }}
+          username: ${{ secrets.CI_REGISTRY_USER }}
+          password: ${{ secrets.CI_REGISTRY_PASSWORD }}
+      - name: "Pull from Docker Hub and republish on Quay.io"
+        run: |
+          docker pull caddy:2-alpine
+          docker tag caddy:2-alpine ${{ vars.CI_REGISTRY_IMAGE }}:v2-alpine-debug
+          docker push ${{ vars.CI_REGISTRY_IMAGE }}:v2-alpine-debug
+  # Build a customer Caddy docker image with Cloudflare DNS support and push it to Quay.io
+  v2-alpine_cloudflare:
+    runs-on: ubuntu-latest
+    environment: Production
+    steps:
+      - name: "Login to ${{ vars.CI_REGISTRY }}"
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.CI_REGISTRY }}
+          username: ${{ secrets.CI_REGISTRY_USER }}
+          password: ${{ secrets.CI_REGISTRY_PASSWORD }}
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          file: images/v2-alpine_cloudflare/Dockerfile
+          push: true
+          tags: ${{ vars.CI_REGISTRY_IMAGE }}:v2-alpine_cloudflare-debug