fix: build (#5)

Author: roderik

.github/workflows/branch.yml

@@ -53,6 +53,9 @@ jobs:
             out
             ~/.foundry
 
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
@@ -83,12 +86,12 @@ jobs:
         id: test
 
       - name: Docker meta
-        id: meta
+        id: docker_meta
         uses: docker/metadata-action@v5
         with:
           # list of Docker images to use as base name for tags
           images: |
-            ghcr.io/settlemint/solidity-empty
+            ghcr.io/settlemint/solidity-token-erc721a
           # generate Docker tags based on the following events/attributes
           tags: |
             type=schedule
@@ -101,9 +104,24 @@ jobs:
 
       - name: Build and push
         uses: docker/build-push-action@v5
+        id: build-and-push
         with:
+          load: false
+          provenance: true
+          sbom: true
+          push: true
           platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
           no-cache: true
+
+      - name: Sign the images with GitHub OIDC Token
+        env:
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          TAGS: ${{ steps.docker_meta.outputs.tags }}
+        run: |
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
+          done
+          cosign sign --yes ${images}