ci: Make ci.yaml valid for both pushes and prs

I didn't really see the reason to keep the files split, when ci.yaml is pretty
easily made to work for both scenarios. We end up losing pushes pushing new
container images for non-main branch builds if not created by dependabot. That
was a lot to keep in context and also the correct thing to do. A push to a
branch by someone with write permissions could end up pushing to quay and
confusing things. So all in all we get better determenisitc behavior with
this setup.

Signed-off-by: Manuel Mendez <github@i.m.mmlb.dev>

Author: mmlb

.github/workflows/ci.yaml

@@ -1,8 +1,11 @@
-name: For each PR
+name: For each PR and Push
 on:
   pull_request:
     paths-ignore:
       - kernel/**
+  push:
+    paths-ignore:
+      - kernel/**
 jobs:
   validation:
     runs-on: ubuntu-20.04
@@ -16,7 +19,21 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
-      - uses: cachix/install-nix-action@v17
+      - name: Login to quay.io
+        if: github.ref == 'refs/heads/main'
+        uses: docker/login-action@v1
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+
+      - name: Figure Out Commit Short ID
+        id: commitid
+        run: |
+          echo ::set-output name=short::$(git rev-parse --short HEAD)
+
+      - name: Install nix
+        uses: cachix/install-nix-action@v17
         with:
           nix_path: nixpkgs=channel:nixos-unstable
 
@@ -26,10 +43,20 @@ jobs:
       - name: Run formatters and linters
         run: nix-shell --run .github/workflows/formatters-and-linters.sh
 
-      - name: Build
-        run: nix-shell --run 'make TAG=${{ github.sha }} dist'
+      - name: Build Hook Tarballs
+        run: nix-shell --run 'make TAG=${{steps.commitid.outputs.short}} dist'
+
+      - name: Publish Hook
+        if: github.ref == 'refs/heads/main'
+        run: |
+          # Build and push the container images
+          nix-shell --run 'make TAG=${{steps.commitid.outputs.short}} push'
+          nix-shell --run 'make TAG=latest push'
+          # Build and push the linuxkit images
+          nix-shell --run 'make TAG=${{steps.commitid.outputs.short}} deploy'
+          nix-shell --run 'make TAG=latest deploy'
 
       - uses: actions/upload-artifact@v3
         with:
-          name: hook-${{ github.sha }}.tar.gz
-          path: out/${{ github.sha }}/rel/hook-${{ github.sha }}.tar.gz
+          name: hook-${{steps.commitid.outputs.short}}.tar.gz
+          path: out/hook-${{steps.commitid.outputs.short}}.tar.gz