From 093e5bf65a24dcb273aadb105c59318a4fc8e200 Mon Sep 17 00:00:00 2001
From: Edoardo Rosa <6991986+notdodo@users.noreply.github.com>
Date: Fri, 13 Feb 2026 16:07:29 +0100
Subject: [PATCH] enh: add docker image push on main

---
 .github/workflows/python-ci.yml |  4 +--
 .github/workflows/release.yml   | 46 +++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/release.yml

diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml
index 18a339b..23b3b68 100644
--- a/.github/workflows/python-ci.yml
+++ b/.github/workflows/python-ci.yml
@@ -3,7 +3,7 @@ on:
   pull_request:
 
 concurrency:
-  group: ghas-security-scan-${{ github.ref }}
+  group: ghas-ci-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
@@ -14,7 +14,7 @@ jobs:
       security-events: write
     uses: notdodo/github-actions/.github/workflows/infra-security-scan.yml@infra-scan-v0
 
-  python-ci-pulumi:
+  python-ci:
     permissions:
       contents: read
     uses: notdodo/github-actions/.github/workflows/python-ci.yml@python-ci-v0
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..b86c663
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,46 @@
+name: Release Connector Image
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  infra-scan:
+    permissions:
+      contents: read
+      pull-requests: write
+      security-events: write
+    uses: notdodo/github-actions/.github/workflows/infra-security-scan.yml@infra-scan-v0
+
+  python-ci:
+    permissions:
+      contents: read
+    uses: notdodo/github-actions/.github/workflows/python-ci.yml@python-ci-v0
+    with:
+      working-directory: '.'
+
+  build-docker-image:
+    needs: [infra-scan, python-ci]
+    permissions:
+      attestations: write
+      contents: read
+      id-token: write
+      packages: write
+      security-events: write
+    uses: notdodo/github-actions/.github/workflows/docker-build-and-push.yml@docker-build-and-push-v0
+    with:
+      registry: docker.io
+      image: digintlab/opencti-connector
+      platforms: linux/amd64,linux/arm64
+      tags: |
+        type=raw,value=latest
+        type=sha
+      egress-policy-allowlist: >
+        deb.debian.org:443
+        deb.debian.org:80
+        files.pythonhosted.org:443
+        pypi.org:443
+      push: true
+    secrets:
+      registry-username: ${{ secrets.DOCKERHUB_USERNAME }}
+      registry-password: ${{ secrets.DOCKERHUB_TOKEN }}