add permission #38

	name: Build and Push Docker Image to ECR

	on:
	push:
	branches:
	- example/pipeline-bebe # or specify any branch you want to trigger this workflow on

	permissions:
	id-token: write
	contents: read

	jobs:
	build-and-push:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout the code
	uses: actions/checkout@v3

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v2

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v2
	with:
	role-to-assume: arn:aws:iam::697698820969:role/GithubActionAssumeRole
	aws-region: us-east-1

	- name: Log in to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v2

	- name: Build, tag, and push Docker image
	env:
	ECR_URI: "697698820969.dkr.ecr.us-east-1.amazonaws.com/web-app"
	IMAGE_TAG: latest-beb
	run: \|
	yarn --frozen-lockfile
	yarn nx build api-flowaccount-workshop
	docker build -t $ECR_URI:$IMAGE_TAG .
	docker push $ECR_URI:$IMAGE_TAG

	# - name: Image digest
	# run: \|
	# IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ env.REPO_URI }}:${{ github.sha }})
	# echo "Docker image pushed: $IMAGE_DIGEST"

Provide feedback