github: Deploy to AWS ECR Public instead of Docker Hub

.github/workflows/ci.yml

@@ -9,6 +9,10 @@ on:
   schedule:
     - cron: "00 03 * * 0"
 
+permissions:
+      id-token: write
+      contents: read
+
 env:
   MAKEFLAGS: -j2
 
@@ -144,22 +148,34 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Set up QEMU
+        timeout-minutes: 1
         uses: docker/setup-qemu-action@v1
 
       - name: Set up Docker Buildx
+        timeout-minutes: 1
         uses: docker/setup-buildx-action@v1
 
-      - name: Login
+      - name: Configure AWS credentials
+        timeout-minutes: 5
         if: github.event_name != 'pull_request' && github.ref_name == 'master'
-        uses: docker/login-action@v1
+        uses: aws-actions/configure-aws-credentials@v1
         with:
-          username: johang
+          role-to-assume: ${{ secrets.AWS_ROLE }}
-          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR Public
+        timeout-minutes: 5
+        if: github.event_name != 'pull_request' && github.ref_name == 'master'
+        id: login-ecr-public
+        uses: aws-actions/amazon-ecr-login@v1
+        with:
+          registry-type: public
 
       - name: Build and push
+        timeout-minutes: 30
         uses: docker/build-push-action@v2
         with:
           context: .
           platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' && github.ref_name == 'master' }}
-          tags: johang/sd-card-images:latest
+          tags: ${{ steps.login-ecr-public.outputs.registry }}/johang/sd-card-images:latest