Add workflow for Taskwarrior Docker image (#3039)

The workflow is triggered by a successful run of the test suite and creates a Docker image with a Taskwarrior installation of the current branch (restricted to develop/stable)

.github/workflows/docker-image.yaml

@@ -0,0 +1,53 @@
+name: Taskwarrior Docker image
+
+on:
+  workflow_dispatch:
+  workflow_run:
+    workflows: [tests]
+    branches:
+      - develop
+      - stable
+    types:
+      - completed
+
+env:
+  REGISTRY: "ghcr.io"
+
+jobs:
+  build-and-push-docker-image:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          submodules: "recursive"
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@v2.8.1
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v2.1.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push Taskwarrior Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v3.2.0
+        with:
+          context: .
+          file: "./docker/task.dockerfile"
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ github.actor }}/task:${{ github.ref_name }}
+
+      - name: Sign the published Docker image
+        env:
+          COSIGN_EXPERIMENTAL: "true"
+        run: cosign sign ${{ env.REGISTRY }}/${{ github.actor }}/task@${{ steps.build-and-push.outputs.digest }}