feat: update CI and dependabot

.github/dependabot.yml

@@ -10,3 +10,9 @@ updates:
       - '.github/**/*'
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 3
+    groups:
+      dependencies:
+        patterns:
+          - "*"

.github/workflows/docker-build.yml

@@ -11,33 +11,19 @@ env:
   # If you want to change the path, please set `secrets.IMAGE_PATH` .
   IMAGE_BASE_PATH: "ghcr.io/${{ github.repository_owner }}/electrs"
 
-jobs:
-  check_image_env:
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: stop CI
-        if: ${{ github.event_name != 'pull_request' }}
-        shell: bash
-        env:
-          TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          if [ "${{ secrets.REGISTRY_USERNAME }}" != "" ]; then
-              exit 0 ;
-          fi
-          curl -X POST -H "Content-Type: application/json" -H "Authorization: token $TOKEN" https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/cancel
-          while true; do echo "Waiting for job to be cancelled"; sleep 5; done
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number || github.sha }}
+  cancel-in-progress: true
 
+jobs:
   build_and_push_elements_image:
-    runs-on: ubuntu-24.04
-    needs: check_image_env
+    runs-on: ubuntu-latest
     timeout-minutes: 120
     permissions:
       contents: read
-      pull-requests: write
+      packages: write
+      attestations: write
+      id-token: write
     steps:
       - name: checkout
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
@@ -65,7 +51,7 @@ jobs:
         uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
         with:
           # list of Docker images to use as base name for tags
-          images: name=${{ steps.image_path.outputs.IMAGE_PATH }}
+          images: ${{ steps.image_path.outputs.IMAGE_PATH }}
           # generate Docker tags based on the following events/attributes
           tags: |
             type=ref,event=tag
@@ -90,8 +76,8 @@ jobs:
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ghcr.io
-          username: ${{ secrets.REGISTRY_USERNAME }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build only
         if: ${{ github.event_name == 'pull_request' }}
@@ -123,12 +109,13 @@ jobs:
           severity: CRITICAL,HIGH
 
   build_and_push_bitcoin_image:
-    runs-on: ubuntu-24.04
-    needs: check_image_env
+    runs-on: ubuntu-latest
     timeout-minutes: 120
     permissions:
       contents: read
-      pull-requests: write
+      packages: write
+      attestations: write
+      id-token: write
     steps:
       - name: checkout
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
@@ -156,7 +143,7 @@ jobs:
         uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
         with:
           # list of Docker images to use as base name for tags
-          images: name=${{ steps.image_path.outputs.IMAGE_PATH }}
+          images: ${{ steps.image_path.outputs.IMAGE_PATH }}
           # generate Docker tags based on the following events/attributes
           flavor: |
             latest=auto
@@ -184,8 +171,8 @@ jobs:
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ghcr.io
-          username: ${{ secrets.REGISTRY_USERNAME }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build only
         if: ${{ github.event_name == 'pull_request' }}