Add verification

Author: JarLob

.github/workflows/release.yml

@@ -44,4 +44,11 @@ jobs:
         with:
           subject-name: ${{ env.REGISTRY }}/${{ env.USER }}/${{ env.IMAGE_NAME }}
           subject-digest: '${{ steps.docker_build.outputs.digest }}'
-          push-to-registry: true
+          push-to-registry: true
+
+      - name: Verify
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+          gh attestation verify oci://ghcr.io/${{ env.USER }}/${{ env.IMAGE_NAME }}:${{ github.event.inputs.release_tag }} -R ${{ github.repository }}