Build&publish the base container to GHCR + point to it from action

[webknjaz]

Example image build+publish workflow: https://github.com/ansible/pylibssh/blob/devel/.github/workflows/build-manylinux-container-images.yml

Example of an action pointer: https://github.com/fedora-python/tox-github-action/blob/9f7d1ff/action.yaml#L14

[richard-engineering]

More needed now that 2FA is being enforced as the build times are quite long.

[webknjaz]

What does it have to do with 2FA?

[richard-engineering]

This Github Action is officially recommended by the official PyPI docs linked to by the article on 2FA enforcement. Previously prior to 2FA enforcement uploading could be done via username/password (eg via flit publish) in CI which is a rather quick process. It's unfortunate that the recommended reference solution linked in the documentation can take up to 5+ minutes to build. Putting this on GHCR would avoid the need to build the images.

[webknjaz]

Using API tokens still works, it hasn't gone anywhere. Putting shared username+password pairs online was always problematic, and everyone should've switched to scoped API tokens like 5 years ago.