feat: improve dispatch security

.github/workflows/dispatch.yml

@@ -0,0 +1,33 @@
+name: Build and push dispatch Docker image
+on:
+  push:
+    paths:
+    - '.github/workflows/dispatch.yml'
+    - 'Cargo.lock'
+    - 'services/dispatch/'
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    if: github.repository == 'PluralKit/PluralKit'
+    steps:
+      - uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.CR_PAT }}
+      - uses: actions/checkout@v2
+      - run: echo "BRANCH_NAME=${GITHUB_REF#refs/heads/}" | sed 's|/|-|g' >> $GITHUB_ENV
+      - uses: docker/build-push-action@v2
+        with:
+          # https://github.com/docker/build-push-action/issues/378
+          context: .
+          push: true
+          file: services/dispatch/Dockerfile
+          tags: |
+            ghcr.io/pluralkit/dispatch:${{ github.sha }}
+            ghcr.io/pluralkit/dispatch:${{ env.BRANCH_NAME }}
+          cache-from: type=registry,ref=ghcr.io/pluralkit/pluralkit:${{ env.BRANCH_NAME }}
+          cache-to: type=inline