[RFC][PATCH 2/4] ci: only tag container with newest tag with latest-release
2 views
Skip to first unread message
Felix Moessbauer
Sep 17, 2025, 8:48:38 AM (9 days ago) Sep 17
to kas-...@googlegroups.com, Felix Moessbauer
When rebuilding existing git tags, we must only tag the container with
the "biggest" version with "latest-release". This is especially
important once we add bugfix versions, as these would overwrite the tag
otherwise.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
.github/workflows/release.yml | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ac3e0a3e6..736587d14 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -28,6 +28,8 @@ jobs:
deploy-user: ${{ github.actor }}
deploy-token: ${{ secrets.GITHUB_TOKEN }}
image-name: ${{ matrix.image-name }}
+ - name: Find latest tag
+ run: echo "LATEST_TAG=$(git tag | sort --version-sort | tail -n1)" >> $GITHUB_ENV
- name: Build ${{ matrix.image-name }} image
uses: docker/build-push-action@v6
id: push
@@ -42,7 +44,7 @@ jobs:
outputs: type=registry,rewrite-timestamp=true
tags: |
ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:${{ env.RELEASE_VERSION }}
- ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:latest-release
+ ${{ github.ref_name == env.LATEST_TAG && format('ghcr.io/{0}/{1}:latest-release', github.repository, matrix.image-name) || '' }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
uses: actions/attest-build-provenance@v1
--
2.51.0
the "biggest" version with "latest-release". This is especially
important once we add bugfix versions, as these would overwrite the tag
otherwise.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
.github/workflows/release.yml | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ac3e0a3e6..736587d14 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -28,6 +28,8 @@ jobs:
deploy-user: ${{ github.actor }}
deploy-token: ${{ secrets.GITHUB_TOKEN }}
image-name: ${{ matrix.image-name }}
+ - name: Find latest tag
+ run: echo "LATEST_TAG=$(git tag | sort --version-sort | tail -n1)" >> $GITHUB_ENV
- name: Build ${{ matrix.image-name }} image
uses: docker/build-push-action@v6
id: push
@@ -42,7 +44,7 @@ jobs:
outputs: type=registry,rewrite-timestamp=true
tags: |
ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:${{ env.RELEASE_VERSION }}
- ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:latest-release
+ ${{ github.ref_name == env.LATEST_TAG && format('ghcr.io/{0}/{1}:latest-release', github.repository, matrix.image-name) || '' }}
annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
- name: Attest ${{ matrix.image-name }} image
uses: actions/attest-build-provenance@v1
--
2.51.0
Jan Kiszka
Sep 18, 2025, 1:15:32 AM (8 days ago) Sep 18
to Felix Moessbauer, kas-...@googlegroups.com
Jan
--
Siemens AG, Foundational Technologies
Linux Expert Center
MOESSBAUER, Felix
Sep 18, 2025, 3:21:30 AM (8 days ago) Sep 18
to Kiszka, Jan, kas-...@googlegroups.com
Felix
>
> Jan
>
> --
> Siemens AG, Foundational Technologies
> Linux Expert Center
Siemens AG
Linux Expert Center
Friedrich-Ludwig-Bauer-Str. 3
85748 Garching, Germany
Jan Kiszka
Sep 19, 2025, 3:50:24 AM (7 days ago) Sep 19
to Felix Moessbauer, kas-...@googlegroups.com
On 17.09.25 14:48, 'Felix Moessbauer' via kas-devel wrote:
Jan
> annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
> - name: Attest ${{ matrix.image-name }} image
> uses: actions/attest-build-provenance@v1
--
MOESSBAUER, Felix
Sep 19, 2025, 6:38:47 AM (7 days ago) Sep 19
to Kiszka, Jan, kas-...@googlegroups.com
if github.ref_name == env.LATEST_TAG:
format('ghcr.io/.../latest-release')
else:
''
This is expressed in horrible GitHub string expressions.
I'm also open for better ideas to achieve the same.
Felix
>
> Jan
>
> > annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
> > - name: Attest ${{ matrix.image-name }} image
> > uses: actions/attest-build-provenance@v1
>
>
> --
> Siemens AG, Foundational Technologies
> Linux Expert Center
Jan Kiszka
Sep 19, 2025, 8:11:49 AM (7 days ago) Sep 19
to Moessbauer, Felix (FT RPD CED OES-DE), kas-...@googlegroups.com
Jan
Jan Kiszka
Sep 22, 2025, 2:25:21 AM (4 days ago) Sep 22
to Moessbauer, Felix (FT RPD CED OES-DE), kas-...@googlegroups.com
On 19.09.25 12:38, Moessbauer, Felix (FT RPD CED OES-DE) wrote:
Whoever designed that should be punished.
Jan
MOESSBAUER, Felix
Sep 22, 2025, 3:34:26 AM (4 days ago) Sep 22
to Kiszka, Jan, kas-...@googlegroups.com
just use that. That's probably better maintainable.
Just let me know.
> Whoever designed that should be punished.
Felix
>
> Jan
>
> --
> Siemens AG, Foundational Technologies
> Linux Expert Center
Jan Kiszka
Sep 22, 2025, 6:00:17 AM (4 days ago) Sep 22
to Moessbauer, Felix (FT RPD CED OES-DE), kas-...@googlegroups.com
Jan
Reply all
Reply to author
Forward
0 new messages