From 9db4c093e21a8957704c2a926c40b66419b567a5 Mon Sep 17 00:00:00 2001 From: Matithieu Date: Tue, 2 Sep 2025 09:54:13 +0200 Subject: [PATCH 1/6] fix: update Git tag creation condition to only run on pull requests --- .github/workflows/build-and-push-image.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml index 76f726b..495b30c 100644 --- a/.github/workflows/build-and-push-image.yml +++ b/.github/workflows/build-and-push-image.yml @@ -63,9 +63,12 @@ jobs: docker logout "${NEXUS_DOCKER_URL}" - name: Create and push Git tag - if: github.event_name != 'pull_request' + if: github.event_name == 'pull_request' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | git config user.name "GitHub Actions" git config user.email "actions@github.com" git tag -a "${NEW_VERSION}" -m "Release ${NEW_VERSION}" + git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${{ github.repository }} git push origin "${NEW_VERSION}" From 219fd11b53f3b173d49c0c4ed412896d550e3f1b Mon Sep 17 00:00:00 2001 From: Matithieu Date: Tue, 2 Sep 2025 10:32:22 +0200 Subject: [PATCH 2/6] feat: enhance CI workflow with SSH setup and update Git tag creation condition --- .github/workflows/build-and-push-image.yml | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml index 495b30c..3a79587 100644 --- a/.github/workflows/build-and-push-image.yml +++ b/.github/workflows/build-and-push-image.yml @@ -62,13 +62,23 @@ jobs: docker push $IMAGE docker logout "${NEXUS_DOCKER_URL}" + - name: Set up SSH for CI + run: | + mkdir -p ~/.ssh + echo "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + ssh-keyscan github.com >> ~/.ssh/known_hosts + - name: Create and push Git tag - if: github.event_name == 'pull_request' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + if: github.event_name != 'pull_request' run: | git config user.name "GitHub Actions" git config user.email "actions@github.com" git tag -a "${NEW_VERSION}" -m "Release ${NEW_VERSION}" - git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${{ github.repository }} - git push origin "${NEW_VERSION}" + git push origin "${NEW_VERSION}" --no-verify + + - name: Remove SSH keys + run: rm -rf ~/.ssh + + - name: Output new version + run: echo "New version is ${{ env.NEW_VERSION }}" From 84e30d141351f4ac1ca8d2f10b2930ff5a4ef5da Mon Sep 17 00:00:00 2001 From: Matithieu Date: Tue, 2 Sep 2025 10:33:53 +0200 Subject: [PATCH 3/6] test: update Git tag creation condition to only run on pull requests --- .github/workflows/build-and-push-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml index 3a79587..bc760c7 100644 --- a/.github/workflows/build-and-push-image.yml +++ b/.github/workflows/build-and-push-image.yml @@ -70,7 +70,7 @@ jobs: ssh-keyscan github.com >> ~/.ssh/known_hosts - name: Create and push Git tag - if: github.event_name != 'pull_request' + if: github.event_name == 'pull_request' run: | git config user.name "GitHub Actions" git config user.email "actions@github.com" From 471562e9e173fcb25625100e74197072a9029751 Mon Sep 17 00:00:00 2001 From: Matithieu Date: Tue, 2 Sep 2025 10:36:41 +0200 Subject: [PATCH 4/6] fix: add permissions section and ensure GITHUB_TOKEN is set for tag creation --- .github/workflows/build-and-push-image.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml index bc760c7..aa620c3 100644 --- a/.github/workflows/build-and-push-image.yml +++ b/.github/workflows/build-and-push-image.yml @@ -14,6 +14,9 @@ on: branches: - develop +permissions: + contents: write + jobs: build: runs-on: ubuntu-latest @@ -71,6 +74,8 @@ jobs: - name: Create and push Git tag if: github.event_name == 'pull_request' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | git config user.name "GitHub Actions" git config user.email "actions@github.com" From 7acb019efb2367cbb5c77c0987efafc80d08976e Mon Sep 17 00:00:00 2001 From: Matithieu Date: Tue, 2 Sep 2025 10:40:57 +0200 Subject: [PATCH 5/6] fix: update Git tag creation condition to exclude pull requests --- .github/workflows/build-and-push-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml index aa620c3..7536ede 100644 --- a/.github/workflows/build-and-push-image.yml +++ b/.github/workflows/build-and-push-image.yml @@ -73,7 +73,7 @@ jobs: ssh-keyscan github.com >> ~/.ssh/known_hosts - name: Create and push Git tag - if: github.event_name == 'pull_request' + if: github.event_name != 'pull_request' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | From 65029030cf6826390870c116aa989738564644ac Mon Sep 17 00:00:00 2001 From: Matithieu Date: Tue, 2 Sep 2025 10:47:38 +0200 Subject: [PATCH 6/6] fix: improve logic for retrieving the last Git tag in CI workflow --- .github/workflows/build-and-push-image.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml index 7536ede..09a8352 100644 --- a/.github/workflows/build-and-push-image.yml +++ b/.github/workflows/build-and-push-image.yml @@ -33,7 +33,11 @@ jobs: - name: Get the last Git tag id: get_last_tag run: | - LAST_TAG=$(git describe --tags --abbrev=0 || echo "0.0.0") + git fetch --tags --force + LAST_TAG=$(git tag --sort=-creatordate | head -n 1) + if [ -z "$LAST_TAG" ]; then + LAST_TAG="0.0.0" + fi echo "LAST_TAG=${LAST_TAG}" >> $GITHUB_ENV - name: Calculate new version