From 36d1673b2ed9bb141b8a69d82faff806b2d121a7 Mon Sep 17 00:00:00 2001 From: Fabrice Rochette Date: Wed, 3 Jun 2026 11:46:03 -0500 Subject: [PATCH] ci: publish :dev on main, :main + :vA.B.C on release - ci-cd: build/push the Docker Hub image as :dev on pushes to main (was :main). Drop the dev-branch/tag/release triggers and per-branch tag logic; PRs build+test without pushing. Trivy scans :dev. - release-please: on release_created, build and push BOTH mobiera/:main (stable) and the versioned :vA.B.C tag (verbatim release tag). Same policy as the ghcr adapters, adapted for Docker Hub. --- .github/workflows/ci-cd.yml | 44 +++++++--------------------- .github/workflows/release-please.yml | 10 ++++--- 2 files changed, 16 insertions(+), 38 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 4861f03..af2aab0 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -1,21 +1,23 @@ name: CI/CD Pipeline +# Tagging policy: +# - push to main -> Docker Hub image tagged :dev (this workflow) +# - GitHub release -> Docker Hub images tagged :main and :vA.B.C (release-please.yml) +# Releases are created by release-please with the default GITHUB_TOKEN, which +# does NOT trigger this workflow, so the release images are built there. on: push: - branches: [ main, dev ] - tags: [ 'v*' ] + branches: [ main ] pull_request: branches: [ main ] - release: - types: [ published ] env: DOCKER_DRIVER: overlay2 DOCKER_TLS_CERTDIR: "" # Docker Hub image (public): mobiera/ IMAGE: "mobiera/${{ github.event.repository.name }}" - # Default tag is main, will be overridden based on branch/tag - IMAGE_TAG: "main" + # main pushes publish the :dev image. + IMAGE_TAG: "dev" jobs: build: @@ -27,22 +29,6 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - - name: Set image tag - run: | - # If it's not main branch, use branch name as tag - if [[ "${{ github.ref_name }}" != "main" && "${{ github.ref_type }}" == "branch" ]]; then - echo "IMAGE_TAG=${{ github.ref_name }}" >> $GITHUB_ENV - # If it's a tag (not empty), use tag name without 'v' prefix - elif [[ "${{ github.ref_type }}" == "tag" ]]; then - echo "IMAGE_TAG=$(echo "${{ github.ref_name }}" | sed 's/v//')" >> $GITHUB_ENV - fi - - - name: Log tag info - run: | - echo "Tag: ${{ github.ref_name }}" - echo "Branch: ${{ github.ref_name }}" - echo "Image Tag: ${{ env.IMAGE_TAG }}" - - name: Create Maven settings directory run: | export MVN_SETTINGS_DIR="/builds/current/${{ github.event.repository.name }}/${{ env.IMAGE_TAG }}" @@ -80,22 +66,12 @@ jobs: docker-package: runs-on: ubuntu-latest needs: build - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event_name == 'release' + if: github.event_name == 'push' && github.ref == 'refs/heads/main' steps: - name: Checkout code uses: actions/checkout@v4 - - name: Set image tag - run: | - # If it's not main branch, use branch name as tag - if [[ "${{ github.ref_name }}" != "main" && "${{ github.ref_type }}" == "branch" ]]; then - echo "IMAGE_TAG=${{ github.ref_name }}" >> $GITHUB_ENV - # If it's a tag (not empty), use tag name without 'v' prefix - elif [[ "${{ github.ref_type }}" == "tag" ]]; then - echo "IMAGE_TAG=$(echo "${{ github.ref_name }}" | sed 's/v//')" >> $GITHUB_ENV - fi - - name: Download build artifacts uses: actions/download-artifact@v4 with: @@ -167,7 +143,7 @@ jobs: security-scan: runs-on: ubuntu-latest needs: docker-package - if: github.ref == 'refs/heads/main' || github.event_name == 'release' + if: github.event_name == 'push' && github.ref == 'refs/heads/main' steps: - name: Checkout code diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index b96e8b5..66746b7 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -71,7 +71,9 @@ jobs: - name: Build and push container image run: | - VERSION="${TAG_NAME#v}" - echo "Building ${IMAGE}:${VERSION} from tag ${TAG_NAME}" - docker build -f src/main/docker/Dockerfile.jvm -t "${IMAGE}:${VERSION}" . - docker push "${IMAGE}:${VERSION}" + echo "Building ${IMAGE}:main and ${IMAGE}:${TAG_NAME} from tag ${TAG_NAME}" + docker build -f src/main/docker/Dockerfile.jvm \ + -t "${IMAGE}:main" \ + -t "${IMAGE}:${TAG_NAME}" . + docker push "${IMAGE}:main" + docker push "${IMAGE}:${TAG_NAME}"