From d296d88c4c452a207b37b1b9ad2be0cd042f1701 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Thu, 11 Jun 2026 16:43:33 +0100 Subject: [PATCH] ci: tag images by semver and point latest at newest release Replace the raw latest-on-default-branch tag, which moved latest on every main push, with metadata-action's latest=auto flavor so latest follows the newest non-prerelease v* release. Add a {{major}} tag alongside the existing version and major.minor semver tags; branch and SHA tags remain for traceability of non-release builds. Co-Authored-By: Claude Opus 4.8 (1M context) --- .gitea/workflows/build-and-publish.yml | 11 ++++++++--- README.md | 7 +++++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/.gitea/workflows/build-and-publish.yml b/.gitea/workflows/build-and-publish.yml index 38ed3f9..1afd07a 100644 --- a/.gitea/workflows/build-and-publish.yml +++ b/.gitea/workflows/build-and-publish.yml @@ -39,13 +39,18 @@ jobs: uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ github.repository }} + # Semantic version tags are produced from pushed v* git tags. + # `latest` follows the newest non-prerelease release via latest=auto. + # Branch and SHA tags are kept for traceability of non-release builds. tags: | - type=ref,event=branch - type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=ref,event=branch + type=ref,event=pr type=sha - type=raw,value=latest,enable={{is_default_branch}} + flavor: | + latest=auto - name: Build and push uses: docker/build-push-action@v6 diff --git a/README.md b/README.md index ca4ed26..99b5725 100644 --- a/README.md +++ b/README.md @@ -55,8 +55,11 @@ registry write permission on most Gitea instances. Create the token under an account with write access to the target package namespace, then store it as a repository Actions secret named `PACKAGES_TOKEN`. -The published image is `//`, tagged by branch, semver -(for `v*` tags), commit SHA, and `latest` on the default branch. +The published image is `//`. Pushing a `v*` git tag +produces semantic-version tags (`{{version}}`, `{{major}}.{{minor}}`, +`{{major}}`), and `latest` is moved to that build when it is not a pre-release. +Non-release builds on `main` are tagged by branch name and commit SHA only, so +`latest` always points at the most recent release rather than the newest commit. ## Dependency updates