ci: only tag container with newest tag with latest-release

When rebuilding existing git tags, we must only tag the container with the "biggest" version with "latest-release". This is especially important once we add bugfix versions, as these would overwrite the tag otherwise. Signed-off-by: Felix Moessbauer <[email protected]>
fmoessbauer · Feb 24, 2025 · c4f9777 · c4f9777
1 parent 1765ccc
commit c4f9777
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -29,6 +29,8 @@ jobs:
           deploy-user: ${{ github.actor }}
           deploy-token: ${{ secrets.GITHUB_TOKEN }}
           image-name: ${{ matrix.image-name }}
+      - name: Find latest tag
+        run: echo "latest_tag=$(git tag | sort --version-sort | tail -n1)" >> $GITHUB_ENV
       - name: Build ${{ matrix.image-name }} image
         uses: docker/build-push-action@v6
         id: push
@@ -43,7 +45,7 @@ jobs:
           outputs: type=registry,rewrite-timestamp=true
           tags: |
             ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:${{ env.RELEASE_VERSION }}
-            ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:latest-release
+            ${{ github.ref_name == env.latest_tag && format('{0}/{1}:latest-release', github.repository, matrix.image-name) || '' }}
           annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
       - name: Attest ${{ matrix.image-name }} image
         uses: actions/attest-build-provenance@v1