From d2f70edd4ca4defaf5b84b84364b24c5ae86545c Mon Sep 17 00:00:00 2001
From: Felix Moessbauer <felix.moessbauer@siemens.com>
Date: Mon, 24 Feb 2025 17:13:54 +0100
Subject: [PATCH] ci: only tag container with newest tag with latest-release

When rebuilding existing git tags, we must only tag the container with
the "biggest" version with "latest-release". This is especially
important once we add bugfix versions, as these would overwrite the tag
otherwise.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 .github/workflows/release.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e55c7f1e..437352eb 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -29,6 +29,8 @@ jobs:
           deploy-user: ${{ github.actor }}
           deploy-token: ${{ secrets.GITHUB_TOKEN }}
           image-name: ${{ matrix.image-name }}
+      - name: Find latest tag
+        run: echo "latest_tag=$(git tag | sort --version-sort | tail -n1)" >> $GITHUB_ENV
       - name: Build ${{ matrix.image-name }} image
         uses: docker/build-push-action@v6
         id: push
@@ -43,7 +45,7 @@ jobs:
           outputs: type=registry,rewrite-timestamp=true
           tags: |
             ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:${{ env.RELEASE_VERSION }}
-            ghcr.io/${{ github.repository }}/${{ matrix.image-name }}:latest-release
+            ${{ github.ref_name == env.latest_tag && format('ghcr.io/{0}/{1}:latest-release', github.repository, matrix.image-name) || '' }}
           annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
       - name: Attest ${{ matrix.image-name }} image
         uses: actions/attest-build-provenance@v1