ci: align IMAGE_TAG across build and security jobs

2026-02-07 06:19:37 -06:00 · 2025-09-19 23:03:12 +02:00
parent c5264b8cfe
commit 16e7b60e69
1 changed files with 16 additions and 4 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -100,6 +100,11 @@ jobs:
    - name: Checkout code
      uses: actions/checkout@v4

+    - name: Compute IMAGE_TAG
+      run: |
+        # Strip leading 'v' from tag refs; leave branches unchanged
+        echo "IMAGE_TAG=${GITHUB_REF_NAME#v}" >> "$GITHUB_ENV"
+
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3

@@ -132,7 +137,9 @@ jobs:
        file: ./Dockerfile
        platforms: linux/amd64,linux/arm64
        push: true
-        tags: ${{ steps.meta.outputs.tags }}
+        tags: |
+          ${{ steps.meta.outputs.tags }}
+          ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
        labels: ${{ steps.meta.outputs.labels }}
        cache-from: type=gha
        cache-to: type=gha,mode=max
@@ -151,10 +158,15 @@ jobs:
    - name: Checkout code
      uses: actions/checkout@v4

+    - name: Compute IMAGE_TAG
+      run: |
+        # Strip leading 'v' from tag refs; leave branches unchanged
+        echo "IMAGE_TAG=${GITHUB_REF_NAME#v}" >> "$GITHUB_ENV"
+
    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@master
      with:
-        image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}'
+        image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}'
        format: 'sarif'
        output: 'trivy-results.sarif'

@@ -175,11 +187,11 @@ jobs:
      if: needs.test.result == 'success' && needs.build.result == 'success'
      run: |
        echo "✅ CI/CD Pipeline completed successfully!"
-        echo "🚀 Image pushed: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}"
+        echo "🚀 Image pushed: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}"
        
    - name: Notify failure
      if: needs.test.result == 'failure' || needs.build.result == 'failure'
      run: |
        echo "❌ CI/CD Pipeline failed!"
        echo "Please check the logs above for details."
-        exit 1
+        exit 1