From 13daaa695299e6f73de24149908c3fa1af38bbca Mon Sep 17 00:00:00 2001
From: Daniel Coutinho <60111446+dcoutinho1328@users.noreply.github.com>
Date: Tue, 3 Feb 2026 15:44:37 -0300
Subject: [PATCH] feat: Add release version tagging to Docker workflow

- Add release trigger (on published) to build images when releases are created
- Replace hardcoded tags with docker/metadata-action for dynamic tag generation
- Add conditional GHCR login (skip on pull requests)
- Add OCI-standard labels for image metadata
- Remove push trigger for main branch (releases handle main tagging)
- Add optional release_tag input for manual workflow runs

Tagging behavior:
- Push to development: development, sha-<short>
- Release v1.2.3: latest, 1.2.3
- Manual with release_tag: latest, <release_tag>
- Pull request: build only, no push

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .github/workflows/docker.yml | 33 ++++++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 9b4f855a..dcd54e31 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -2,9 +2,11 @@ name: Build and Publish Multi-Arch Docker Image
 
 on:
   push:
-    branches: [ main, development ]
+    branches: [ development ]
   pull_request:
     branches: [ main, development ]
+  release:
+    types: [published]
   workflow_dispatch:
     inputs:
       platforms:
@@ -12,6 +14,10 @@ on:
         default: 'linux/amd64,linux/arm64,linux/arm/v7'
         required: false
         type: string
+      release_tag:
+        description: 'Release version tag (e.g., 1.2.3). If provided, also tags as latest.'
+        required: false
+        type: string
 
 jobs:
   build:
@@ -31,18 +37,35 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Login to GHCR
+        if: github.event_name != 'pull_request'
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ secrets.GHCR_USERNAME }}
           password: ${{ secrets.GHCR_TOKEN }}
 
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/autonomy-logic/openplc-runtime
+          tags: |
+            # latest tag for releases or manual runs with release_tag
+            type=raw,value=latest,enable=${{ github.event_name == 'release' || inputs.release_tag != '' }}
+            # SHA tag for branch pushes
+            type=sha,enable=${{ github.event_name == 'push' }}
+            # Version tag for releases (e.g., v1.2.3 -> 1.2.3)
+            type=semver,pattern={{version}}
+            # Version tag for manual runs with release_tag
+            type=raw,value=${{ inputs.release_tag }},enable=${{ inputs.release_tag != '' }}
+            # development tag for development branch
+            type=raw,value=development,enable=${{ github.ref == 'refs/heads/development' }}
+
       - name: Build and Push Multi-Arch Image
         uses: docker/build-push-action@v6
         with:
           context: .
-          push: true
+          push: ${{ github.event_name != 'pull_request' }}
           platforms: ${{ inputs.platforms || 'linux/amd64,linux/arm64,linux/arm/v7' }}
-          tags: |
-            ghcr.io/autonomy-logic/openplc-runtime:latest
-            ghcr.io/autonomy-logic/openplc-runtime:${{ github.sha }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}