From 2f3876acdc3f9ac8c179317584000fa3b940ecf2 Mon Sep 17 00:00:00 2001
From: Sebastian Nagel <sebastian.nagel@ncoding.at>
Date: Mon, 20 Jun 2022 18:34:19 +0200
Subject: [PATCH] Only push and tags as 'latest' docker image

We want people to consume only released versions of the code via docker
registries and hence we only tag & push images from git tags as
'latest'.
---
 .github/workflows/docker.yaml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index 542e4b25eb7..60843df7e22 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -1,7 +1,9 @@
 name: Docker
 
-# NOTE: This workflow builds & tags docker images always as 'latest', so ensure
-# it only runs on events we want to have as 'latest' image on the registry.
+# NOTE: This workflow builds & tags docker images also on master to get
+# pre-release feedback about working docker builds, but it ONLY pushes them when
+# we pushed a git tag. Hence, the 'latest' docker tag on the registry is equal
+# to the latest released version (not the latest built from master).
 on:
   push:
     branches: [ "master" ]
@@ -38,11 +40,11 @@ jobs:
           latest
           type=semver,pattern={{version}}
 
-    - name: 🔨 Build and push
+    - name: 🔨 Build and maybe push
       uses: docker/build-push-action@v2
       with:
         context: .
-        push: true
+        push: ${{ github.ref_type == "tag" }}
         target: ${{ matrix.target }}
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}