Use release tags for Docker image publishing and add Docker skip markers

.github/workflows/build-and-push.yml

@@ -1,18 +1,34 @@
 name: Build and push Docker images
 
 on:
-  push:
-    branches: [ 'master' ]
+  workflow_call:
+    inputs:
+      release_tag:
+        description: Generated release tag used for Docker image tags
+        required: true
+        type: string
+      source_ref:
+        description: Commit SHA or ref to build from
+        required: true
+        type: string
+      skip_docker:
+        description: Skip Docker image build and push when true
+        required: false
+        default: false
+        type: boolean
 
 jobs:
   build-and-push:
+    if: ${{ !inputs.skip_docker }}
     runs-on: ubuntu-latest
     permissions:
       contents: read
 
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.source_ref }}
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -35,7 +51,7 @@ jobs:
           push: true
           tags: |
             ${{ secrets.DOCKERHUB_USERNAME }}/pg-with-backup:latest
-            ${{ secrets.DOCKERHUB_USERNAME }}/pg-with-backup:${{ github.sha }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/pg-with-backup:${{ inputs.release_tag }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
@@ -47,6 +63,6 @@ jobs:
           push: true
           tags: |
             ${{ secrets.DOCKERHUB_USERNAME }}/pg-backup-walg:latest
-            ${{ secrets.DOCKERHUB_USERNAME }}/pg-backup-walg:${{ github.sha }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/pg-backup-walg:${{ inputs.release_tag }}
           cache-from: type=gha
           cache-to: type=gha,mode=max

.github/workflows/release-on-master-merge.yml

@@ -14,6 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       release_tag: ${{ steps.tag_version.outputs.new_tag }}
+      skip_docker: ${{ steps.docker_policy.outputs.skip_docker }}
 
     steps:
       - name: Checkout merged master commit
@@ -22,6 +23,17 @@ jobs:
           ref: ${{ github.event.pull_request.merge_commit_sha }}
           fetch-depth: 0
 
+      - name: Detect docker publish policy
+        id: docker_policy
+        run: |
+          commit_message="$(git log -1 --pretty=%B)"
+          if grep -Eq '(#skip-docker|:noimage)' <<<"$commit_message"; then
+            echo "skip_docker=true" >> "$GITHUB_OUTPUT"
+            echo "Docker image publishing disabled for this release via #skip-docker / :noimage."
+          else
+            echo "skip_docker=false" >> "$GITHUB_OUTPUT"
+          fi
+
       - name: Create semantic version tag
         id: tag_version
         uses: anothrNick/github-tag-action@1.75.0
@@ -34,9 +46,21 @@ jobs:
           TAG_PREFIX: v
           INITIAL_VERSION: 2.3.0
 
-  publish-github-release:
+  build-and-push-images:
     needs: create-semver-tag
     if: needs.create-semver-tag.outputs.release_tag != ''
+    uses: ./.github/workflows/build-and-push.yml
+    with:
+      release_tag: ${{ needs.create-semver-tag.outputs.release_tag }}
+      source_ref: ${{ github.event.pull_request.merge_commit_sha }}
+      skip_docker: ${{ needs.create-semver-tag.outputs.skip_docker == 'true' }}
+    secrets: inherit
+
+  publish-github-release:
+    needs:
+      - create-semver-tag
+      - build-and-push-images
+    if: needs.create-semver-tag.outputs.release_tag != '' && (needs.build-and-push-images.result == 'success' || needs.build-and-push-images.result == 'skipped')
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -53,6 +77,7 @@ jobs:
             echo "Commit: ${{ github.event.pull_request.merge_commit_sha }}"
             echo "Merged PR: #${{ github.event.pull_request.number }}"
             echo "Merged by: ${{ github.event.pull_request.merged_by.login }}"
+            echo "Docker images: ${{ needs.create-semver-tag.outputs.skip_docker == 'true' && 'skipped (#skip-docker / :noimage)' || 'published' }}"
           } > "$release_asset"
           echo "release_asset=$release_asset" >> "$GITHUB_OUTPUT"
 

docs/BUILD_AND_PUSH.md

@@ -2,18 +2,19 @@
 
 This repository contains GitHub Actions workflows that:
 
-- build and push Docker images to Docker Hub when commits are pushed to the `master` branch
-- create a semantic version tag and publish a GitHub Release when a pull request is merged into `master`
+- create a semantic version tag when a pull request is merged into `master`
+- build and push Docker images to Docker Hub using that generated release tag
+- publish a GitHub Release for the generated tag
 
 ## What the workflow does
-- On push to `master`, it builds two images:
-  - `Dockerfile.postgres-walg` → `DOCKERHUB_USERNAME/pg-with-backup` (tags: `latest`, `commit-sha`)
-  - `Dockerfile.backup` → `DOCKERHUB_USERNAME/pg-backup-walg` (tags: `latest`, `commit-sha`)
-- Pushes the images to Docker Hub using the provided credentials.
 - On merged pull requests to `master`, it:
   - calculates the next semantic version tag from the latest repository tag (current baseline: `v2.3.0`)
   - defaults to a patch bump, unless the merge commit message includes `#major`, `#minor`, `#patch`, or `#none`
+  - skips Docker image build/push when the merge commit message includes `#skip-docker` (`:noimage`)
   - creates the new Git tag with `anothrNick/github-tag-action`
+  - builds two images and pushes them to Docker Hub with tags `latest` and the generated semantic version tag:
+    - `Dockerfile.postgres-walg` → `DOCKERHUB_USERNAME/pg-with-backup`
+    - `Dockerfile.backup` → `DOCKERHUB_USERNAME/pg-backup-walg`
   - publishes a GitHub Release with autogenerated release notes and a small metadata asset
 
 ## Required GitHub repository secrets
@@ -55,8 +56,9 @@ Notes:
 
 ## Customizing image names/tags
 - The workflow uses `${{ secrets.DOCKERHUB_USERNAME }}` as the user/org for image tags. If you prefer different names, update `.github/workflows/build-and-push.yml`.
-- The release workflow lives in `.github/workflows/release-on-master-merge.yml`.
+- The release workflow lives in `.github/workflows/release-on-master-merge.yml` and calls `.github/workflows/build-and-push.yml` as a reusable workflow.
 - To change default semantic bump behavior, update `DEFAULT_BUMP` in the release workflow.
+- To change the Docker skip marker, update the `#skip-docker` check in the release workflow.
 - To start release numbering from a different baseline when there are no tags yet, update `INITIAL_VERSION` in the release workflow.
 
 ## Troubleshooting