ci: [#448] simplify container publish jobs by branch type

Author: josecelano

.github/workflows/container.yaml

@@ -4,13 +4,15 @@
 # Following patterns from torrust/torrust-tracker container.yaml workflow.
 #
 # Triggers:
-#   - Push to main/develop branches
+#   - Push to main/develop/releases/** branches
 #   - Pull requests to main/develop
 #   - Manual dispatch
 #
 # Publishing:
-#   - Images are pushed to Docker Hub on push to main/develop (not PRs)
-#   - Requires Docker Hub credentials in repository secrets
+#   - Images are pushed to Docker Hub on push to main/develop/release branches (not PRs)
+#   - Release branches (releases/vX.Y.Z) publish versioned Docker tags (X.Y.Z)
+#   - Release Docker tags use bare semver without the v prefix
+#   - Requires Docker Hub credentials in the dockerhub-torrust GitHub Environment
 
 name: Container
 
@@ -19,6 +21,7 @@ on:
     branches:
       - "develop"
       - "main"
+      - "releases/**/*"
     paths:
       - "src/**"
       - "Cargo.toml"
@@ -100,6 +103,7 @@ jobs:
     outputs:
       continue: ${{ steps.check.outputs.continue }}
       type: ${{ steps.check.outputs.type }}
+      version: ${{ steps.check.outputs.version }}
 
     steps:
       - name: Check Context
@@ -108,10 +112,15 @@ jobs:
           if [[ "${{ github.repository }}" == "torrust/torrust-tracker-deployer" ]]; then
             if [[ "${{ github.event_name }}" == "push" ]]; then
               if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
-                echo "type=production" >> $GITHUB_OUTPUT
+                echo "type=main" >> $GITHUB_OUTPUT
                 echo "continue=true" >> $GITHUB_OUTPUT
               elif [[ "${{ github.ref }}" == "refs/heads/develop" ]]; then
-                echo "type=development" >> $GITHUB_OUTPUT
+                echo "type=develop" >> $GITHUB_OUTPUT
+                echo "continue=true" >> $GITHUB_OUTPUT
+              elif [[ $(echo "${{ github.ref }}" | grep -P '^refs/heads/releases/v(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)$') ]]; then
+                version=$(echo "${{ github.ref }}" | sed -n -E 's/^refs\/heads\/releases\///p')
+                echo "version=$version" >> $GITHUB_OUTPUT
+                echo "type=release" >> $GITHUB_OUTPUT
                 echo "continue=true" >> $GITHUB_OUTPUT
               fi
             fi
@@ -122,71 +131,54 @@ jobs:
             echo "continue=false" >> $GITHUB_OUTPUT
           fi
 
-  publish_development:
-    name: Publish (Development)
+  publish:
+    name: Publish (${{ needs.context.outputs.type }})
     environment: dockerhub-torrust
     needs: context
-    if: needs.context.outputs.continue == 'true' && needs.context.outputs.type == 'development'
+    if: needs.context.outputs.continue == 'true'
     runs-on: ubuntu-latest
     timeout-minutes: 30
 
     steps:
       - name: Checkout
         uses: actions/checkout@v5
 
-      - name: Docker Meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ${{ env.DOCKER_HUB_USERNAME }}/tracker-deployer
-          tags: |
-            type=ref,event=branch
-            type=sha,prefix=dev-
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ env.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
-
-      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build and Push
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./docker/deployer/Dockerfile
-          target: release
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-  publish_production:
-    name: Publish (Production)
-    environment: dockerhub-torrust
-    needs: context
-    if: needs.context.outputs.continue == 'true' && needs.context.outputs.type == 'production'
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
+      - name: Configure Docker Tag Strategy
+        id: tag_config
+        run: |
+          if [[ "${{ needs.context.outputs.type }}" == "develop" ]]; then
+            {
+              echo "tags<<EOF"
+              echo "type=ref,event=branch"
+              echo "type=sha,prefix=dev-"
+              echo "EOF"
+            } >> "$GITHUB_OUTPUT"
+          elif [[ "${{ needs.context.outputs.type }}" == "main" ]]; then
+            {
+              echo "tags<<EOF"
+              echo "type=raw,value=latest"
+              echo "type=ref,event=branch"
+              echo "type=sha"
+              echo "EOF"
+            } >> "$GITHUB_OUTPUT"
+          elif [[ "${{ needs.context.outputs.type }}" == "release" ]]; then
+            {
+              echo "tags<<EOF"
+              echo "type=semver,value=${{ needs.context.outputs.version }},pattern={{version}}"
+              echo "EOF"
+            } >> "$GITHUB_OUTPUT"
+          else
+            echo "Unsupported publish type: ${{ needs.context.outputs.type }}" >&2
+            exit 1
+          fi
 
       - name: Docker Meta
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: |
             ${{ env.DOCKER_HUB_USERNAME }}/tracker-deployer
-          tags: |
-            type=raw,value=latest
-            type=ref,event=branch
-            type=sha
+          tags: ${{ steps.tag_config.outputs.tags }}
 
       - name: Login to Docker Hub
         uses: docker/login-action@v3
@@ -208,3 +200,10 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+      - name: Inspect Published Image
+        if: needs.context.outputs.type == 'release'
+        run: |
+          version=$(echo "${{ needs.context.outputs.version }}" | sed 's/^v//')
+          docker pull ${{ env.DOCKER_HUB_USERNAME }}/tracker-deployer:"$version"
+          docker image inspect ${{ env.DOCKER_HUB_USERNAME }}/tracker-deployer:"$version"