Build preview image on push to tags

matheuscscp · matheuscscp · commit f31f776bed9d · 2026-03-13T10:14:16.000Z
Signed-off-by: Matheus Pimenta &lt;matheuscscp@gmail.com&gt;
diff --git a/.github/workflows/preview.yaml b/.github/workflows/preview.yaml
@@ -3,10 +3,17 @@ on:
   push:
     branches:
       - main
+    tags:
+      - 'v*'
     paths-ignore:
       - 'docs/**'
       - 'config/**'
   workflow_dispatch:
+    inputs:
+      tag:
+        description: 'preview image tag; when set, builds as a tag release preview'
+        required: false
+        type: string
 
 permissions:
   contents: read
@@ -24,6 +31,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event.inputs.tag || github.ref }}
       - name: Setup Go
         uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
         with:
@@ -38,13 +47,33 @@ jobs:
         run: make web-ci-install web-build
       - name: Prepare
         id: prep
+        env:
+          MANUAL_TAG: ${{ github.event.inputs.tag }}
         run: |
           TIMESTAMP=$(git log -1 --pretty=%ct)
-          TAG="${GITHUB_REF_NAME//\//-}-${GITHUB_SHA::8}-${TIMESTAMP}"
-          LATEST_TAG="${GITHUB_REF_NAME//\//-}-latest"
           echo "TIMESTAMP=${TIMESTAMP}" >> $GITHUB_OUTPUT
-          echo "TAG=${TAG}" >> $GITHUB_OUTPUT
-          echo "LATEST_TAG=${LATEST_TAG}" >> $GITHUB_OUTPUT
+
+          if [[ -n "${MANUAL_TAG}" ]]; then
+            VERSION="${MANUAL_TAG}-1"
+            TAG="${MANUAL_TAG}"
+            BRANCH_BUILD=false
+          elif [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
+            VERSION="${GITHUB_REF_NAME}-1"
+            TAG="${GITHUB_REF_NAME}"
+            BRANCH_BUILD=false
+          else
+            TAG="${GITHUB_REF_NAME//\//-}-${GITHUB_SHA::8}-${TIMESTAMP}"
+            LATEST_TAG="${GITHUB_REF_NAME//\//-}-latest"
+            VERSION="0.0.0-${TAG}"
+            BRANCH_BUILD=true
+          fi
+
+          {
+            echo "VERSION=${VERSION}"
+            echo "TAG=${TAG}"
+            echo "LATEST_TAG=${LATEST_TAG}"
+            echo "BRANCH_BUILD=${BRANCH_BUILD}"
+          } >> $GITHUB_OUTPUT
       - name: Setup QEMU
         uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
       - name: Setup Docker Buildx
@@ -64,7 +93,7 @@ jobs:
             ${{ env.IMAGE }}
           tags: |
             type=raw,value=${{ steps.prep.outputs.TAG }}
-            type=raw,value=${{ steps.prep.outputs.LATEST_TAG }}
+            type=raw,value=${{ steps.prep.outputs.LATEST_TAG }},enable=${{ steps.prep.outputs.BRANCH_BUILD == 'true' }}
           annotations:
             org.opencontainers.image.description=Flux Operator preview build
       - name: Push image
@@ -83,10 +112,11 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           annotations: ${{ steps.meta.outputs.annotations }}
-          build-args: "VERSION=0.0.0-${{ steps.prep.outputs.TAG }}"
+          build-args: "VERSION=${{ steps.prep.outputs.VERSION }}"
       - uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
       - name: Sign image
         env:
           COSIGN_EXPERIMENTAL: 1
+          IMAGE_DIGEST: ${{ steps.build-push.outputs.digest }}
         run: |
-          cosign sign --yes ${{ env.IMAGE }}@${{ steps.build-push.outputs.digest }}
+          cosign sign --yes "${IMAGE}@${IMAGE_DIGEST}"
