From 2f9834b4012f5d1ed133615dd0bcb98d77b67343 Mon Sep 17 00:00:00 2001
From: Oscar Wieman <oscar@oscarr.nl>
Date: Wed, 10 May 2023 12:40:06 +0200
Subject: [PATCH] Update container build, add image labels, update published
 tags and prevent PR's from publishing

Signed-off-by: Oscar Wieman <oscar@oscarr.nl>
---
 .github/workflows/go.yaml | 53 +++++++++++++++++++++------------------
 1 file changed, 29 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/go.yaml b/.github/workflows/go.yaml
index 72230226..a27ac0cb 100644
--- a/.github/workflows/go.yaml
+++ b/.github/workflows/go.yaml
@@ -1,8 +1,12 @@
 # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
+permissions:
+  packages: write
 on:
   # Run CI when pushing to main
   push:
     branches: [ main ]
+    tags:
+      - 'v*'
   # Run CI for PRs to main and staging
   pull_request:
     branches: [ main ]
@@ -30,38 +34,39 @@ jobs:
     name: Create docker image
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.4
-      - name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=ghcr.io/${{ github.repository_owner }}/hound
-          VERSION=latest
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/v}
-          fi
-          TAGS="${DOCKER_IMAGE}:${VERSION}"
-          if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-            TAGS="$TAGS,${DOCKER_IMAGE}:latest"
-          fi
-          echo ::set-output name=tags::${TAGS}
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/${{ github.repository }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      - name: Login to GitHub Packages Docker Registry
-        uses: docker/login-action@v1
+        uses: docker/setup-buildx-action@v2
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        if: github.event_name != 'pull_request'
         with:
           registry: ghcr.io
-          username: ${{ github.actor }}
+          username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Push to GitHub Packages
-        uses: docker/build-push-action@v2
+      - name: Build and push
+        uses: docker/build-push-action@v4
         with:
           context: .
           platforms: linux/amd64,linux/arm64
-          file: ./Dockerfile
-          push: true
-          tags: ${{ steps.prep.outputs.tags }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
   golangci:
     name: lint
     strategy: