ci: automate image metadata generation by events

.github/workflows/docker-pub.yml

@@ -4,89 +4,61 @@ on:
   workflow_dispatch:
   schedule:
     - cron: "0 0 * * *"
+  pull_request:
+    branches:
+      - 'dev'
   push: 
     tags:
       - 'v*.*.*'
 
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+
 jobs:
-  build:
-    name: Buid and push Docker image to GitHub Container registry
+  build-and-push-image:
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
       attestations: write
       id-token: write
-
+       
     steps:
-      - name: Checkout the repository
+      - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Get current date
-        id: date
-        run: echo "::set-output name=date::$(date +'%Y%m%d')"
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
         with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GH_TOKEN }}
-
-      - name: Build Nightly Meta
-        run: |
-          echo "DEVELOPMENT_TAG=ghcr.io/barelyhuman/goblin:nightly-${{ steps.date.outputs.date }}" >> $GITHUB_ENV
-
-      - name: Build Release Meta 
-        run: | 
-          echo "RELEASE_TAG=ghcr.io/barelyhuman/goblin:${{ github.ref_name }}" >> $GITHUB_ENV
-        if: github.ref_type == 'tag'
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
 
-      - name: Build and push nightly
-        uses: docker/build-push-action@v6
+      - name: Build and push Docker image
         id: push
-        env:
-          REGISTRY: ghcr.io
-          OWNER: ${{ github.repository_owner }}
-          IMAGE_NAME: ${{ github.repository }}
-        with:
-          context: .
-          file: Dockerfile
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ env.DEVELOPMENT_TAG }},nightly
-
-      - name: Build and push release tag
-        if: github.ref_type == 'tag'
-        uses: docker/build-push-action@v6
-        id: pushRelease
-        env:
-          REGISTRY: ghcr.io
-          OWNER: ${{ github.repository_owner }}
-          IMAGE_NAME: ${{ github.repository }}
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
         with:
           context: .
-          file: Dockerfile
-          platforms: linux/amd64,linux/arm64
           push: true
-          tags: ${{ env.RELEASE_TAG }}
-
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v1
         with:
-          subject-name: ghcr.io/barelyhuman/goblin
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
           subject-digest: ${{ steps.push.outputs.digest }}
-          push-to-registry: true
-
-      - name: Generate release artifact attestation
-        if: github.ref_type == 'tag'
-        uses: actions/attest-build-provenance@v1
-        with:
-          subject-name: ghcr.io/barelyhuman/goblin
-          subject-digest: ${{ steps.pushRelease.outputs.digest }}
           push-to-registry: true