fix: eliminate double Docker build by optimizing workflow triggers

- Remove push on main branch from docker-build.yml triggers
- Add tag-based trigger (v*) to docker-build.yml for semantic versioning
- Simplify versioning logic by removing manual Git tag retrieval
- Remove manual workflow dispatch from auto-tag.yml (now uses automatic tag trigger)
- Update documentation to reflect single-build process

Process optimization:
1. PR merged to main → no immediate Docker build
2. auto-tag.yml creates new Git tag (v2.0.14)
3. Git tag push automatically triggers docker-build.yml
4. Single Docker build with correct semantic version tags

This eliminates the previous double-build issue while maintaining proper semantic versioning.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: JohanDevl

.github/workflows/auto-tag.yml

@@ -93,20 +93,3 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Trigger Docker build for new version
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            const { data: result } = await github.rest.actions.createWorkflowDispatch({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              workflow_id: 'docker-build.yml',
-              ref: 'main',
-              inputs: {
-                reason: `New version tagged: ${{ steps.tag.outputs.new_tag }}`
-              }
-            });
-            
-            console.log(`🐳 Triggered Docker build for version ${{ steps.tag.outputs.new_tag }}`);
-            console.log(`Workflow dispatch result:`, result);

.github/workflows/docker-build.yml

@@ -1,12 +1,11 @@
 name: Docker Build and Publish
 
 on:
-  release:
-    types: [published]
   push:
     branches:
-      - main
       - develop
+    tags:
+      - 'v*'
     paths-ignore:
       - "**.md"
       - "docs/**"
@@ -19,6 +18,8 @@ on:
       - "**.md"
       - "docs/**"
       - ".github/ISSUE_TEMPLATE/**"
+  release:
+    types: [published]
   workflow_dispatch:
     inputs:
       reason:
@@ -50,25 +51,6 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Get latest version tag
-        id: version
-        run: |
-          # Fetch all tags
-          git fetch --tags
-          
-          # Get the latest version tag
-          LATEST_TAG=$(git tag -l "v*" | grep -v "-" | sort -V | tail -n 1)
-          
-          # If no tag exists, default to v1.0.0
-          if [ -z "$LATEST_TAG" ]; then
-            LATEST_TAG="v1.0.0"
-          fi
-          
-          echo "latest_tag=$LATEST_TAG" >> $GITHUB_OUTPUT
-          echo "version=${LATEST_TAG#v}" >> $GITHUB_OUTPUT
-          
-          echo "📋 Latest version tag: $LATEST_TAG"
-
       - name: Extract metadata for Docker
         id: meta
         uses: docker/metadata-action@v5
@@ -77,15 +59,14 @@ jobs:
             ${{ env.REGISTRY_IMAGE }}
             ${{ env.GITHUB_IMAGE }}
           tags: |
-            # Main branch tags - use latest available tag
+            # Main branch tags (only via workflow_dispatch from auto-tag)
             type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
             type=raw,value=main,enable=${{ github.ref == 'refs/heads/main' }}
-            type=raw,value=${{ steps.version.outputs.latest_tag }},enable=${{ github.ref == 'refs/heads/main' }}
             # Develop branch tag
             type=raw,value=develop,enable=${{ github.ref == 'refs/heads/develop' }}
             # PR tags
             type=ref,event=pr,prefix=PR-
-            # Release tags (for releases triggered by auto-tag)
+            # Release/tag-based builds (semantic versioning)
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
 
@@ -118,15 +99,15 @@ jobs:
           cache-from: type=gha,scope=${{ github.workflow }}-${{ github.ref_name }}
           cache-to: type=gha,mode=max,scope=${{ github.workflow }}-${{ github.ref_name }}
           build-args: |
-            VERSION=${{ github.ref == 'refs/heads/main' && steps.version.outputs.latest_tag || steps.meta.outputs.version }}
+            VERSION=${{ steps.meta.outputs.version }}
             COMMIT_SHA=${{ github.sha }}
             BUILD_DATE=${{ steps.build_date.outputs.BUILD_DATE }}
 
       - name: Scan image for vulnerabilities
         if: github.event_name != 'pull_request'
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: ${{ env.REGISTRY_IMAGE }}:${{ github.ref == 'refs/heads/main' && steps.version.outputs.latest_tag || steps.meta.outputs.version }}
+          image-ref: ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
           format: "sarif"
           output: "trivy-results.sarif"
 
@@ -155,41 +136,18 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Get latest version tag
-        id: version
-        run: |
-          # Fetch all tags
-          git fetch --tags
-          
-          # Get the latest version tag
-          LATEST_TAG=$(git tag -l "v*" | grep -v "-" | sort -V | tail -n 1)
-          
-          # If no tag exists, default to v1.0.0
-          if [ -z "$LATEST_TAG" ]; then
-            LATEST_TAG="v1.0.0"
-          fi
-          
-          echo "latest_tag=$LATEST_TAG" >> $GITHUB_OUTPUT
-
-      - name: Extract Docker metadata
+      - name: Extract Docker metadata for testing
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY_IMAGE }}
           tags: |
-            type=sha,format=short
-
-      - name: Determine test image tag
-        id: test_tag
-        run: |
-          if [ "${{ github.ref }}" == "refs/heads/main" ]; then
-            echo "tag=${{ steps.version.outputs.latest_tag }}" >> $GITHUB_OUTPUT
-          else
-            echo "tag=${{ steps.meta.outputs.version }}" >> $GITHUB_OUTPUT
-          fi
+            type=semver,pattern={{version}}
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+            type=raw,value=develop,enable=${{ github.ref == 'refs/heads/develop' }}
 
       - name: Pull image for testing
-        run: docker pull ${{ env.REGISTRY_IMAGE }}:${{ steps.test_tag.outputs.tag }}
+        run: docker pull ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
 
       - name: Test Docker image
         run: |
@@ -201,7 +159,7 @@ jobs:
             -v $(pwd)/test_config:/app/config \
             -v $(pwd)/test_logs:/app/logs \
             -v $(pwd)/test_exports:/app/exports \
-            ${{ env.REGISTRY_IMAGE }}:${{ steps.test_tag.outputs.tag }} --help
+            ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} --help
 
           echo "Docker image tests passed successfully"
 

DOCKER_STRATEGY.md

@@ -21,16 +21,16 @@ Le système de gestion des images Docker a été optimisé pour maintenir unique
 
 ### 📋 Séquence lors d'un merge vers main :
 
-1. **PR mergée vers `main`** → Déclenche `docker-build.yml` 
-2. **docker-build.yml** récupère le dernier tag Git (ex: `v2.0.13`)
-3. **Image Docker créée** avec tags : `latest`, `main`, `v2.0.13`
-4. **auto-tag.yml** crée automatiquement le prochain tag (ex: `v2.0.14`)
-5. **Nouveau build Docker déclenché** avec le nouveau tag `v2.0.14`
+1. **PR mergée vers `main`** → Push sur la branche main (pas de build Docker)
+2. **auto-tag.yml** se déclenche et crée automatiquement le nouveau tag (ex: `v2.0.14`)
+3. **Push du tag Git** déclenche automatiquement `docker-build.yml`
+4. **Image Docker créée** avec tags : `latest`, `main`, `v2.0.14`
 
 ### 🔄 Résultat :
-- L'image Docker utilise **toujours la dernière version disponible** au moment du build
-- Les versions sémantiques sont **synchronisées** avec les tags Git
-- **Double build** garantit la disponibilité immédiate des nouvelles versions
+- **Un seul build Docker** par merge (plus de double build)
+- L'image Docker utilise **exactement la version sémantique** du tag Git
+- **Synchronisation parfaite** entre versions Git et Docker
+- **Process optimisé** sans builds redondants
 
 ## Registres Supportés