ci(docker): improve handling of docker tags

Tag images in a better way by assigning an SHA hash for each build that
is made for a branch. This is safer as it would not produce a problem of
always relying upon the branch name of `main` and not knowing which
commit this `main` refers to.

Also the concrete versions of different steps in the pipeline are now
being used instead of using long SHA hashes.

Author: daniel-abramov

.github/workflows/docker.yaml

@@ -22,24 +22,24 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Log in to the Container registry
-        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        uses: docker/login-action@v2
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        uses: docker/metadata-action@v4
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=ref,event=branch
+            type=sha,format=short,event=branch
             type=ref,event=pr
             type=semver,pattern={{version}}
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        uses: docker/build-push-action@v3
         with:
           context: .
           push: true