From f83b1d01422ffb1c10786ce3664d8b530c0f414a Mon Sep 17 00:00:00 2001
From: "A.J. Stein" <astein38@gatech.edu>
Date: Mon, 12 Jan 2026 09:41:07 -0500
Subject: [PATCH 1/4] Fix container workflow to build on tags

---
 .github/workflows/container.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 1f345daf8..36be5717e 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -7,6 +7,14 @@ on:
         required: false
         default: false
         type: boolean
+      ref:
+        description: 'Git ref to checkout (branch, tag, or SHA)'
+        required: false
+        type: string
+      custom_tag:
+        description: 'Custom tag for the container image (for manual builds)'
+        required: false
+        type: string
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: metaschema-framework/metaschema-cli
@@ -26,6 +34,7 @@ jobs:
     steps:
     - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
+        ref: ${{ inputs.ref || github.ref }}
         submodules: recursive
         filter: tree:0
     - name: Download build zip
@@ -59,6 +68,7 @@ jobs:
           type=ref,event=branch
           type=ref,event=tag
           type=ref,event=pr
+          type=raw,value=${{ inputs.custom_tag }},enable=${{ inputs.custom_tag != '' }}
         flavor: |
           latest=${{ github.ref == 'refs/heads/main' }}
         annotations: |

From 1268b57c92baa6dbe1aa452625feae5d7b0d3230 Mon Sep 17 00:00:00 2001
From: "A.J. Stein" <astein38@gatech.edu>
Date: Mon, 12 Jan 2026 09:43:49 -0500
Subject: [PATCH 2/4] Add trigger to build from tags from calling build
 workflow

---
 .github/workflows/build.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0e547dde6..6b0d71374 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -5,6 +5,8 @@ on:
     - release/**
     - develop
     - feature/**
+    tags:
+    - 'v*'
   pull_request:
     types: [opened, synchronize, reopened]
     branches:
@@ -45,6 +47,10 @@ on:
         description: 'Git ref to checkout (branch, tag, or SHA)'
         required: false
         type: string
+      custom_tag:
+        description: 'Custom tag for container image (e.g., v3.0.0)'
+        required: false
+        type: string
       skip_code_scans:
         description: 'Skip CodeQL and Trivy security scans'
         required: false
@@ -325,6 +331,8 @@ jobs:
     uses: ./.github/workflows/container.yml
     with:
       push: true
+      ref: ${{ inputs.ref }}
+      custom_tag: ${{ inputs.custom_tag }}
   build-website:
     name: Website
     runs-on: ubuntu-24.04

From 713c3e459b6cfd44116d8b558e0846f58a5e161b Mon Sep 17 00:00:00 2001
From: "A.J. Stein" <astein38@gatech.edu>
Date: Mon, 12 Jan 2026 18:53:28 -0500
Subject: [PATCH 3/4] Revert "Add trigger to build from tags from calling build
 workflow"

This reverts commit 1268b57c92baa6dbe1aa452625feae5d7b0d3230.
---
 .github/workflows/build.yml | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 6b0d71374..0e547dde6 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -5,8 +5,6 @@ on:
     - release/**
     - develop
     - feature/**
-    tags:
-    - 'v*'
   pull_request:
     types: [opened, synchronize, reopened]
     branches:
@@ -47,10 +45,6 @@ on:
         description: 'Git ref to checkout (branch, tag, or SHA)'
         required: false
         type: string
-      custom_tag:
-        description: 'Custom tag for container image (e.g., v3.0.0)'
-        required: false
-        type: string
       skip_code_scans:
         description: 'Skip CodeQL and Trivy security scans'
         required: false
@@ -331,8 +325,6 @@ jobs:
     uses: ./.github/workflows/container.yml
     with:
       push: true
-      ref: ${{ inputs.ref }}
-      custom_tag: ${{ inputs.custom_tag }}
   build-website:
     name: Website
     runs-on: ubuntu-24.04

From fca8c3fed9d2033be8751a9ed04c95e59729cfa7 Mon Sep 17 00:00:00 2001
From: "A.J. Stein" <astein38@gatech.edu>
Date: Mon, 12 Jan 2026 18:54:03 -0500
Subject: [PATCH 4/4] Trigger tags from release workflow to build container

---
 .github/workflows/release.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f722c8c55..846c963b5 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -51,6 +51,22 @@ jobs:
         MAVEN_USERNAME: ${{ secrets.OSSRH_USER }}
         MAVEN_CENTRAL_TOKEN: ${{ secrets.OSSRH_TOKEN }}
         MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+    - name: Upload build zip archive
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
+      with:
+        name: build_zip
+        path: ./metaschema-cli/target/*metaschema-cli.zip
+  build-container:
+    name: Container
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+    needs: deploy-to-nexus
+    uses: ./.github/workflows/container.yml
+    with:
+      push: true
   deploy-website:
     name: Website Deployment
     runs-on: ubuntu-24.04