perf(ci): replace tag rebuild with image retag#244
Merged
fernando-villalba merged 1 commit intomainfrom Feb 17, 2026
Merged
Conversation
The tag workflow previously re-ran the entire build-and-release pipeline (test all modules, rebuild container, scan, push), taking ~15 minutes. This was redundant because the main workflow already builds, scans, and pushes the image with a SHA tag on every merge. The new tag release flow: 1. Verify the tagged commit exists on main (reject non-main tags) 2. Verify the main workflow passed for that commit (reject broken commits) 3. Retag the existing SHA image with the version tag using docker buildx imagetools create (server-side, no pull/push) 4. Create a GitHub release with auto-generated notes - Rewrite tags.yaml to retag instead of rebuild (~15s vs ~15min) - Remove unused create-release input from build-and-release.yaml - Simplify push step in build-and-release.yaml (only main calls it) - Drop security-events permission from tags.yaml (no Grype scan) - Fix legacy LABEL format warning in Dockerfile This ensures tagged releases are always from main, always tested, and produced in seconds instead of minutes.
🔬 Go Test Coverage ReportSummary
Status✅ PASS DetailShow New Coverage |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The tag workflow previously re-ran the entire build-and-release pipeline (test all modules, rebuild container, scan, push), taking ~15 minutes. This was redundant because the main workflow already builds, scans, and pushes the image with a SHA tag on every merge.
The new tag release flow:
This ensures tagged releases are always from main, always tested, and produced in seconds instead of minutes.