Update production image release action.

rkistner · rkistner · commit d5fe3ef9e348 · 2025-08-11T15:30:45.000+02:00
diff --git a/.github/workflows/development_image_release.yaml b/.github/workflows/development_image_release.yaml
@@ -80,12 +80,14 @@ jobs:
           context: .
           # This should not be taged as latest
           tags: ${{vars.DOCKER_REGISTRY}}:${{steps.get_version.outputs.SERVICE_VERSION}}
-          # Add labels from metadata-action above.
+          file: ./service/Dockerfile
+          push: true
+
+          # Add labels and annotations from metadata-action above.
           labels: ${{ steps.meta.outputs.labels }}
           annotations: ${{ steps.meta.outputs.annotations }}
-          push: true
           # Note: This includes build args in the published provenance.
           # Do not use this if secrets are passed in as args.
           provenance: mode=max
+          # Pre-generate an SBOM file, which can be used for vulnerability scanning or listing licenses.
           sbom: true
-          file: ./service/Dockerfile
diff --git a/.github/workflows/packages_release.yaml b/.github/workflows/packages_release.yaml
@@ -112,6 +112,11 @@ jobs:
         id: get_version
         run: echo "SERVICE_VERSION=$(node -p "require('./service/package.json').version")" >> $GITHUB_OUTPUT
 
+      - name: Extract metadata for the image
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ vars.DOCKER_REGISTRY }}
+
       - name: Build Image and Push
         uses: docker/build-push-action@v5
         with:
@@ -122,7 +127,16 @@ jobs:
           push: true
           file: ./service/Dockerfile
 
-      #   # Updates the README section on the DockerHub page
+          # Add labels and annotations from metadata-action above.
+          labels: ${{ steps.meta.outputs.labels }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+          # Note: This includes build args in the published provenance.
+          # Do not use this if secrets are passed in as args.
+          provenance: mode=max
+          # Pre-generate an SBOM file, which can be used for vulnerability scanning or listing licenses.
+          sbom: true
+
+      # Updates the README section on the DockerHub page
       - name: Update repo description
         #  Note that this 3rd party extention is recommended in the DockerHub docs:
         #  https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/
