feat: Add semantic version tags to Docker releases

[believerjo]

Add semantic version tags to Docker images

Problem

Currently, Docker images are only tagged with commit SHAs (e.g., 9e426479499f23a56d596aa9f8e3188924b82947), making it difficult to:

• Track which image corresponds to which release
• Use automated dependency management tools like Renovate
• Follow semantic versioning best practices
• Easily identify stable vs development images

Solution

Enhance the Docker build workflow to automatically tag images with semantic versions when Git tags are pushed.

Changes

• Add semantic version tagging using docker/metadata-action
• Generate multiple tags: v1.2.0, 1.2, 1, latest
• Maintain existing commit SHA tagging for traceability
• Add multi-architecture support (amd64, arm64)
• Include OCI image labels for better metadata

Example

When you create a release v1.2.0, the following Docker tags will be created:

• robertlestak/cert-manager-sync:v1.2.0
• robertlestak/cert-manager-sync:1.2
• robertlestak/cert-manager-sync:1
• robertlestak/cert-manager-sync:9e426479499f23a56d596aa9f8e3188924b82947 (existing)
• robertlestak/cert-manager-sync:latest (on main branch)

Benefits

• ✅ Users can pin to specific versions (image: cert-manager-sync:v1.2.0)
• ✅ Compatible with Renovate and other dependency bots
• ✅ Follows semantic versioning conventions
• ✅ Maintains backward compatibility with commit SHA tags
• ✅ Easier to reference in Helm charts and Kubernetes manifests

Testing

Tested locally with:

docker buildx build --platform linux/amd64,linux/arm64 \
  -t robertlestak/cert-manager-sync:v1.2.0 \
  -t robertlestak/cert-manager-sync:1.2 \
  -t robertlestak/cert-manager-sync:1 \
  .

Migration

No breaking changes - existing commit SHA tags will continue to work.