ci: Do not push latest tag on Docker images

[Thegaram]

Purpose or design rationale of this PR

Removed 'latest' tag from multiple Docker image builds in the workflow.

This tag is brittle and error-prone. E.g. when we push tags on unstable feature branches, the new images are also tagged as latest. It is better to remove this tag and always rely on explicit image versions.

PR title

Your PR title must follow conventional commits (as we are doing squash merge for each PR), so it must start with one of the following types:

• ci: Changes to our CI configuration files and scripts (example scopes: vercel, github, cypress)

Deployment tag versioning

Has tag in common/version.go been updated or have you added bump-version label to this PR?

• No, this PR doesn't involve a new deployment, git tag, docker image tag
• Yes

Breaking change label

Does this PR have the breaking-change label?

• No, this PR is not a breaking change
• Yes

Summary by CodeRabbit

• Chores
  • Updated Docker image publishing policy: images are no longer tagged or pushed as :latest. Only explicit version/IMAGE_TAG tags will be published to registries.
  • Impact: consumers must pull images using a specific tag; any automation or deployments relying on :latest will no longer receive updates and should be updated to use explicit tags.

[Copilot]

Pull Request Overview

This PR removes the 'latest' tag from Docker image builds across all services in the CI workflow to improve version control and prevent accidental deployment of unstable builds.

• Removes 'latest' tag from all Docker image build steps
• Maintains explicit versioning through IMAGE_TAG environment variable
• Affects both DockerHub (scrolltech) and ECR registry pushes

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[coderabbitai]

Walkthrough

The Docker GitHub Actions workflow was updated to stop pushing images tagged as :latest. Only the specific IMAGE_TAG is now pushed to registries. No other steps, jobs, or control flow in the workflow were changed.

Changes

Cohort / File(s)	Summary
CI Docker Workflow \.github/workflows/docker.yml	Removed all occurrences of pushing the :latest tag to registries; retained pushing only scrolltech/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }}. Control flow and error handling unchanged.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub Actions
    participant B as Docker Buildx
    participant R as Registry

    Dev->>GH: Push/Tag triggers workflow
    GH->>B: Build image
    B-->>GH: Image artifact
    GH->>R: Push tag: scrolltech/${REPOSITORY}:${IMAGE_TAG}
    note over R: No push of :latest tag

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I hopped through YAML fields so bright,
Snipped “latest” tags in morning light.
Now every build wears a precise badge,
A tidy carrot—no extra baggage.
With IMAGE_TAG we ship just right,
Thump-thump, release is clean and tight. 🥕🛳️

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title succinctly follows conventional commit guidelines with the “ci:” prefix and directly communicates that the CI workflow change removes pushing the Docker image’s latest tag.
Description Check	✅ Passed	The pull request description follows the repository’s template by clearly stating the purpose, design rationale, why and how the change was made, and includes the PR title checklist, deployment tag versioning, and breaking change labels as required.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch Thegaram-patch-1

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ad0c918 and 225fdf8.

📒 Files selected for processing (1)

• .github/workflows/docker.yml (0 hunks)

💤 Files with no reviewable changes (1)

• .github/workflows/docker.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🧪 Early access (Sonnet 4.5): enabled

We are currently testing the Sonnet 4.5 model, which is expected to improve code review quality. However, this model may lead to increased noise levels in the review comments. Please disable the early access features if the noise level causes any inconvenience.

Note:

• Public repositories are always opted into early access features.
• You can enable or disable early access features from the CodeRabbit UI or by updating the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}