chore: force installing the latest gemini-cli from npm registry on deployment, #10

Author: weaponsforge

.github/workflows/release.yml

@@ -35,7 +35,7 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Extract metadata
+      - name: Generate Docker Image Tags and Labels
         id: meta
         uses: docker/metadata-action@v5
         with:
@@ -44,10 +44,10 @@ jobs:
             type=ref,event=branch
             type=ref,event=pr
             type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
+            # type=semver,pattern={{major}}.{{minor}}
             type=raw,value=latest,enable={{is_default_branch}}
 
-      - name: Build and push Docker image
+      - name: Build and Push Docker Image
         uses: docker/build-push-action@v5
         with:
           context: .
@@ -60,15 +60,16 @@ jobs:
           cache-to: type=gha,mode=max
           build-args: |
             BUILDKIT_INLINE_CACHE=1
+            CACHEBUST=${{ github.run_id }}
 
-      - name: Scan image for vulnerabilities
+      - name: Scan Image for Vulnerabilities
         uses: aquasecurity/[email protected]
         with:
           image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
           format: 'sarif'
           output: 'trivy-results.sarif'
 
-      - name: Upload Trivy scan results to GitHub Security tab
+      - name: Upload Trivy Scan Results to GitHub Security Tab
         uses: github/codeql-action/upload-sarif@v3
         if: always()
         with:

Dockerfile

@@ -5,6 +5,7 @@ WORKDIR /opt/app
 RUN chown -R node:node /opt/app
 
 # Install global dependencies as root (necessary for global packages)
+ARG CACHEBUST=1
 RUN npm install -g @google/gemini-cli
 
 # Switch to non-root user