tag images semver

.github/workflows/build-containers.yaml

@@ -1,23 +1,37 @@
 name: Build Contianers
 on:
   push:
-    branches: 
+    branches:
       - master
 
 jobs:
   build:
     concurrency:
       group: container
-      
+
     runs-on: ubuntu-latest
     permissions:
       id-token: "write"
       contents: "read"
       packages: write
-      
+
     steps:
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          tags: |
+            type=ref,event=branch
+            type=semver,pattern=v{{major}}
+            type=semver,pattern=v{{major}}.{{minor}}
+            type=semver,pattern=v{{version}}
+
       - uses: actions/checkout@v4
       - uses: DeterminateSystems/nix-installer-action@main
       - uses: DeterminateSystems/magic-nix-cache-action@main
-      - run: nix run .#sealContainer.copyTo --impure -- --dest-username ${{ github.actor}} --dest-password '${{ secrets.GITHUB_TOKEN }}' docker://ghcr.io/${{ github.repository }}/seal
-      - run: nix run .#unsealContainer.copyTo --impure -- --dest-username ${{ github.actor}} --dest-password '${{ secrets.GITHUB_TOKEN }}' docker://ghcr.io/${{ github.repository }}/unseal
+      - run: |-
+          echo '{ name = "${{ github.ref_name }}"; url = "https://github.com/${{ github.repository }}"; }' > version.nix
+
+          for tag in $(jq -r '.tags[]' <<< "$DOCKER_METADATA_OUTPUT_JSON"); do
+            nix run .#sealContainer.copyTo --impure -- --dest-username ${{ github.actor}} --dest-password '${{ secrets.GITHUB_TOKEN }}' docker://ghcr.io/${{ github.repository }}/seal:$tag
+            nix run .#unsealContainer.copyTo --impure -- --dest-username ${{ github.actor}} --dest-password '${{ secrets.GITHUB_TOKEN }}' docker://ghcr.io/${{ github.repository }}/unseal:$tag
+          done

flake.nix

@@ -32,8 +32,9 @@
 
       perSystem = { config, self', inputs', pkgs, system, ... }:
       let
-        version = with inputs; "${self.shortRev or self.dirtyShortRev or "unknown"}";
-        homepage = "https://github.com/jashandeep-sohi/krm-fn-sealedsecrets";
+        versionFile = import ./version.nix;
+        version = with inputs; "${versionFile.name or self.shortRev or self.dirtyShortRev or "unknown"}";
+        homepage = versionFile.url or "https://github.com/jashandeep-sohi/krm-fn-sealedsecrets";
         buildGoCmd = { pname, cmd }: inputs'.gomod2nix.legacyPackages.buildGoApplication {
           inherit pname version;
           src = pkgs.lib.cleanSource ./.;

version.nix

@@ -0,0 +1,3 @@
+# This file can be used to inject version info during build time.
+# { name = "xxx"; url = "xxx"}
+{ }