From 40a342d2d08e484888461bf071147462846380f5 Mon Sep 17 00:00:00 2001
From: Jashandeep Sohi <jashandeep.s.sohi@gmail.com>
Date: Tue, 6 Aug 2024 16:42:24 -0700
Subject: [PATCH] tag images semver

---
 .github/workflows/build-containers.yaml | 24 +++++++++++++++++++-----
 flake.nix                               |  5 +++--
 version.nix                             |  3 +++
 3 files changed, 25 insertions(+), 7 deletions(-)
 create mode 100644 version.nix

diff --git a/.github/workflows/build-containers.yaml b/.github/workflows/build-containers.yaml
index 31d3756..1591378 100644
--- a/.github/workflows/build-containers.yaml
+++ b/.github/workflows/build-containers.yaml
@@ -1,23 +1,37 @@
 name: Build Contianers
 on:
   push:
-    branches: 
+    branches:
       - master
 
 jobs:
   build:
     concurrency:
       group: container
-      
+
     runs-on: ubuntu-latest
     permissions:
       id-token: "write"
       contents: "read"
       packages: write
-      
+
     steps:
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          tags: |
+            type=ref,event=branch
+            type=semver,pattern=v{{major}}
+            type=semver,pattern=v{{major}}.{{minor}}
+            type=semver,pattern=v{{version}}
+
       - uses: actions/checkout@v4
       - uses: DeterminateSystems/nix-installer-action@main
       - uses: DeterminateSystems/magic-nix-cache-action@main
-      - run: nix run .#sealContainer.copyTo --impure -- --dest-username ${{ github.actor}} --dest-password '${{ secrets.GITHUB_TOKEN }}' docker://ghcr.io/${{ github.repository }}/seal
-      - run: nix run .#unsealContainer.copyTo --impure -- --dest-username ${{ github.actor}} --dest-password '${{ secrets.GITHUB_TOKEN }}' docker://ghcr.io/${{ github.repository }}/unseal
+      - run: |-
+          echo '{ name = "${{ github.ref_name }}"; url = "https://github.com/${{ github.repository }}"; }' > version.nix
+
+          for tag in $(jq -r '.tags[]' <<< "$DOCKER_METADATA_OUTPUT_JSON"); do
+            nix run .#sealContainer.copyTo --impure -- --dest-username ${{ github.actor}} --dest-password '${{ secrets.GITHUB_TOKEN }}' docker://ghcr.io/${{ github.repository }}/seal:$tag
+            nix run .#unsealContainer.copyTo --impure -- --dest-username ${{ github.actor}} --dest-password '${{ secrets.GITHUB_TOKEN }}' docker://ghcr.io/${{ github.repository }}/unseal:$tag
+          done
diff --git a/flake.nix b/flake.nix
index 46561a5..ea46643 100644
--- a/flake.nix
+++ b/flake.nix
@@ -32,8 +32,9 @@
 
       perSystem = { config, self', inputs', pkgs, system, ... }:
       let
-        version = with inputs; "${self.shortRev or self.dirtyShortRev or "unknown"}";
-        homepage = "https://github.com/jashandeep-sohi/krm-fn-sealedsecrets";
+        versionFile = import ./version.nix;
+        version = with inputs; "${versionFile.name or self.shortRev or self.dirtyShortRev or "unknown"}";
+        homepage = versionFile.url or "https://github.com/jashandeep-sohi/krm-fn-sealedsecrets";
         buildGoCmd = { pname, cmd }: inputs'.gomod2nix.legacyPackages.buildGoApplication {
           inherit pname version;
           src = pkgs.lib.cleanSource ./.;
diff --git a/version.nix b/version.nix
new file mode 100644
index 0000000..94680e7
--- /dev/null
+++ b/version.nix
@@ -0,0 +1,3 @@
+# This file can be used to inject version info during build time.
+# { name = "xxx"; url = "xxx"}
+{ }