Wf upgrade (#23)

.github/workflows/create_release.yaml

@@ -10,40 +10,25 @@ env:
 jobs:
   build:
     runs-on: ubuntu-latest
-    if: github.event.pull_request.merged
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'release') &&github.event.pull_request.merged}}
     permissions:
       id-token: write
-      contents: read
+      contents: write
       packages: write
       attestations: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-
-      - name: Login to Container registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          tags: |
-            type=semver,pattern={{version}}
-            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+          persist-credentials: false
 
       - name: Build variables
         id: build_env
         run: |
           echo "BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")" >> $GITHUB_ENV
           echo "PROJECT_URL=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}" >> $GITHUB_ENV
-          echo "VCS_REF=$GITHUB_SHA" >> $GITHUB_OUTPUT
+          echo "VCS_REF=$GITHUB_SHA" >> $GITHUB_ENV
 
       - name: Generate tag
         id: generate_tag
@@ -54,6 +39,21 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.WF_TOKEN }}
 
+      - name: Login to Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
 
       - name: Build and push Docker image
         id: push
@@ -73,11 +73,11 @@ jobs:
         run: |
           git config --global user.name "github-actions[bot]"
           git config --global user.email "github-actions[bot]@users.noreply.github.com"
+          git tag ${{ steps.generate_tag.outputs.tag }}
 
       - name: Push tag
-        env:
-          GITHUB_TOKEN: ${{ secrets.WF_TOKEN }}
-        run: |
-          git tag ${{ steps.generate_tag.outputs.tag }}
-          git push origin --tags
-   
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.WF_TOKEN }}
+          tags: true
+          push_only_tags: true

.github/workflows/enforce-labels.yaml

@@ -7,8 +7,16 @@ jobs:
   enforce-label:
     runs-on: ubuntu-latest
     steps:
-      - uses: yogevbd/enforce-label-action@2.1.0
+      - name: check_semver_label
+        if: contains(github.event.pull_request.labels.*.name, 'release')
+        uses: yogevbd/enforce-label-action@2.1.0
         with:
           REQUIRED_LABELS_ANY: "major,minor,patch"
           REQUIRED_LABELS_ANY_DESCRIPTION: "Select at least one label ['major','minor','patch']"
-          BANNED_LABELS: "banned"
+          BANNED_LABELS: "banned"
+      - name: check_change_label
+        uses: yogevbd/enforce-label-action@2.1.0
+        with:
+          REQUIRED_LABELS_ANY: "feature,bug,documentation,chores,perf,refactors,tests,maintenance"
+          REQUIRED_LABELS_ANY_DESCRIPTION: "Select at least one label ['feature','bug','documentation','chores','perf','refactors','tests','maintenance']"
+          BANNED_LABELS: "banned"

.github/workflows/release_tags.yaml

@@ -38,7 +38,6 @@ jobs:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
             type=semver,pattern={{version}}
-            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
 
       - name: Build variables
         id: build_env
@@ -62,25 +61,12 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
-      - name: Use Docker Image URL in Release Drafter
-        env:
-          IMAGE_TAG: ${{ steps.meta.outputs.tags }}
-        run: |
-          sed -i "s|{{IMAGE_TAG}}|${IMAGE_TAG}|g" .github/release-drafter.yml
-
       - name: Run Release Drafter
         id: create_release
         uses: release-drafter/release-drafter@v5
         with:
           config-name: release-drafter.yml
           publish: true
+          version: ${{ env.DOCKER_METADATA_OUTPUT_VERSION }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-#      - name: Generate artifact attestation
-#        uses: actions/attest-build-provenance@v1
-#        with:
-#          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
-#          subject-digest: ${{ steps.push.outputs.digest }}
-#          push-to-registry: true
-

Dockerfile

@@ -1,7 +1,7 @@
 # Build the process-rest binary
 ARG GOVERSION=1.21
 FROM golang:$GOVERSION as builder
-ARG GOVERSION=1.20
+ARG GOVERSION=1.21
 ARG VCS_REF
 ARG BUILD_DATE
 ARG VERSION