From f0c952d02cbe3261f94ac7f7e7f4c207435b8230 Mon Sep 17 00:00:00 2001
From: Lukas Malte Monnerjahn <lukasmalte.monnerjahn@dataport.de>
Date: Tue, 11 Feb 2025 14:56:48 +0100
Subject: [PATCH] Avoid unintentionally overwriting 'latest' image tag

---
 .gitlab-ci.yml | 16 ++++++++++++----
 pom.xml        |  4 ++--
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8198bda..1b03623 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -60,13 +60,16 @@ verify:
     - export PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout $MAVEN_CLI_OPTS | cut -d'-' -f1)
     - export PROJECT_ARTIFACTID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout $MAVEN_CLI_OPTS)
     - export NEXUS_IMAGE_PREFIX="docker.ozg-sh.de/${PROJECT_ARTIFACTID}"
+    - export MERGE_REQUEST_TAG="${PROJECT_VERSION}-MR-${CI_MERGE_REQUEST_IID}"
+    - export SNAPSHOT_TAG="${PROJECT_VERSION}-${CI_COMMIT_BRANCH}"
 
 # Merge request jobs
 push-merge-request-image-gitlab:
   stage: publish
   extends: .get-version
   script:
-    - export IMAGE_TAGS="${CI_REGISTRY_IMAGE}:${PROJECT_VERSION}-MR-${CI_MERGE_REQUEST_IID},${CI_REGISTRY_IMAGE}:${PROJECT_VERSION}-MR-${CI_MERGE_REQUEST_IID}-${CI_COMMIT_SHORT_SHA}"
+    - export PRIMARY_IMAGE_TAG=${MERGE_REQUEST_TAG}
+    - export IMAGE_TAGS="${CI_REGISTRY_IMAGE}:${MERGE_REQUEST_TAG},${CI_REGISTRY_IMAGE}:${MERGE_REQUEST_TAG}-${CI_COMMIT_SHORT_SHA}"
     - mvn deploy -Pgitlab-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
   rules:
     - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
@@ -76,7 +79,8 @@ push-merge-request-image-nexus:
   stage: publish
   extends: .get-version
   script:
-    - export IMAGE_TAGS="${NEXUS_IMAGE_PREFIX}:${PROJECT_VERSION}-MR-${CI_MERGE_REQUEST_IID},${NEXUS_IMAGE_PREFIX}:${PROJECT_VERSION}-MR-${CI_MERGE_REQUEST_IID}-${CI_COMMIT_SHORT_SHA}"
+    - export PRIMARY_IMAGE_TAG=${MERGE_REQUEST_TAG}
+    - export IMAGE_TAGS="${NEXUS_IMAGE_PREFIX}:${MERGE_REQUEST_TAG},${NEXUS_IMAGE_PREFIX}:${MERGE_REQUEST_TAG}-${CI_COMMIT_SHORT_SHA}"
     - mvn deploy -Pnexus-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
   rules:
     - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
@@ -118,7 +122,8 @@ push-snapshot-image-gitlab:
   stage: publish
   extends: .get-version
   script:
-    - export IMAGE_TAGS="${CI_REGISTRY_IMAGE}:${PROJECT_VERSION}-main,${CI_REGISTRY_IMAGE}:${PROJECT_VERSION}-main-${CI_COMMIT_SHORT_SHA},${CI_REGISTRY_IMAGE}:snapshot-latest"
+    - export PRIMARY_IMAGE_TAG=${SNAPSHOT_TAG}
+    - export IMAGE_TAGS="${CI_REGISTRY_IMAGE}:${SNAPSHOT_TAG},${CI_REGISTRY_IMAGE}:${SNAPSHOT_TAG}-${CI_COMMIT_SHORT_SHA},${CI_REGISTRY_IMAGE}:snapshot-latest"
     - mvn deploy -Pgitlab-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
   only:
     - main
@@ -127,7 +132,8 @@ push-snapshot-image-nexus:
   stage: publish
   extends: .get-version
   script:
-    - export IMAGE_TAGS="${NEXUS_IMAGE_PREFIX}:${PROJECT_VERSION}-main,${NEXUS_IMAGE_PREFIX}:${PROJECT_VERSION}-main-${CI_COMMIT_SHORT_SHA},${NEXUS_IMAGE_PREFIX}:snapshot-latest"
+    - export PRIMARY_IMAGE_TAG=${SNAPSHOT_TAG}
+    - export IMAGE_TAGS="${NEXUS_IMAGE_PREFIX}:${SNAPSHOT_TAG},${NEXUS_IMAGE_PREFIX}:${SNAPSHOT_TAG}-${CI_COMMIT_SHORT_SHA},${NEXUS_IMAGE_PREFIX}:snapshot-latest"
     - mvn deploy -Pnexus-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
   only:
     - main
@@ -156,6 +162,7 @@ push-release-image-gitlab:
   extends: .get-version
   script:
     - mvn versions:set -DnewVersion=${CI_COMMIT_TAG} $MAVEN_CLI_OPTS
+    - export PRIMARY_IMAGE_TAG=${CI_COMMIT_TAG}
     - export IMAGE_TAGS="${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG},${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}-release,${CI_REGISTRY_IMAGE}:latest"
     - mvn deploy -Pgitlab-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
   rules:
@@ -166,6 +173,7 @@ push-release-image-nexus:
   extends: .get-version
   script:
     - mvn versions:set -DnewVersion=${CI_COMMIT_TAG} $MAVEN_CLI_OPTS
+    - export PRIMARY_IMAGE_TAG=${CI_COMMIT_TAG}
     - export IMAGE_TAGS="${NEXUS_IMAGE_PREFIX}:${CI_COMMIT_TAG},${NEXUS_IMAGE_PREFIX}:${CI_COMMIT_TAG}-release,${NEXUS_IMAGE_PREFIX}:latest"
     - mvn deploy -Pnexus-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
   rules:
diff --git a/pom.xml b/pom.xml
index f057b82..08bbcb6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -474,7 +474,7 @@
 						<artifactId>spring-boot-maven-plugin</artifactId>
 						<configuration>
 							<image>
-								<name>${CI_REGISTRY_IMAGE}/${project.artifactId}</name>
+								<name>${CI_REGISTRY_IMAGE}:${PRIMARY_IMAGE_TAG}</name>
 								<tags>${IMAGE_TAGS}</tags>
 								<publish>true</publish>
 							</image>
@@ -502,7 +502,7 @@
 						<artifactId>spring-boot-maven-plugin</artifactId>
 						<configuration>
 							<image>
-								<name>docker.ozg-sh.de/${project.artifactId}</name>
+								<name>docker.ozg-sh.de/${project.artifactId}:${PRIMARY_IMAGE_TAG}</name>
 								<tags>${IMAGE_TAGS}</tags>
 								<publish>true</publish>
 							</image>
-- 
GitLab