ci: build notary docker image for both dev branch and releases (#726)

.github/workflows/cd.yml

@@ -1,52 +0,0 @@
-name: cd
-
-on:
-  push:
-    tags:
-      - "[v]?[0-9]+.[0-9]+.[0-9]+*"
-
-env:
-  CONTAINER_REGISTRY: ghcr.io
-
-jobs:
-  build_and_publish_notary_server_image:
-    name: Build and publish notary server's image
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Wait for integration test workflow to succeed
-        uses: lewagon/wait-on-check-action@v1.3.1
-        with:
-          ref: ${{ github.ref }}
-          # More details [here](https://github.com/lewagon/wait-on-check-action#check-name)
-          check-name: 'Run tests release build'
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          # How frequent (in seconds) this job will call GitHub API to check the status of the job specified at 'check-name'
-          wait-interval: 60
-
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Log in to the Container registry
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.CONTAINER_REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Extract metadata (tags, labels) for Docker image of notary server
-        id: meta-notary-server
-        uses: docker/metadata-action@v4
-        with:
-          images: ${{ env.CONTAINER_REGISTRY }}/${{ github.repository }}/notary-server
-
-      - name: Build and push Docker image of notary server
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.meta-notary-server.outputs.tags }}
-          labels: ${{ steps.meta-notary-server.outputs.labels }}
-          file: ./crates/notary/server/notary-server.Dockerfile

.github/workflows/ci.yml

@@ -23,6 +23,7 @@ env:
   # 32 seems to be big enough for the foreseeable future
   RAYON_NUM_THREADS: 32
   GIT_COMMIT_HASH: ${{ github.event.pull_request.head.sha || github.sha }}
+
 jobs:
   clippy:
     name: Clippy
@@ -302,7 +303,7 @@ jobs:
       packages: write
     env:
       CONTAINER_REGISTRY: ghcr.io
-    if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/dev'
+    if: github.ref == 'refs/heads/dev' || (startsWith(github.ref, 'refs/tags/v') && contains(github.ref, '.'))
     steps:
       - name: Download notary-server-sgx.zip from gramine-sgx job
         uses: actions/download-artifact@v4
@@ -343,4 +344,38 @@ jobs:
           tags: ${{ steps.meta-notary-server-sgx.outputs.tags }}
           labels: ${{ steps.meta-notary-server-sgx.outputs.labels }}
           file: ./Dockerfile
+  build_and_publish_notary_server_image:
+    name: Build and publish notary server's image
+    runs-on: ubuntu-latest
+    needs: build-and-test
+    permissions:
+      contents: read
+      packages: write
+    env:
+      CONTAINER_REGISTRY: ghcr.io
+    if: github.ref == 'refs/heads/dev' || (startsWith(github.ref, 'refs/tags/v') && contains(github.ref, '.'))
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
+      - name: Log in to the Container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.CONTAINER_REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker image of notary server
+        id: meta-notary-server
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.CONTAINER_REGISTRY }}/${{ github.repository }}/notary-server
+
+      - name: Build and push Docker image of notary server
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta-notary-server.outputs.tags }}
+          labels: ${{ steps.meta-notary-server.outputs.labels }}
+          file: ./crates/notary/server/notary-server.Dockerfile