Adopt commit-based container tags (#232)

## Summary - Replace git-tag-triggered container builds with path-based triggers on main and workflow_dispatch - Image tags now encode upstream app version + commit SHA (`vX.Y.Z-<sha>`) for full traceability - Replace `container-tag-and-release` task with `container-build-and-release` (dispatches workflows via Forgejo API) - Update dagger `publish()` to accept `commit_sha` parameter - Update all docs and references to the new workflow ## Deployment and Testing - [ ] Merge to main - [ ] `mise run container-build-and-release <name>` for each container to populate new-format tags - [ ] Verify tags in registry via `mise run container-list` - [ ] Existing images untouched — old tags remain available Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/232
2026-02-20 22:56:20 -08:00 · 2026-02-20 22:56:20 -08:00 · ffa8727660
commit ffa8727660
parent 0e2c10176d
13 changed files with 363 additions and 258 deletions
--- a/.dagger/src/blumeops_ci/main.py
+++ b/.dagger/src/blumeops_ci/main.py
@ -18,11 +18,15 @@ class BlumeopsCi:
        src: dagger.Directory,
        container_name: str,
        version: str,
+        commit_sha: str,
        registry: str = "registry.ops.eblu.me",
    ) -> str:
-        """Build and push to registry. Returns the image ref."""
+        """Build and push to registry. Returns the image ref.
+
+        Tag format: {version}-{commit_sha} (e.g. v1.0.0-abc1234)
+        """
        ctr = self.build(src, container_name)
-        ref = f"{registry}/blumeops/{container_name}:{version}"
+        ref = f"{registry}/blumeops/{container_name}:{version}-{commit_sha}"
        return await ctr.publish(ref)

    @function