From d3c40d6a3dc6ae2ee01ff9f5daa20d0cb9ba7a89 Mon Sep 17 00:00:00 2001
From: Gavin Mogan <git@gavinmogan.com>
Date: Wed, 1 Oct 2025 21:45:08 -0700
Subject: [PATCH] Add in docker/metadata action's annotations and labels

---
 .github/workflows/ci.yml | 49 ++++++++++++++++++++++++++++++----------
 docker-bake.hcl          | 14 +++++++++++-
 generate-docker-bake.sh  | 22 ++++++++++++++----
 3 files changed, 68 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 63ecaa0..1ce2027 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -8,6 +8,7 @@ on:
       - '**.md'
       - '.gitignore'
       - '.github/workflows/pushrm.yml'
+  workflow_dispatch:
   pull_request:
     paths-ignore:
       - '**.md'
@@ -151,6 +152,9 @@ jobs:
     needs: [ test-script ]
     runs-on: ubuntu-22.04
     environment: docker.io
+    permissions:
+      contents: read
+      packages: write
     steps:
       # Increase available disk space by removing unnecessary tool chains:
       # https://github.com/actions/runner-images/issues/2840#issuecomment-790492173
@@ -165,27 +169,48 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
+      - name: Configure build revision
+        id: vars
+        run: echo "sha_short=${GITHUB_SHA:0:7}" >> "$GITHUB_OUTPUT"
+
       - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
+        if: github.repository_owner == 'prodrigestivill'
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Configure build revision
-        id: vars
-        run: echo "::set-output name=sha_short::${GITHUB_SHA:0:7}"
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        if: github.repository_owner != 'prodrigestivill'
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build images
-        env:
-          REGISTRY_PREFIX: ${{ secrets.DOCKERHUB_USERNAME }}/
-          BUILD_REVISION: ${{ steps.vars.outputs.sha_short }}
-        run: docker buildx bake --pull
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+
+      - name: Get repo name
+        run: |
+          echo "REPO_NAME=$(echo "$GITHUB_REPOSITORY" | cut -d "/" -f 2)" >> "$GITHUB_ENV"
+          echo "GHCR_REPO=ghcr.io/$GITHUB_REPOSITORY_OWNER" >> "$GITHUB_ENV"
 
-      - name: Push images
+      - name: Build image
+        uses: docker/bake-action@v6
         env:
-          REGISTRY_PREFIX: ${{ secrets.DOCKERHUB_USERNAME }}/
+          REGISTRY_PREFIX: ${{ github.repository_owner == 'prodrigestivill' && secrets.DOCKERHUB_USERNAME || env.GHCR_REPO }}/
+          IMAGE_NAME: ${{ github.repository_owner == 'prodrigestivill' && 'postgres-backup-local' || env.REPO_NAME }}
           BUILD_REVISION: ${{ steps.vars.outputs.sha_short }}
-        run: docker buildx bake --push
+        with:
+          push: true
+          targets: default
+          files: |
+            ./docker-bake.hcl
+            cwd://${{ steps.meta.outputs.bake-file-labels }}
+            cwd://${{ steps.meta.outputs.bake-file-annotations }}
+
 
   ## Example of publish using GitHub Container Registry instead
   # publish:
diff --git a/docker-bake.hcl b/docker-bake.hcl
index e99b5d9..1fb8646 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -1,5 +1,15 @@
+target "docker-metadata-action" {}
+
 group "default" {
-	targets = ["debian-latest", "alpine-latest", "debian-17", "debian-16", "debian-15", "debian-14", "debian-13", "alpine-17", "alpine-16", "alpine-15", "alpine-14", "alpine-13"]
+	targets = ["debian-latest", "debian-17", "debian-16", "debian-15", "debian-14", "debian-13", "alpine-latest", "alpine-17", "alpine-16", "alpine-15", "alpine-14", "alpine-13"]
+}
+
+group "debian-all" {
+	targets = ["debian-latest", "debian-17", "debian-16", "debian-15", "debian-14", "debian-13"]
+}
+
+group "alpine-all" {
+	targets = ["alpine-latest", "alpine-17", "alpine-16", "alpine-15", "alpine-14", "alpine-13"]
 }
 
 variable "REGISTRY_PREFIX" {
@@ -15,11 +25,13 @@ variable "BUILD_REVISION" {
 }
 
 target "debian" {
+	inherits = ["docker-metadata-action"]
 	args = {"GOCRONVER" = "v0.0.11"}
 	dockerfile = "debian.Dockerfile"
 }
 
 target "alpine" {
+	inherits = ["docker-metadata-action"]
 	args = {"GOCRONVER" = "v0.0.11"}
 	dockerfile = "alpine.Dockerfile"
 }
diff --git a/generate-docker-bake.sh b/generate-docker-bake.sh
index b36be88..15d30f8 100755
--- a/generate-docker-bake.sh
+++ b/generate-docker-bake.sh
@@ -12,11 +12,22 @@ cd "$(dirname "$0")"
 
 P="\"$(echo $PLATFORMS | sed 's/ /", "/g')\""
 
-T="\"debian-latest\", \"alpine-latest\", \"$(echo debian-$TAGS_EXTRA | sed 's/ /", "debian-/g')\", \"$(echo alpine-$TAGS_EXTRA | sed 's/ /", "alpine-/g')\""
+DEBIAN_TARGETS="\"debian-latest\", \"$(echo debian-$TAGS_EXTRA | sed 's/ /", "debian-/g')\""
+ALPINE_TARGETS="\"alpine-latest\", \"$(echo alpine-$TAGS_EXTRA | sed 's/ /", "alpine-/g')\""
+
+cat >"$DOCKER_BAKE_FILE" <<EOF
+target "docker-metadata-action" {}
 
-cat > "$DOCKER_BAKE_FILE" << EOF
 group "default" {
-	targets = [$T]
+	targets = [$DEBIAN_TARGETS, $ALPINE_TARGETS]
+}
+
+group "debian-all" {
+	targets = [$DEBIAN_TARGETS]
+}
+
+group "alpine-all" {
+	targets = [$ALPINE_TARGETS]
 }
 
 variable "REGISTRY_PREFIX" {
@@ -32,11 +43,13 @@ variable "BUILD_REVISION" {
 }
 
 target "debian" {
+	inherits = ["docker-metadata-action"]
 	args = {"GOCRONVER" = "$GOCRONVER"}
 	dockerfile = "debian.Dockerfile"
 }
 
 target "alpine" {
+	inherits = ["docker-metadata-action"]
 	args = {"GOCRONVER" = "$GOCRONVER"}
 	dockerfile = "alpine.Dockerfile"
 }
@@ -64,7 +77,8 @@ target "alpine-latest" {
 }
 EOF
 
-for TAG in $TAGS_EXTRA; do cat >> "$DOCKER_BAKE_FILE" << EOF
+for TAG in $TAGS_EXTRA; do
+  cat >>"$DOCKER_BAKE_FILE" <<EOF
 
 target "debian-$TAG" {
 	inherits = ["debian"]