From 1664091f1536176bd2bb2293e5679c31c306d480 Mon Sep 17 00:00:00 2001
From: Bruno Pacheco <brunopacheco1@yahoo.com>
Date: Tue, 19 Mar 2024 13:39:38 +0100
Subject: [PATCH] fix: ensure SHA tag is the last one

---
 .github/workflows/main.yml    | 14 +++++++-------
 .github/workflows/release.yml | 21 ++++++++++++++++++---
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index cc8c8ad..323432b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -59,13 +59,13 @@ jobs:
         with:
           images: ${{ env.IMAGE_NAME }}
           tags: |
-            type=schedule
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-            type=sha
+            type=schedule,priority=400
+            type=ref,event=branch,priority=600
+            type=ref,event=pr,priority=500
+            type=semver,pattern={{version}},priority=700
+            type=semver,pattern={{major}}.{{minor}},priority=900
+            type=semver,pattern={{major}},priority=800
+            type=sha,priority=1000
 
       - name: Extract last tag
         id: tag
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d84a983..9764de6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -53,22 +53,37 @@ jobs:
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.IMAGE_NAME }}
+          tags: |
+            type=schedule,priority=400
+            type=ref,event=branch,priority=600
+            type=ref,event=pr,priority=500
+            type=semver,pattern={{version}},priority=700
+            type=semver,pattern={{major}}.{{minor}},priority=900
+            type=semver,pattern={{major}},priority=800
+            type=sha,priority=1000
+
+      - name: Extract last tag
+        id: tag
+        run: |
+          IFS=',' read -ra TAGS <<< "${{ steps.meta.outputs.tags }}"
+          LAST_INDEX=$((${#TAGS[@]} - 1))
+          echo "last_tag=${TAGS[LAST_INDEX]}" >> $GITHUB_OUTPUT
 
       - name: Build Docker image for scanning
         uses: docker/build-push-action@v5
         with:
           context: .
           load: true
-          tags: ${{ steps.meta.outputs.tags }}
+          tags: ${{ steps.tag.outputs.last_tag }}
           labels: ${{ steps.meta.outputs.labels }}
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: "${{ env.IMAGE_NAME }}:latest"
+          image-ref: "${{ steps.tag.outputs.last_tag }}"
           format: "table"
           exit-code: "1"
           ignore-unfixed: true