How to implement semantic versioning in GitHub Actions workflow?

Question

I would like to semantic versioning my docker images which are built and pushed to GitHub Container Registry by the GitHub Action.

I found a satisfying solution here: https://stackoverflow.com/a/69059228/12877180

According to the solution I reproduced the following YAML.

name: Docker CI

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

env:
  REGISTRY: ghcr.io

jobs:
  build-push:
    # needs: build-test
    name: Buid and push Docker image to GitHub Container registry
    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read

    steps:
    - name: Checkout the repository
      uses: actions/checkout@v2

    - name: Login to GitHub Container registry
      uses: docker/login-action@v1
      env:
        USERNAME: ${{ github.actor }}
        PASSWORD: ${{ secrets.GITHUB_TOKEN }}
      with:
        registry: ${{ env.REGISTRY }}
        username: ${{ env.USERNAME }}
        password: ${{ env.PASSWORD }}

    - name: Get lowercase repository name
      run: |
        echo "IMAGE=${REPOSITORY,,}">>${GITHUB_ENV}
      env:
        REPOSITORY: ${{ env.REGISTRY }}/${{ github.repository }}

    - name: Build and export the image to Docker
      uses: docker/build-push-action@v2
      with:
        context: .
        file: ./docker/Dockerfile
        target: final
        push: true
        tags: |
          ${{ env.IMAGE }}:${{ secrets.MAJOR }}.${{ secrets.MINOR }}
        build-args: |
          ENVIRONMENT=production

    - name: Update Patch version
      uses: hmanzur/[email protected]
      with:
        name: 'MINOR'
        value: $((${{ secrets.MINOR }} + 1))
        repository: ${{ github.repository }}
        token: ${{ secrets.GH_PAT }}

Unfortunately this does not work.

The initial value of the MINOR secret is 0. If the build-push job is executed very first time, the docker image is perfectly pushed to the GHCR with the ghcr.io/my-org/my-repo:0.0 syntax. The purpose of the build-push job is then increment the MINOR secret by 1.

If the action job build-push is executed again after new event, I get error while trying to build docker image using the incremented tag.

/usr/bin/docker buildx build --build-arg ENVIRONMENT=production --tag ghcr.io/my-org/my-repo:***.*** --target final --iidfile /tmp/docker-build-push-HgjJR7/iidfile --metadata-file /tmp/docker-build-push-HgjJR7/metadata-file --file ./docker/Dockerfile --push .
error: invalid tag "ghcr.io/my-org/my-repo:***.***": invalid reference format
Error: buildx failed with: error: invalid tag "ghcr.io/my-org/my-repo:***.***": invalid reference format

Answer 1

You need to increment the version in a bash command like this:

      - name: Autoincrement a new patch version
        run: |
          echo "NEW_PATCH_VERSION=$((${{ env.PATCH_VERSION }}+1))" >> $GITHUB_ENV
      - name: Update patch version
        uses: hmanzur/[email protected]
        with:
          name: 'PATCH_VERSION'
          value: ${{ env.NEW_PATCH_VERSION }}
          repository: ${{ github.repository }}
          token: ${{ secrets.REPO_ACCESS_TOKEN }}