Refactor workflows and documentation for improved clarity and functionality

.github/WORKFLOWS.md

@@ -0,0 +1,97 @@
+# GitHub Actions Workflows Documentation
+
+This repository uses a comprehensive GitHub Actions setup with different workflows for different purposes.
+
+## Workflow Overview
+
+### 1. PUSH-MASTER.yml
+**Trigger**: Push to `master` branch
+
+**Purpose**: Continuous Integration for master branch
+- ✅ Update repository labels
+- ✅ Run Hadolint linting on Dockerfile
+- ✅ Build Docker image (test only, no push)
+
+**Actions**:
+- Labels management
+- Dockerfile linting
+- Docker build test
+
+### 2. PUSH-OTHER.yml
+**Trigger**: Push to any branch except `master`
+
+**Purpose**: Continuous Integration for feature branches
+- ✅ Update repository labels (dry run)
+- ✅ Run Hadolint linting on Dockerfile
+- ✅ Build Docker image (test only for regular branches)
+- ✅ Build & push test Docker images for `test/*` branches
+- ✅ Create Pull Requests based on branch naming conventions
+
+**Special handling for test branches**:
+- Branches starting with `test/` → Build and push Docker images with `test-` prefix
+- Other branches → Build test only (no push)
+
+**Branch naming conventions for auto-PR creation**:
+- `bug/*` → Creates PR with "bugfix" label
+- `dep/*` → Creates PR with "dependency" label  
+- `doc/*` → Creates PR with "documentation" label
+- `feat/*` → Creates PR with "feature" label
+- `test/*` → Creates draft PR with "test" label + pushes test Docker images
+- Other branches → Creates PR with "feature" label
+
+### 3. RELEASE.yml
+**Trigger**: GitHub release published
+
+**Purpose**: Production deployment
+- ✅ Build multi-architecture Docker images (amd64, arm64)
+- ✅ Push images to Docker Hub with release version tag
+- ✅ Push images to GitHub Container Registry
+- ✅ Update Docker Hub description
+- ✅ Update `action.yml` with new image version
+
+**Release Process**:
+1. Create GitHub release with version tag (e.g., `v0.11.0`)
+2. Workflow automatically builds and pushes Docker images
+3. Images are tagged with the release version
+4. `action.yml` is updated to reference the new version
+
+### 4. CRON.yml
+**Trigger**: Weekly schedule (Sundays at 5:00 AM UTC)
+
+**Purpose**: Weekly health check and test image refresh
+- ✅ Build Docker image to ensure dependencies still work
+- ✅ Push test images to keep them fresh for testing
+- ✅ Test that the build process is still functional
+
+## Security & Best Practices
+
+### Required Secrets
+- `GITHUB_TOKEN`: Automatically provided by GitHub Actions
+- `DOCKER_TOKEN`: Docker Hub access token for pushing images
+
+### Required Variables
+- `DOCKER_USERNAME`: Docker Hub username
+- `DOCKER_ORG_NAME`: Docker Hub organization name
+
+### Key Features
+- **Multi-architecture support**: Builds for both `amd64` and `arm64`
+- **Dependency updates**: Uses Dependabot for automated dependency updates
+- **Security scanning**: Hadolint for Dockerfile best practices
+- **Release automation**: Automatic Docker image versioning and deployment
+- **Development safety**: Prevents accidental production deployments from development branches
+
+## Deployment Strategy
+
+### Development Flow
+1. Create feature branch with appropriate naming convention
+2. Push changes → Triggers build test and auto-PR creation
+3. Review and merge PR to master → Triggers master build test
+4. Create GitHub release → Triggers production deployment
+
+### Production Deployment
+- Only happens on GitHub releases
+- Ensures only tested, reviewed code reaches production
+- Automatic versioning and tagging
+- Docker Hub and GitHub Container Registry deployment
+
+This setup ensures a safe, automated, and well-tested deployment pipeline while maintaining development velocity.

.github/workflows/CRON.yml

@@ -1,13 +1,13 @@
-name: Weekly build
+name: Weekly test build & push
 
 on:
   schedule:
     # Run every week at 5.00 AM UTC
     - cron: "0 5 */7 * *"
 
 jobs:
-  build_and_push:
-    name: Build & push
+  build_and_push_test:
+    name: Weekly test build & push
     runs-on: ubuntu-24.04-arm
     steps:
       - name: Checkout
@@ -24,7 +24,7 @@ jobs:
           image: tonistiigi/binfmt:latest
           platforms: amd64,arm64
 
-      - name: Build & push
+      - name: Build & push test image
         env:
           DOCKER_BUILDKIT: 1
           DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}

.github/workflows/PUSH-MASTER.yml

@@ -37,8 +37,8 @@ jobs:
         with:
           dockerfile: Dockerfile
 
-  build_and_push:
-    name: Build & push
+  build_test:
+    name: Build test
     needs: lint
     runs-on: ubuntu-24.04-arm
     steps:
@@ -56,18 +56,8 @@ jobs:
           image: tonistiigi/binfmt:latest
           platforms: amd64,arm64
 
-      - name: Build & push
+      - name: Build test
         env:
           DOCKER_BUILDKIT: 1
-          DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           TERM: xterm-256color
-        run: make push
-
-      - name: Docker Hub Description
-        uses: peter-evans/dockerhub-description@v4.0.2
-        with:
-          username: ${{ vars.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_TOKEN }}
-          repository: ${{ vars.DOCKER_ORG_NAME }}/${{ github.event.repository.name }}
-          short-description: ${{ github.event.repository.description }}
+        run: make build

.github/workflows/PUSH-OTHER.yml

@@ -28,7 +28,7 @@ jobs:
 
   lint:
     name: Linters
-    if: "!startsWith(github.ref, 'refs/heads/dependabot')"
+    if: ${{ !startsWith(github.ref, 'refs/heads/dependabot') }}
     runs-on: ubuntu-24.04-arm
     steps:
       - name: Checkout
@@ -39,9 +39,9 @@ jobs:
         with:
           dockerfile: Dockerfile
 
-  build_and_push:
-    name: Build & push
-    if: "!startsWith(github.ref, 'refs/heads/dependabot')"
+  build_test:
+    name: Build test
+    if: ${{ !startsWith(github.ref, 'refs/heads/dependabot') && !startsWith(github.ref, 'refs/heads/test/') }}
     runs-on: ubuntu-24.04-arm
     steps:
       - name: Checkout
@@ -58,7 +58,32 @@ jobs:
           image: tonistiigi/binfmt:latest
           platforms: amd64,arm64
 
-      - name: Build & push
+      - name: Build test
+        env:
+          DOCKER_BUILDKIT: 1
+          TERM: xterm-256color
+        run: make build
+
+  build_and_push_test:
+    name: Build & push test image
+    if: ${{ startsWith(github.ref, 'refs/heads/test/') }}
+    runs-on: ubuntu-24.04-arm
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker Buildx
+        uses: docker/setup-buildx-action@v3.11.1
+        with:
+          install: true
+
+      - name: QEMU
+        uses: docker/setup-qemu-action@v3.6.0
+        with:
+          image: tonistiigi/binfmt:latest
+          platforms: amd64,arm64
+
+      - name: Build & push test image
         env:
           DOCKER_BUILDKIT: 1
           DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
@@ -92,7 +117,7 @@ jobs:
           get_diff: true
 
       - name: PR - dependency (conditional)
-        if: "startsWith(github.ref, 'refs/heads/dep') && !startsWith(github.ref, 'refs/heads/dependabot')"
+        if: startsWith(github.ref, 'refs/heads/dep') && !startsWith(github.ref, 'refs/heads/dependabot')
         uses: devops-infra/action-pull-request@v0.6.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -133,8 +158,8 @@ jobs:
           draft: true
           get_diff: true
 
-      - name: PR - test (conditional)
-        if: "!startsWith(github.ref, 'refs/heads/bug') && !startsWith(github.ref, 'refs/heads/dep') && !startsWith(github.ref, 'refs/heads/doc')  && !startsWith(github.ref, 'refs/heads/feat') && !startsWith(github.ref, 'refs/heads/test')"
+      - name: PR - other branches (conditional)
+        if: ${{ !(startsWith(github.ref, 'refs/heads/bug') || startsWith(github.ref, 'refs/heads/dep') || startsWith(github.ref, 'refs/heads/doc') || startsWith(github.ref, 'refs/heads/feat') || startsWith(github.ref, 'refs/heads/test')) }}
         uses: devops-infra/action-pull-request@v0.6.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/RELEASE.yml

@@ -0,0 +1,78 @@
+name: Release
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build_and_push:
+    name: Build & push release
+    runs-on: ubuntu-24.04-arm
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker Buildx
+        uses: docker/setup-buildx-action@v3.11.1
+        with:
+          install: true
+
+      - name: QEMU
+        uses: docker/setup-qemu-action@v3.6.0
+        with:
+          image: tonistiigi/binfmt:latest
+          platforms: amd64,arm64
+
+      - name: Extract version from tag
+        id: version
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/}
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          echo "Version: ${VERSION}"
+
+      - name: Build & push release
+        env:
+          DOCKER_BUILDKIT: 1
+          DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TERM: xterm-256color
+          VERSION: ${{ steps.version.outputs.version }}
+        run: make push
+
+      - name: Docker Hub Description
+        uses: peter-evans/dockerhub-description@v4.0.2
+        with:
+          username: ${{ vars.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+          repository: ${{ vars.DOCKER_ORG_NAME }}/${{ github.event.repository.name }}
+          short-description: ${{ github.event.repository.description }}
+
+  update_action_yml:
+    name: Update action.yml with new version
+    needs: build_and_push
+    runs-on: ubuntu-24.04-arm
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract version from tag
+        id: version
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/}
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          echo "Version: ${VERSION}"
+
+      - name: Update action.yml with new version
+        run: |
+          VERSION=${{ steps.version.outputs.version }}
+          sed -i "s|image: docker://devopsinfra/action-commit-push:.*|image: docker://devopsinfra/action-commit-push:${VERSION}|" action.yml
+          git diff action.yml
+
+      - name: Commit updated action.yml
+        uses: ./
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          commit_message: "Update action.yml to use release version ${{ steps.version.outputs.version }}"
+          amend: false

Makefile

@@ -2,7 +2,7 @@
 phony: help
 
 # Release tag for the action
-VERSION := v0.10.0
+VERSION := $(or $(VERSION),v0.11.0)
 
 # GitHub Actions bogus variables
 GITHUB_REF ?= refs/heads/null