From 5eb224b61115f6586861f6a66947640fc7ee7c9c Mon Sep 17 00:00:00 2001
From: julianu <julian.uszkoreit@rub.de>
Date: Wed, 27 Aug 2025 14:48:17 +0000
Subject: [PATCH 01/10] more fixes for ghcr build

---
 .github/workflows/build-docker-image.yml | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
index 5d9c89d..4e2c096 100644
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -3,15 +3,20 @@ name: Docker build and push to quay
 on:
   push:
     branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
   release:
     types: [ "published" ]
 
+
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
 
 jobs:
   build_and_push_docker:
+    if: github.event_name == 'push' || github.event_name == 'release'
+
     runs-on: ubuntu-latest
 
     permissions:
@@ -44,13 +49,17 @@ jobs:
         with:
           context: .
           file: ./docker/python/Dockerfile
-          push: true
+          #push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          labels: |
+            ${{ steps.meta.outputs.labels }}
+            org.opencontainers.image.description=Tools used in the pipeline-of-identification
+            org.opencontainers.image.version=latest
+          platforms: linux/amd64
       
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v2
         with:
           subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           subject-digest: ${{ steps.push.outputs.digest }}
-          push-to-registry: true
+          push-to-registry: ${{ github.event_name != 'pull_request' }}

From 2f5d0e6235a6fff0a0ec25a2be85d6f72295a8f8 Mon Sep 17 00:00:00 2001
From: julianu <julian.uszkoreit@rub.de>
Date: Wed, 27 Aug 2025 14:49:56 +0000
Subject: [PATCH 02/10] activate build

---
 .github/workflows/build-docker-image.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
index 4e2c096..392dcc9 100644
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -15,8 +15,6 @@ env:
 
 jobs:
   build_and_push_docker:
-    if: github.event_name == 'push' || github.event_name == 'release'
-
     runs-on: ubuntu-latest
 
     permissions:

From ba4ba5b899830487a4f670214fb7c3ce936f30eb Mon Sep 17 00:00:00 2001
From: julianu <julian.uszkoreit@rub.de>
Date: Wed, 27 Aug 2025 14:52:50 +0000
Subject: [PATCH 03/10] adding label for title and description

---
 .github/workflows/build-docker-image.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
index 392dcc9..c4e1a04 100644
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -50,9 +50,11 @@ jobs:
           #push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: |
-            ${{ steps.meta.outputs.labels }}
+            org.opencontainers.image.title=pipeline-of-identification
             org.opencontainers.image.description=Tools used in the pipeline-of-identification
             org.opencontainers.image.version=latest
+            org.opencontainers.image.url=${{ github.event.repository.html_url }}
+            org.opencontainers.image.source=${{ github.event.repository.html_url }}
           platforms: linux/amd64
       
       - name: Generate artifact attestation

From f2cc84a12da202151f6057dc0198714f6395258a Mon Sep 17 00:00:00 2001
From: julianu <julian.uszkoreit@rub.de>
Date: Wed, 27 Aug 2025 14:54:47 +0000
Subject: [PATCH 04/10] fix version label

---
 .github/workflows/build-docker-image.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
index c4e1a04..a63fc42 100644
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -52,7 +52,6 @@ jobs:
           labels: |
             org.opencontainers.image.title=pipeline-of-identification
             org.opencontainers.image.description=Tools used in the pipeline-of-identification
-            org.opencontainers.image.version=latest
             org.opencontainers.image.url=${{ github.event.repository.html_url }}
             org.opencontainers.image.source=${{ github.event.repository.html_url }}
           platforms: linux/amd64

From 8519c68bfbfc71fa0fec9383f8036a57b7ac90d4 Mon Sep 17 00:00:00 2001
From: julianu <julian.uszkoreit@rub.de>
Date: Wed, 27 Aug 2025 14:58:57 +0000
Subject: [PATCH 05/10] enable push

---
 .github/workflows/build-docker-image.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
index a63fc42..660c0b0 100644
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -47,7 +47,7 @@ jobs:
         with:
           context: .
           file: ./docker/python/Dockerfile
-          #push: ${{ github.event_name != 'pull_request' }}
+          push: true   # push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: |
             org.opencontainers.image.title=pipeline-of-identification

From e08190dbf19877b3353f64a944448fc48907b970 Mon Sep 17 00:00:00 2001
From: julianu <julian.uszkoreit@rub.de>
Date: Wed, 27 Aug 2025 15:23:06 +0000
Subject: [PATCH 06/10] static labels to metadata

---
 .github/workflows/build-docker-image.yml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
index 660c0b0..249d28b 100644
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -37,6 +37,11 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          labels: |
+            org.opencontainers.image.title=pipeline-of-identification
+            org.opencontainers.image.description=Tools used in the pipeline-of-identification
+            org.opencontainers.image.url=${{ github.event.repository.html_url }}
+            org.opencontainers.image.source=${{ github.event.repository.html_url }}
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -47,14 +52,10 @@ jobs:
         with:
           context: .
           file: ./docker/python/Dockerfile
+          platforms: linux/amd64
           push: true   # push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
-          labels: |
-            org.opencontainers.image.title=pipeline-of-identification
-            org.opencontainers.image.description=Tools used in the pipeline-of-identification
-            org.opencontainers.image.url=${{ github.event.repository.html_url }}
-            org.opencontainers.image.source=${{ github.event.repository.html_url }}
-          platforms: linux/amd64
+          labels: ${{ steps.meta.outputs.labels }}
       
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v2

From 1a3ddc49c93792de63664c1ec40957b4c94b29b2 Mon Sep 17 00:00:00 2001
From: julianu <julian.uszkoreit@rub.de>
Date: Wed, 27 Aug 2025 15:27:58 +0000
Subject: [PATCH 07/10] allow attestations

---
 .github/workflows/build-docker-image.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
index 249d28b..98acaa9 100644
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -20,6 +20,8 @@ jobs:
     permissions:
       contents: read
       packages: write
+      attestations: write
+      id-token: write
 
     steps:
       - name: Checkout repository

From 3dcb407ca431cb8c8f87515098caef015440cde9 Mon Sep 17 00:00:00 2001
From: julianu <julian.uszkoreit@rub.de>
Date: Wed, 27 Aug 2025 15:36:04 +0000
Subject: [PATCH 08/10] always generate latest tag

---
 .github/workflows/build-docker-image.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
index 98acaa9..e05c36f 100644
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -44,6 +44,8 @@ jobs:
             org.opencontainers.image.description=Tools used in the pipeline-of-identification
             org.opencontainers.image.url=${{ github.event.repository.html_url }}
             org.opencontainers.image.source=${{ github.event.repository.html_url }}
+          flavor: | # always generate latest tag
+            latest=true 
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3

From 56f7b8f24ae728ec4d0b6f931d46f11558dd0368 Mon Sep 17 00:00:00 2001
From: julianu <julian.uszkoreit@rub.de>
Date: Wed, 27 Aug 2025 15:59:00 +0000
Subject: [PATCH 09/10] changing creating user

---
 .github/workflows/build-docker-image.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
index e05c36f..2575788 100644
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -31,7 +31,7 @@ jobs:
         uses: docker/login-action@v3
         with:
             registry: ${{ env.REGISTRY }}
-            username: ${{ github.actor }}
+            username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker

From 1d7247219b04737b1b5739540fc98dcc8cb84733 Mon Sep 17 00:00:00 2001
From: julianu <julian.uszkoreit@rub.de>
Date: Wed, 27 Aug 2025 16:11:19 +0000
Subject: [PATCH 10/10] do not push on PR

---
 .github/workflows/build-docker-image.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
index 2575788..8e8ca3a 100644
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -57,11 +57,12 @@ jobs:
           context: .
           file: ./docker/python/Dockerfile
           platforms: linux/amd64
-          push: true   # push: ${{ github.event_name != 'pull_request' }}
+          push: ${{ github.event_name != 'pull_request' }}   # do not push for pull requests
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
       
       - name: Generate artifact attestation
+        if: ${{ github.event_name != 'pull_request' }}      # do not attest for pull requests
         uses: actions/attest-build-provenance@v2
         with:
           subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}