Symptom
ghcr.io/bitsocialnet/bitsocial-cli:latest (and the explicit version tag, e.g. :0.19.57) report the previous version when run:
$ docker run --rm --entrypoint='' ghcr.io/bitsocialnet/bitsocial-cli:0.19.57 bitsocial --version
@bitsocial/bitsocial-cli/0.19.56 linux-x64 node-v22.22.3
:latest and :0.19.57 share digest sha256:cddbdb6b15be8a339ced1dbeaaa2b3d2a512b0a25253ccaf93420222024e3ef5. The npm publish for 0.19.57 is correct — only the Docker image is wrong. The same off-by-one applies to every prior release.
Root cause
.github/workflows/docker-publish.yml is triggered by workflow_run on the CI build workflow. After CI build runs npm run release -- --ci (which bumps package.json, makes the chore(release): X.Y.Z [skip ci] commit, pushes the vX.Y.Z tag, and publishes to npm), the docker-publish workflow checks out github.event.workflow_run.head_sha — which is the pre-release SHA, not the release commit. docker/metadata-action then labels that older source with the new tag pulled in by WyriHaximus/github-action-get-previous-tag.
Why on: push: tags: ['v*'] alone won't fix it
The release commit message contains [skip ci] (see config/.release-it.json hooks.before:git:release). GitHub Actions skips push events — including tag pushes — when the pointed-to commit has that marker. Without [skip ci] the release commit would re-trigger CI and loop the release process.
Fix
Trigger docker-publish on release: types: [published] (release-it has github.release: true, so a real GitHub Release is created — and release events are unaffected by [skip ci]). Check out github.event.release.tag_name in both jobs so the build uses the actual release commit. Also add workflow_dispatch with a tag input so old releases can be re-published manually.
Symptom
ghcr.io/bitsocialnet/bitsocial-cli:latest(and the explicit version tag, e.g.:0.19.57) report the previous version when run::latestand:0.19.57share digestsha256:cddbdb6b15be8a339ced1dbeaaa2b3d2a512b0a25253ccaf93420222024e3ef5. The npm publish for0.19.57is correct — only the Docker image is wrong. The same off-by-one applies to every prior release.Root cause
.github/workflows/docker-publish.ymlis triggered byworkflow_runon theCI buildworkflow. AfterCI buildrunsnpm run release -- --ci(which bumpspackage.json, makes thechore(release): X.Y.Z [skip ci]commit, pushes thevX.Y.Ztag, and publishes to npm), the docker-publish workflow checks outgithub.event.workflow_run.head_sha— which is the pre-release SHA, not the release commit.docker/metadata-actionthen labels that older source with the new tag pulled in byWyriHaximus/github-action-get-previous-tag.Why
on: push: tags: ['v*']alone won't fix itThe release commit message contains
[skip ci](seeconfig/.release-it.jsonhooks.before:git:release). GitHub Actions skipspushevents — including tag pushes — when the pointed-to commit has that marker. Without[skip ci]the release commit would re-trigger CI and loop the release process.Fix
Trigger docker-publish on
release: types: [published](release-it hasgithub.release: true, so a real GitHub Release is created — andreleaseevents are unaffected by[skip ci]). Check outgithub.event.release.tag_namein both jobs so the build uses the actual release commit. Also addworkflow_dispatchwith ataginput so old releases can be re-published manually.