From 8cec76db7f8c45f9d263b3f92377f58bfe4cea4e Mon Sep 17 00:00:00 2001 From: Dan C Williams Date: Thu, 26 Feb 2026 12:02:54 -0600 Subject: [PATCH] Fix invalid Docker tag for PRs with slashes in ref name github.ref_name returns '4/merge' for PR events, which is invalid in a Docker tag. Sanitize using the head ref (branch name) with slashes replaced by dashes. --- .github/workflows/build.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index c36a933..eee4704 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -31,6 +31,9 @@ jobs: - name: Set version run: echo "version=$(cat VERSION)" >> $GITHUB_ENV + - name: Sanitize ref for Docker tag + run: echo "SAFE_TAG=$(echo "${GITHUB_HEAD_REF:-$GITHUB_REF_NAME}" | tr '/' '-')" >> $GITHUB_ENV + - name: Docker meta id: meta uses: docker/metadata-action@v5 @@ -55,7 +58,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} context: ./build file: ./build/Dockerfile - tags: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.ref_name }}" + tags: "${{ env.DOCKER_REPO_DEV }}:dev-${{ env.SAFE_TAG }}" push: true build-args: | version=${{ env.version }} @@ -63,7 +66,7 @@ jobs: - name: Run Trivy vulnerability scan uses: aquasecurity/trivy-action@0.30.0 with: - image-ref: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.ref_name }}" + image-ref: "${{ env.DOCKER_REPO_DEV }}:dev-${{ env.SAFE_TAG }}" format: 'sarif' exit-code: 0 severity: 'CRITICAL,HIGH'