feat: add scheduled job to rebuild latest release Docker image

.github/workflows/docker-image.yaml

@@ -3,6 +3,10 @@ name: "Create and publish docker image"
 on:
   release:
     types: [published]
+  schedule:
+    # Run at 2:00 AM UTC on the 1st of each month
+    - cron: '0 2 1 * *'
+  workflow_dispatch:
 
 permissions:
   contents: read
@@ -12,8 +16,41 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
+      - name: Get latest release tag
+        if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
+        id: latest_release
+        run: |
+          LATEST_TAG=$(curl -s https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r .tag_name)
+          echo "RELEASE_TAG=$LATEST_TAG" >> $GITHUB_OUTPUT
+
+      - name: Set release tag variable
+        id: release_tag
+        run: |
+          if [ "${{ github.event_name }}" == "schedule" ] || [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
+            echo "TAG=${{ steps.latest_release.outputs.RELEASE_TAG }}" >> $GITHUB_OUTPUT
+          else
+            echo "TAG=${{ github.event.release.tag_name }}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Generate semantic version tags
+        if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
+        id: semantic_tags
+        run: |
+          TAG=${{ steps.latest_release.outputs.RELEASE_TAG }}
+          # Remove 'v' prefix if present
+          VERSION=${TAG#v}
+
+          # Extract major and minor versions
+          MAJOR=$(echo $VERSION | cut -d. -f1)
+          MINOR=$(echo $VERSION | cut -d. -f2)
+
+          echo "MAJOR_TAG=$MAJOR" >> $GITHUB_OUTPUT
+          echo "MINOR_TAG=$MAJOR.$MINOR" >> $GITHUB_OUTPUT
+
       - name: Check out code
         uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.release_tag.outputs.TAG }}
 
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
@@ -49,4 +86,8 @@ jobs:
           file: docker/php/package.Dockerfile
           push: true
           platforms: linux/amd64,linux/arm64
-          tags: ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }},ghcr.io/${{ github.repository }}:latest
+          tags: |
+            ${{ github.event_name == 'release' && format('ghcr.io/{0}:{1}', github.repository, steps.release_tag.outputs.TAG) || '' }}
+            ${{ (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && format('ghcr.io/{0}:{1}', github.repository, steps.semantic_tags.outputs.MAJOR_TAG) || '' }}
+            ${{ (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && format('ghcr.io/{0}:{1}', github.repository, steps.semantic_tags.outputs.MINOR_TAG) || '' }}
+            ghcr.io/${{ github.repository }}:latest

README.md

@@ -73,6 +73,16 @@ For example, you can trigger a package generation for your BitBucket project by
 
 You can run satisfy using prebuilt docker image. Here is an example how to setup it.
 
+### Available Docker Image Tags
+
+The following Docker image tags are available:
+
+- **Specific version tags** (e.g., `3.7.0`, `3.6.1`): Immutable tags that point to exact release versions
+- **Semantic version tags** (e.g., `3`, `3.7`): Moving tags that are automatically updated every 30 days to point to the latest stable release in that version series
+- **`latest`**: Always points to the most recent stable release, rebuilt every 30 days
+
+**Recommendation**: Use specific version tags (e.g., `ghcr.io/project-satisfy/satisfy:3.7.0`) for production environments to ensure consistency, or semantic version tags (e.g., `ghcr.io/project-satisfy/satisfy:3.7`) if you want to automatically receive patch updates.
+
 1. Create dir for configuration files
 2. Add parameters.yml file, can be copied from config/parameters.yml.dist
 3. Add auth.json with all required composer authentication tokens