From a32bab422fd09a3af32fe979b9ff465fef27ee21 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Fri, 23 May 2025 18:09:37 +0000
Subject: [PATCH] Squashed '.ci/' changes from 15e4d1f..67529a0

67529a0 Fix: revert to std trivyignore file due to new flag handling
9725c2e fix: ensure we dont remove rc builds
a5cd89d feat: improve tag parsing, ensure dirty is added if needed

git-subtree-dir: .ci
git-subtree-split: 67529a07cfa28b3324b87f7d56dcaa3673ff987a
---
 ecr_public_lifecycle.py | 3 ++-
 podman.mk               | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/ecr_public_lifecycle.py b/ecr_public_lifecycle.py
index 7397dc4..40bfc59 100755
--- a/ecr_public_lifecycle.py
+++ b/ecr_public_lifecycle.py
@@ -41,7 +41,8 @@ for image in sorted(images, key=lambda d: d['imagePushedAt'], reverse=True):
         _delete = True
         for tag in image["imageTags"]:
             # Look for at least one tag NOT beign a SemVer dev tag
-            if "-" not in tag:
+            # untagged dev builds get tagged as <tag>-g<commit>
+            if "-g" not in tag and "dirty" not in tag:
                 _delete = False
         if _delete:
             print("Deleting development image {}".format(image["imageTags"]))
diff --git a/podman.mk b/podman.mk
index ed5aa26..964312e 100644
--- a/podman.mk
+++ b/podman.mk
@@ -8,8 +8,8 @@ SHELL := bash
 .PHONY: all # All targets are accessible for user
 .DEFAULT: help # Running Make will run the help target
 
-# Parse version from latest git semver tag
-GIT_TAG ?= $(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null)
+# Parse version from latest git semver tag, use short commit otherwise
+GIT_TAG ?= $(shell git describe --tags --match v*.*.* --dirty 2>/dev/null || git describe --match="" --always --dirty 2>/dev/null)
 GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
 
 TAG ::= $(GIT_TAG)
@@ -49,7 +49,7 @@ test:: ## test built artificats
 
 scan: ## Scan image using trivy
 	echo "Scanning $(IMAGE):$(TAG)-$(_ARCH) using Trivy $(TRIVY_REMOTE)"
-	trivy image $(TRIVY_OPTS) --quiet --no-progress --ignorefile ./.trivyignore.yaml localhost/$(IMAGE):$(TAG)-$(_ARCH)
+	trivy image $(TRIVY_OPTS) --quiet --no-progress localhost/$(IMAGE):$(TAG)-$(_ARCH)
 
 # first tag and push all actual images
 # create new manifest for each tag and add all available TAG-ARCH before pushing