Implement DEV tags for RHEL

- forks / PR's won't build. Only checking the Dockerfile
- pushes to other branches than Main will build and push a DEV_ tag
- pushed to Main will update the tag with skopeo copy on the same upstream registry

.github/workflows/bbw_build_container_rhel.yml

@@ -4,12 +4,20 @@ name: bbw-build-container-rhel
 on:
   push:
     paths:
+      - 'ci_build_images/rhel7.Dockerfile'
+      - 'ci_build_images/rhel.Dockerfile'
+      - 'ci_build_images/pip.Dockerfile'
+      - 'ci_build_images/qpress.Dockerfile'
+      - 'ci_build_images/buildbot-worker.Dockerfile'
       - .github/workflows/bbw_build_container_rhel.yml
-      - "ci_build_images/**"
   pull_request:
     paths:
+      - 'ci_build_images/rhel7.Dockerfile'
+      - 'ci_build_images/rhel.Dockerfile'
+      - 'ci_build_images/pip.Dockerfile'
+      - 'ci_build_images/qpress.Dockerfile'
+      - 'ci_build_images/buildbot-worker.Dockerfile'
       - .github/workflows/bbw_build_container_rhel.yml
-      - "ci_build_images/**"
 
 jobs:
   build:
@@ -39,11 +47,16 @@ jobs:
             platforms: linux/amd64, linux/arm64/v8, linux/ppc64le, linux/s390x
             nogalera: false
     env:
+      MAIN_BRANCH: false
       BUILD_RHEL: false
       DEPLOY_IMAGES: false
       WORKDIR: ci_build_images
 
     steps:
+      - name: Enable Production release - no rebuild
+        run: echo "MAIN_BRANCH=true" >> $GITHUB_ENV
+        if: github.ref == 'refs/heads/main'
+
       - uses: actions/checkout@v4
       - name: Set up env vars
         run: |
@@ -59,10 +72,10 @@ jobs:
             echo "IMG=${TAG_TMP/:/}" >>$GITHUB_ENV
           fi
           echo "REPO=bb-worker" >>$GITHUB_ENV
+
       - name: Check for rhel subscription credentials
         if: >
-          github.repository == 'mariadb/buildbot' &&
-          github.ref == 'refs/heads/main'
+          github.repository == 'mariadb/buildbot'
         run: |
           missing=()
           [[ -n "${{ secrets.RHEL_ORGID }}" ]] || missing+=(RHEL_ORGID)
@@ -72,31 +85,38 @@ jobs:
           done
           (( ${#missing[@]} == 0 )) || exit 1
           echo "BUILD_RHEL=true" >> $GITHUB_ENV
+
       - name: Generate Dockerfile and necessary files
+        if: ${{ env.MAIN_BRANCH == 'false' }}
         run: |
           cd ${{ env.WORKDIR }}
           cat ${{ matrix.dockerfile }} qpress.Dockerfile buildbot-worker.Dockerfile >$GITHUB_WORKSPACE/Dockerfile
           if [ "${{ matrix.nogalera }}" == true ]; then
             sed -i -e '/ci.mariadb.org\/galera/d' -e '/WSREP_PROVIDER/d' -e '/galera-4/d' $GITHUB_WORKSPACE/Dockerfile
           fi
           cp -r qpress $GITHUB_WORKSPACE
+          
       - name: Check Dockerfile with hadolint
+        if: ${{ env.MAIN_BRANCH == 'false' }}
         run: |
           docker run -i -v $(pwd):/mnt -w /mnt ghcr.io/hadolint/hadolint:latest hadolint /mnt/Dockerfile
+
       - name: Install qemu-user-static
-        if: ${{ env.BUILD_RHEL == 'true' }}
+        if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }}
         run: |
           sudo apt-get update
           sudo apt-get install -y qemu-user-static
+
       - name: Make sure that time is in sync
-        if: ${{ env.BUILD_RHEL == 'true' }}
+        if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }}
         run: |
           # RHEL subscription needs that time and date
           # is correct and is syncing with an NTP-server
           # https://access.redhat.com/discussions/672313#comment-2360508
           sudo chronyc -a makestep
+
       - name: Build image
-        if: ${{ env.BUILD_RHEL == 'true' }}
+        if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }}
         run: |
           # create secrets
           echo "${{ secrets.RHEL_ORGID }}" >rhel_orgid
@@ -117,14 +137,16 @@ jobs:
           done
           rm -f rhel_orgid rhel_keyname
           podman images
+
       - name: Push images to local registry
-        if: ${{ env.BUILD_RHEL == 'true' }}
+        if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }}
         run: |
           podman manifest push --tls-verify=0 \
             --all ${{ env.REPO }}:${{ env.IMG }} \
             docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }}
+
       - name: Check multi-arch container
-        if: ${{ env.BUILD_RHEL == 'true' }}
+        if: ${{ env.BUILD_RHEL == 'true' && env.MAIN_BRANCH == 'false' }}
         run: |
           # make some space on the runner
           if [[ -d $HOME/.local/share/containers ]]; then
@@ -141,6 +163,7 @@ jobs:
             docker run -i "$image" dumb-init twistd --pidfile= -y /home/buildbot/buildbot.tac
             docker run -u root -i "$image" bash -c "touch /tmp/foo && qpress -r /tmp /root/qpress.qp"
           done
+
       - name: Check for registry credentials
         if: ${{ env.BUILD_RHEL == 'true' }}
         run: |
@@ -155,35 +178,59 @@ jobs:
           else
             echo "Not pushing images to registry"
           fi
+
       - name: Login to ghcr.io
         if: ${{ env.DEPLOY_IMAGES == 'true' }}
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Push images to ghcr.io
-        if: ${{ env.DEPLOY_IMAGES == 'true' }}
+
+      - name: ghcr.io - push dev tag
+        if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'false' }}
         run: |
           msg="Push docker image to ghcr.io (${{ env.IMG }})"
           line="${msg//?/=}"
           printf "\n${line}\n${msg}\n${line}\n"
           skopeo copy --all --src-tls-verify=0 \
             docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} \
+            docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:dev_${{ env.IMG }}
+
+      - name: ghcr.io - move tag to production
+        if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'true' }}
+        run: |
+          msg="Push docker image to ghcr.io (${{ env.IMG }})"
+          line="${msg//?/=}"
+          printf "\n${line}\n${msg}\n${line}\n"
+          skopeo copy --all --src-tls-verify=0 \
+            docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:dev_${{ env.IMG }} \
             docker://ghcr.io/${GITHUB_REPOSITORY,,}/${{ env.REPO }}:${{ env.IMG }}
+
       - name: Login to registry
         if: ${{ env.DEPLOY_IMAGES == 'true' }}
         uses: docker/login-action@v2
         with:
           registry: quay.io
           username: ${{ secrets.QUAY_USER }}
           password: ${{ secrets.QUAY_TOKEN }}
-      - name: Push images to quay.io
-        if: ${{ env.DEPLOY_IMAGES == 'true' }}
+
+      - name: quay.io - push dev tag
+        if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'false' }}
         run: |
           msg="Push docker image to quay.io (${{ env.IMG }})"
           line="${msg//?/=}"
           printf "\n${line}\n${msg}\n${line}\n"
           skopeo copy --all --src-tls-verify=0 \
           docker://localhost:5000/${{ env.REPO }}:${{ env.IMG }} \
-          docker://quay.io/mariadb-foundation/${{ env.REPO }}:${{ env.IMG }}
+          docker://quay.io/mariadb-foundation/${{ env.REPO }}:dev_${{ env.IMG }}
+
+      - name: quay.io - push dev tag
+        if: ${{ env.DEPLOY_IMAGES == 'true' && env.MAIN_BRANCH == 'true' }}
+        run: |
+          msg="Push docker image to quay.io (${{ env.IMG }})"
+          line="${msg//?/=}"
+          printf "\n${line}\n${msg}\n${line}\n"
+          skopeo copy --all --src-tls-verify=0 \
+            docker://quay.io/mariadb-foundation/${{ env.REPO }}:dev_${{ env.IMG }} \
+            docker://quay.io/mariadb-foundation/${{ env.REPO }}:${{ env.IMG }}