Fix CI: produce one Docker image tag per release, run tests and build validation on PRs

[Copilot]

docker/metadata-action@v5 defaults generate 3 tags per semver release ({{version}}, {{major}}.{{minor}}, and ref), creating 3 separate registry assets. Tests were also running on every branch push when they should run on PRs and before deployment only.

Changes

• publish-ghcr.yml

  • Added test job (Nix + Django tests) as a required predecessor to build-and-push via needs: [test]
  • Pinned metadata-action to emit a single tag:

    tags: |
      type=semver,pattern={{version}}

    Produces exactly 1.2.3 from tag v1.2.3 — no major.minor or ref variants

• test.yml

  • Triggers on pull_request events (opened, synchronize, reopened, ready_for_review) and workflow_dispatch for manual runs — not on every branch push
  • Added a build job that runs docker/build-push-action with push: false to validate the Dockerfile builds cleanly on every PR without storing any image asset
  • Automated test + build execution is also handled by the publish workflow before every deploy

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Automated build process produces 3 releases instead of one</issue_title>
<issue_description>Each release will actually produce 3 assets, only one with roper tag. the other two with commit hashes, which have to be manually removed. We need:

• test target is fine. It can run, but it doesn't have to run all the time. We can have broken commits, thats fine. It only needs to run before deployment.
• deploy on tagging, asset needs to have version as name. I expect one asset per release.</issue_description>

<agent_instructions>Follow instructions in description. Document any non-obvious part.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes Automated build process produces 3 releases instead of one #59

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[zgypa]

@copilot i think having tests run for each PR generation is OK, as long as its not for each push and it doesn't generate assets. Should only run the django test suites and build, then discard assets. That would ensure that no reviews and requested on something that doesn't even build.

[Copilot]

@copilot i think having tests run for each PR generation is OK, as long as its not for each push and it doesn't generate assets. Should only run the django test suites and build, then discard assets. ...

Done in 12c0fd7. test.yml now triggers on all PRs and also runs a Docker build (with push: false) to catch Dockerfile issues before review — no image is stored. Manual dispatch is still available. The publish workflow continues to run tests + build + push only on v* tag pushes.

[zgypa]

LGTM