- Remove docker/login-action, docker/metadata-action, docker/build-push-action
- Rename build-push to build (just docker build, no push)
- Tag job now depends on build
- Push to DockerHub is handled solely by tag.yaml now
The SHA was corrupted since the original pipeline creation (PR #8).
Verified with `git ls-remote` that the correct SHA is:
d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5
GITHUB_TOKEN is the internal actions runner token — pushes made with it
don't trigger new workflow runs (by design, prevents infinite loops).
Using a real user PAT (SA_TOKEN_ACTION_PUSH_TAGS) makes the tag push
trigger the tag.yaml workflow correctly.
Fixes the issue where tag pushes from the 'tag' job didn't launch the
'Tag Release' pipeline (tag.yaml).