Makefile, push: Prevent overwriting existing version tags

The IMAGE_GIT_TAG is generated using `git describe` to create a virtual
tag for the image, and used in order to tag every push to the repository
for later use.
However, when an actual git tag exists (e.g., v0.45.0), git describe
returns that tag. This behavior makes it possible to accidentally
overwrite push an existing version tag in the registry.

Flow Leading to the Issue:
1. A new kmp release is created, pushing a new tag (e.g., v0.45.0).
2. A stable branch is created from that commit, pushing a new stable
branch tag (e.g., release-0.45_latest).
2.1 . During this push, IMAGE_GIT_TAG resolves to this Git tag (e.g.,
v0.45.0) due to git describe.
2.2 Makefile attempts to push the image with this tag (e.g., v0.45.0) to
the registry, overwriting the original tag sha256 digest.

To address this, introducing a check to ensure such tags are not
overwritten, preserving the integrity of published versions.

Signed-off-by: Ram Lavi <[email protected]>

Makefile

@@ -93,8 +93,14 @@ container: manager
 # Push the docker image
 docker-push:
 	$(OCI_BIN) push ${TLS_SETTING} ${REGISTRY}/${IMG}:${IMAGE_TAG}
-	$(OCI_BIN) tag ${REGISTRY}/${IMG}:${IMAGE_TAG} ${REGISTRY}/${IMG}:${IMAGE_GIT_TAG}
-	$(OCI_BIN) push ${TLS_SETTING} ${REGISTRY}/${IMG}:${IMAGE_GIT_TAG}
+	@if skopeo inspect docker://${REGISTRY}/${IMG}:${IMAGE_GIT_TAG} >/dev/null 2>&1; then \
+	    echo "Tag '${IMAGE_GIT_TAG}' already exists. Skipping tagging and push."; \
+	elif skopeo inspect docker://${REGISTRY}/${IMG}:${IMAGE_GIT_TAG} 2>&1 | grep -q "manifest unknown"; then \
+	    $(OCI_BIN) tag ${REGISTRY}/${IMG}:${IMAGE_TAG} ${REGISTRY}/${IMG}:${IMAGE_GIT_TAG}; \
+	    $(OCI_BIN) push ${TLS_SETTING} ${REGISTRY}/${IMG}:${IMAGE_GIT_TAG}; \
+	else \
+	    echo "Error checking for tag '${IMAGE_GIT_TAG}'. Aborting to avoid potential overwrite."; \
+	fi
 
 cluster-up:
 	./cluster/up.sh