[Feature]: Branch-conditional image tags for registry push

[FabianHertwig]

Is your feature request related to a problem?

When using "Push to Registry" with preview deployments enabled, the custom tag (e.g., latest) is applied to all builds - including preview deployments. This causes problems when using registry webhooks to trigger production deployments, as preview builds incorrectly trigger production deploys.

Evidence from Azure Container Registry:

Tags                                          Digest                                                                   Last modified
latest                                        sha256:54ddf5d576def52e71e9128392f6c9d2d64c9f9b753e3351e9afbedbc8f32720   12/12/2025, 7:17 PM
pr-533                                        sha256:54ddf5d576def52e71e9128392f6c9d2d64c9f9b753e3351e9afbedbc8f32720   12/12/2025, 7:17 PM

Both latest and pr-533 have the same digest and timestamp - the preview deployment pushed both tags.

Describe the solution you'd like

Add an option to only apply the custom tag on builds from the main/production branch:

• "Apply tag only on main branch" checkbox in the Docker Registry settings
• Or: separate tag fields for "Main branch tag" vs "Preview deployment tag"

This would allow:

• Preview deployments: tagged with pr-XXX + commit SHA only
• Main branch: tagged with commit SHA + latest (or custom tag)

Describe alternatives you've considered

1. Using GitHub Actions for builds instead of Coolify - Works but loses Coolify's native preview deployment features (auto-cleanup, PR comments, etc.)
2. Creating separate Coolify resources for previews vs main - Duplicates configuration and is error-prone
3. Not using registry push at all - Can't do multi-server deployments where a build server pushes to registry and production servers pull

Use case

Multi-server deployment architecture:

1. Build VM runs Coolify, builds images, pushes to Azure Container Registry
2. ACR webhooks (scoped to image:latest) trigger production deployments on separate VMs
3. Preview deployments should NOT trigger production deploys

Without branch-conditional tagging, every preview build pushes latest and triggers all production webhooks.

Additional context

This is a common enterprise deployment pattern (build server → registry → multiple production servers) that Coolify currently doesn't support well due to this limitation.

[coderabbitai]

📝 CodeRabbit Plan Mode

Generate an implementation plan and prompts that you can use with your favorite coding agent.

• Create Plan

Examples

• Example 1
• Example 2

🔗 Similar Issues

Related Issues

• [Bug]: Dockerfile from main branch in PR deployments #5538
• [Improvement]: Option to require maintainer approval before preview deployments #6546
• [Bug]: Preview Deployments does not work with multi Docker Compose files #6070
• Feature Request: Custom Docker Build Options with Interpolation Support #6485

🔗 Related PRs

#4771 - fix: pull latest image from registry when using build server [merged]

👤 Suggested Assignees

• ton77v
• andrasbacsai
• arthur-fontaine
• sponte
• lucienbl

---

🧪 Issue enrichment is currently in early access.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false