[RELEASE] publish container images tagged with the major version

Now that semantic versions are used, the major version must be used
instead of major.minor to distinguish releases with breaking changes.

Before:

Forgejo v1.21.1-0, tags 1.21.1-0 and 1.21
Forgejo v1.21.2-0, tags 1.21.2-0 and 1.21
Forgejo v1.22.1-0, tags 1.22.1-0 and 1.22

After

Forgejo v7.0.0 tags 7.0.0 and 7
Forgejo v7.0.1 tags 7.0.1 and 7
Forgejo v7.1.2 tags 7.1.2 and 7
Forgejo v8.0.1 tags 8.0.1 and 8

.forgejo/workflows/publish-release.yml

@@ -42,16 +42,19 @@ jobs:
       - uses: actions/checkout@v3
 
       - name: copy & sign
-        uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v1
+        uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v4
         with:
-          forgejo: ${{ vars.FORGEJO }}
+          from-forgejo: ${{ vars.FORGEJO }}
+          to-forgejo: ${{ vars.FORGEJO }}
           from-owner: ${{ vars.FROM_OWNER }}
           to-owner: ${{ vars.TO_OWNER }}
           repo: ${{ vars.REPO }}
-          ref-name: ${{ github.ref_name }}
           release-notes: "See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#{ANCHOR}"
-          doer: ${{ vars.DOER }}
-          token: ${{ secrets.TOKEN }}
+          ref-name: ${{ github.ref_name }}
+          sha: ${{ github.sha }}
+          from-token: ${{ secrets.TOKEN }}
+          to-doer: ${{ vars.DOER }}
+          to-token: ${{ secrets.TOKEN }}
           gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
           gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
           verbose: ${{ vars.VERBOSE }}