modified ci.yaml,ci manual.yaml,artifacts.yaml files

.github/workflows/artifacts.yaml

@@ -3,11 +3,20 @@ name: Artifacts
 on:
   workflow_call:
     inputs:
+      branch:
+        description: "Branch to build image from"
+        required: false
+        type: string
       publish:
         description: Publish artifacts to the artifact store
         default: false
         required: false
         type: boolean
+      release_name:
+        description: "A overridden tag name for the release"
+        required: false
+        type: string
+
     secrets:
       AWS_ROLE_ARN:
         required: true
@@ -55,6 +64,8 @@ jobs:
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.inputs.branch || 'master' }}  # Ensure input branch is properly referenced
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -82,29 +93,40 @@ jobs:
         id: platform-name
         run: echo "PLATFORM_TAG=${{ matrix.platform }}" | sed 's/\//-/g' >> $GITHUB_ENV
 
-      - name: Extract Short SHA for Unique Tagging
-        id: short-sha
-        run: echo "SHORT_SHA=$(echo $GITHUB_SHA | cut -c1-7)" >> $GITHUB_ENV
+      # - name: Extract Short SHA for Unique Tagging
+      #   id: short-sha
+      #   run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+      - name: Determine Image Tag
+        id: image-tag
+        run: |
+          if [[ -n "${{ inputs.release_name }}" ]]; then
+            echo "IMAGE_TAG=${{ inputs.release_name }}" >> $GITHUB_ENV
+          else
+            echo "IMAGE_TAG=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+          fi
+
 
       - name: Determine build output
         uses: haya14busa/action-cond@v1
         id: build-output
         with:
-          cond: ${{ github.event_name == 'push' }}
+          cond: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
           if_true: type=image,push=true
           if_false: type=oci,dest=image.tar
-
+    
       - name: Build Image
         id: build
         uses: docker/build-push-action@v6
         with:
           context: .
           platforms: ${{ matrix.platform }}
           tags: |
-            ${{ steps.image-name.outputs.value }}:${{ matrix.variant }}-${{ env.PLATFORM_TAG }}-${{ env.SHORT_SHA }}
-            ${{ steps.image-name.outputs.value }}:${{ matrix.variant }}-${{ env.PLATFORM_TAG }}-latest
+            ${{ steps.image-name.outputs.value }}:${{ matrix.variant }}-${{ env.PLATFORM_TAG }}-${{ env.IMAGE_TAG }}
+         #  ${{ steps.image-name.outputs.value }}:${{ matrix.variant }}-${{ env.PLATFORM_TAG }}-${{ env.SHORT_SHA }}
+         #  ${{ steps.image-name.outputs.value }}:${{ matrix.variant }}-${{ env.PLATFORM_TAG }}-latest
           build-args: |
             BASE_IMAGE=${{ matrix.variant }}
+            GIT_COMMIT_SHA=${{ env.SHORT_SHA }}  # Explicitly pass SHA
           outputs: ${{ steps.build-output.outputs.value }}
           provenance: false  # Prevents unnecessary provenance attestations
 
@@ -166,9 +188,10 @@ jobs:
         with:
           sarif_file: trivy-results.sarif
 
-      - name: Upload Image as Artifact
+      - name: Upload Image as Artifact (Only for PRs)
         uses: actions/upload-artifact@v4
         with:
           name: "OCI-Image-${{ matrix.variant }}-${{ env.PLATFORM_TAG }}"
           path: image.tar
-
+        if: github.event_name == 'pull_request'
+

.github/workflows/ci manual.yaml

@@ -1,24 +1,19 @@
 name: CI Manual
-
 on:
   workflow_dispatch:
     inputs:
-      dex_repo:
-        description: "dex_repo sha used for building the binary"
+      branch:
+        description: "Branch to build image from"
         required: true
-        default: "main"
-        type: string  
-  push:
-    branches: [ master ]
-  pull_request:
-
-
+        default: "master"
+      release_name:
+        description: "A overridden tag name for the release for e.g. v10.0.0-beta.1-hot-fix"
+        required: false
+        type: string
+
 permissions:
   contents: read
 
-
-
-
 jobs:
   test:
     name: Test
@@ -76,18 +71,15 @@ jobs:
         options: --health-cmd "curl --fail http://localhost:5000/v3" --health-interval 10s --health-timeout 5s --health-retries 5
 
     steps:
-      - name: Checkout dex branch
-        uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-           repository: openobserve/dex
-           ref: ${{ github.event.inputs.dex_repo }}
-           fetch-depth: 0
-           path: dex
+          ref: ${{ github.event.inputs.branch }}  # Checkout the selected branch
 
       - name: Set up Go
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
-          go-version: "1.21"
+          go-version: "1.24"
 
       - name: Download tool dependencies
         run: make deps
@@ -99,7 +91,7 @@ jobs:
         run: docker compose -f docker-compose.test.yaml up -d
 
       - name: Create kind cluster
-        uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
         with:
           version: "v0.17.0"
           node_image: "kindest/node:v1.25.3@sha256:cd248d1438192f7814fbca8fede13cfe5b9918746dfa12583976158a834fd5c5"
@@ -150,12 +142,14 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ github.event.inputs.branch }}  # Ensure correct branch is checked out
 
       - name: Set up Go
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
-          go-version: "1.21"
+          go-version: "1.24"
 
       - name: Download golangci-lint
         run: make bin/golangci-lint
@@ -167,7 +161,10 @@ jobs:
     name: Artifacts
     uses: ./.github/workflows/artifacts.yaml
     with:
-      publish: ${{ github.event_name == 'push' }}
+      branch: ${{ github.event.inputs.branch }}  # Pass branch input to artifacts.yaml
+      publish: true 
+      release_name: ${{ github.event.inputs.release_name }}  # Pass release_name to artifacts.yaml
+
     secrets:
       AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }}
       AWS_REGION: ${{ secrets.AWS_REGION }}
@@ -177,15 +174,4 @@ jobs:
       packages: write
       id-token: write
       security-events: write
-
-  dependency-review:
-    name: Dependency review
-    runs-on: ubuntu-latest
-    if: github.event_name == 'pull_request'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-
-      - name: Dependency Review
-        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
+

.github/workflows/ci.yaml

@@ -173,3 +173,4 @@ jobs:
 
       - name: Dependency Review
         uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
+