From bc738d3bde3cd80a351277918725d512c3ab8973 Mon Sep 17 00:00:00 2001
From: Vinicius <vncsna@gmail.com>
Date: Mon, 11 Sep 2023 21:09:57 -0300
Subject: [PATCH 1/2] fix: limit staging releases to main branch

---
 .github/workflows/cd-staging.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/cd-staging.yaml b/.github/workflows/cd-staging.yaml
index b4225ba4..3aa91366 100644
--- a/.github/workflows/cd-staging.yaml
+++ b/.github/workflows/cd-staging.yaml
@@ -3,6 +3,8 @@ name: Deployment (Staging)
 on:
   workflow_run:
     workflows: ["Release Image (Staging)"]
+    branches:
+      - main
     types:
       - completed
 

From 9c860462227719db47cd9cbaba6c3473df6e6e74 Mon Sep 17 00:00:00 2001
From: Vinicius <vncsna@gmail.com>
Date: Mon, 11 Sep 2023 21:51:13 -0300
Subject: [PATCH 2/2] fix: set dev branch name by artifact sharing

---
 .github/workflows/cd-dev.yaml      | 35 +++++++++++++++++++++++++++++-
 .github/workflows/release-dev.yaml | 13 +++++++++++
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/cd-dev.yaml b/.github/workflows/cd-dev.yaml
index 6d28f42b..d6e5578c 100644
--- a/.github/workflows/cd-dev.yaml
+++ b/.github/workflows/cd-dev.yaml
@@ -15,10 +15,43 @@ jobs:
       url: https://api.development.basedosdados.org
 
     steps:
+      - name: Download branch name
+        uses: actions/github-script@v6
+        with:
+          script: |
+            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: context.payload.workflow_run.id,
+            });
+            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "branch"
+            })[0];
+            let download = await github.rest.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+            let fs = require('fs');
+            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/artifact.zip`, Buffer.from(download.data));
+
+      - name: Extract branch name
+        run: unzip artifact.zip
+
+      - name: Read branch name
+        uses: actions/github-script@v6
+        id: extract_branch
+        with:
+          script: |
+            let fs = require('fs');
+            let branch = fs.readFileSync('./branch', 'utf8');
+            return branch;
+
       - name: Checkout
         uses: actions/checkout@v3
         with:
-          ref: development
+          ref: ${{ steps.extract_branch.outputs.result }}
 
       - name: Import secrets from Vault
         id: import_secrets
diff --git a/.github/workflows/release-dev.yaml b/.github/workflows/release-dev.yaml
index 72397088..fabf8e27 100644
--- a/.github/workflows/release-dev.yaml
+++ b/.github/workflows/release-dev.yaml
@@ -4,6 +4,7 @@ on:
   pull_request:
     types:
       - labeled
+  workflow_dispatch:
 
 jobs:
   release-docker:
@@ -36,3 +37,15 @@ jobs:
             org.opencontainers.image.revision=${{ github.sha }}
           build-args: |
             BUILDKIT_INLINE_CACHE=1
+
+      - name: Save branch name artifact
+        run: |
+          mkdir -p ./branch
+          echo -n ${{ github.event.pull_request.head.ref }} > ./branch/branch
+
+      - name: Upload branch name artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: branch
+          path: branch/
+          retention-days: 1