NGWPC · kevinspurrier · Sep 18, 2025 · Sep 18, 2025
diff --git a/.github/workflows/cicd-container.yml b/.github/workflows/cicd-container.yml
@@ -37,20 +37,20 @@ jobs:
                 IMAGE_BASE="${REGISTRY}/${ORG}/${REPO}"
                 echo "image_base=${IMAGE_BASE}" >> "$GITHUB_OUTPUT"
 
+                COMMIT_SHA="${GITHUB_SHA}"
+                SHORT_SHA="${COMMIT_SHA:0:12}"
+                echo "commit_sha=${COMMIT_SHA}" >> "$GITHUB_OUTPUT"
+                echo "commit_sha_short=${SHORT_SHA}" >> "$GITHUB_OUTPUT"
+
+                # Logic to set the primary tag for testing and scanning steps
                 if [ "${GITHUB_EVENT_NAME}" = "pull_request" ]; then
                     PR_NUM="${{ github.event.pull_request.number }}"
-                    PR_TAG="pr-${PR_NUM}-build"
-                    echo "pr_tag=${PR_TAG}" >> "$GITHUB_OUTPUT"
-                    echo "test_image_tag=${PR_TAG}" >> "$GITHUB_OUTPUT"
-                fi
-
-                if [ "${GITHUB_EVENT_NAME}" = "push" ]; then
-                    COMMIT_SHA="${GITHUB_SHA}"
-                    SHORT_SHA="${COMMIT_SHA:0:12}"
-                    echo "commit_sha=${COMMIT_SHA}" >> "$GITHUB_OUTPUT"
-                    echo "commit_sha_short=${SHORT_SHA}" >> "$GITHUB_OUTPUT"
-                    echo "test_image_tag=${SHORT_SHA}" >> "$GITHUB_OUTPUT"
+                    TEST_TAG="pr-${PR_NUM}-build"
+                # For manual runs or pushes, use the short commit SHA
+                else
+                    TEST_TAG="${SHORT_SHA}"
                 fi
+                echo "test_image_tag=${TEST_TAG}" >> "$GITHUB_OUTPUT"
 
     build-and-scan-troute-rnr:
         name: Build and Scan troute-rnr Container
@@ -82,7 +82,7 @@ jobs:
 
     codeql-scan:
         name: CodeQL Scan
-        if: github.event_name == 'pull_request' || github.event_name == 'push'
+        if: github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'workflow_dispatch'
         runs-on: ubuntu-latest
         permissions:
             actions: read
@@ -94,38 +94,22 @@ jobs:
             uses: actions/setup-python@v5
             with:
               python-version: ${{ env.PYTHON_VERSION }}
-        #   - name: Install uv
-        #     uses: astral-sh/setup-uv@v5
-        #     with:
-        #       enable-cache: true
-        #       python-version: ${{ env.PYTHON_VERSION }}
-        #       cache-dependency-glob: "**/uv.lock **/pyproject.toml"
           - name: Initialize CodeQL
             uses: github/codeql-action/init@v3
             with:
               languages: python
-        #  Commenting out as binary/wheels are missing
-        #   - name: Install Ingest dependencies
-        #     run: |
-        #       if [ -f "Source/Ingest/pyproject.toml" ]; then
-        #         cd Source/Ingest && uv sync
-        #       fi
-        #   - name: Install troute-rnr dependencies  
-        #     run: |
-        #       if [ -f "Source/troute-rnr/pyproject.toml" ]; then
-        #         cd Source/troute-rnr && uv sync
-        #       fi
           - name: Perform CodeQL Analysis
             uses: github/codeql-action/analyze@v3
 
     publish-troute-rnr:
         name: Publish troute-rnr to Registry
         if: >
-          github.event_name == 'push' && (
+          (github.event_name == 'push' && (
             github.ref == 'refs/heads/main' ||
             github.ref == 'refs/heads/development' ||
             startsWith(github.ref, 'refs/tags/v')
-          )
+          )) ||
+          (github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main')
         runs-on: ubuntu-latest
         needs: [setup, build-and-scan-troute-rnr, codeql-scan]
         steps:

diff --git a/terraform/terraform.tfvars b/terraform/terraform.tfvars
@@ -13,7 +13,7 @@ subnet_name_pattern = "Test-App*"
 
 # --- Application Image and Code ---
 # This would typically be passed in from a CI/CD pipeline
-docker_image_uri                    = "ghcr.io/ngwpc/rnr-aws:main"
+docker_image_uri                    = "ghcr.io/ngwpc/rnr-aws/troute-rnr:latest"        
 lambda_code_bucket_name             = "ngwpc-infra-test"
 #lambda_producer_zip_s3_key         = "lambda-zips/data-producer/v1.0.0.zip"
 #lambda_postproc_zip_s3_key         = "lambda-zips/post-processor/v1.0.0.zip"