mongodb
diff --git a/‎.github/actions/build-push-image/action.yaml
Lines changed: 2 additions & 0 deletions b/‎.github/actions/build-push-image/action.yaml
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/actions/image2commit/action.yml
Lines changed: 42 additions & 0 deletions b/‎.github/actions/image2commit/action.yml
Lines changed: 42 additions & 0 deletions
diff --git a/‎.github/actions/image2commit/entrypoint.sh
Lines changed: 39 additions & 0 deletions b/‎.github/actions/image2commit/entrypoint.sh
Lines changed: 39 additions & 0 deletions
diff --git a/‎.github/workflows/cloud-tests-filter.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/cloud-tests-filter.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/cloud-tests.yml
Lines changed: 0 additions & 16 deletions b/‎.github/workflows/cloud-tests.yml
Lines changed: 0 additions & 16 deletions
diff --git a/‎.github/workflows/promote-image.yml
Lines changed: 12 additions & 18 deletions b/‎.github/workflows/promote-image.yml
Lines changed: 12 additions & 18 deletions
diff --git a/‎.github/workflows/release-branch.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/release-branch.yml
Lines changed: 2 additions & 2 deletions
@@ -99,3 +99,5 @@ runs:
         sbom: true
         push: true
         tags: ${{ inputs.tags }}
+        labels: |
+          org.opencontainers.image.revision=${{ github.sha }}
@@ -0,0 +1,42 @@
+name: image2commit
+description: Resolve full commit SHA from a promoted image tag.
+
+inputs:
+  register:
+    description: "Registry (e.g., docker.io, quay.io)"
+    required: true
+  repo:
+    description: "Repository path (e.g., andrpac/my-repo)"
+    required: true
+  image_sha:
+    description: "Short SHA or 'latest'"
+    required: true
+
+outputs:
+  commit_sha:
+    description: "Resolved full commit SHA"
+    value: ${{ steps.resolve.outputs.commit_sha }}
+runs:
+  using: "composite"
+  steps:
+    - name: Install skopeo and jq
+      shell: bash
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y skopeo jq
+
+    - name: Resolve commit SHA
+      id: resolve
+      shell: bash
+      run: |
+        chmod +x ${{ github.action_path }}/entrypoint.sh
+        full_sha=$(${{
+          github.action_path
+        }}/entrypoint.sh \
+          "${{ inputs.register }}" \
+          "${{ inputs.repo }}" \
+          "${{ inputs.image_sha }}"
+        )
+
+        echo "Raw full_sha: $full_sha"
+        echo "commit_sha=$full_sha" >> $GITHUB_OUTPUT
@@ -0,0 +1,39 @@
+#!/bin/bash
+# Copyright 2025 MongoDB Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This script retrives the git commit sha given an image sha
+
+set -euo pipefail
+
+registry="$1"
+repo="$2"
+image_sha="$3"
+
+if [[ "$image_sha" == "latest" ]]; then
+  tag="promoted-latest"
+else
+  tag="promoted-${image_sha}"
+fi
+
+full_image="${registry}/${repo}:${tag}"
+
+sha=$(skopeo inspect "docker://${full_image}" | jq -r '.Labels["org.opencontainers.image.revision"]')
+
+if [[ -z "$sha" || "$sha" == "null" ]]; then
+  echo "Error: Could not extract commit SHA from $full_image" >&2
+  exit 1
+fi
+
+echo "$sha"
@@ -55,7 +55,7 @@ jobs:
             ACTOR: ${{ github.actor }}
           run: |
             # Evaluate whether or not cloud tests should run
-            RUN_CLOUD_TESTS='false'
+            RUN_CLOUD_TESTS='true'
             # Scheduled runs on default branch always run all tests
             if [ "${EVENT}" == "schedule" ];then
               RUN_CLOUD_TESTS='true'
 
@@ -21,23 +21,7 @@ jobs:
       - name: allowed message
         run: echo "Allowed to run"
 
-  int-tests:
-    needs: allowed
-    uses: ./.github/workflows/test-int.yml
-    secrets: inherit
-
   e2e-tests:
     needs: allowed
     uses: ./.github/workflows/test-e2e.yml
     secrets: inherit
-
-  test-e2e-gov:
-    needs:
-      - allowed
-    uses: ./.github/workflows/test-e2e-gov.yml
-    secrets: inherit
-
-  openshift-upgrade-test:
-    needs: allowed
-    uses: ./.github/workflows/openshift-upgrade-test.yaml
-    secrets: inherit
@@ -21,43 +21,33 @@ jobs:
       - name: Checkout PR commit
         uses: actions/checkout@v4
 
-      # Note, we have to be careful how we retrive the image. The event that pushed 
-      # the image to the ghcr.io repo was mainly a push/schedule that passed all the
-      # tests. This event has access to github.ref_name. However, the workflow_run
-      # event does not have access github.ref_name set up. 
-      # 
-      # Therefore, we need to manually specify the branch as main
-      - name: Prepare image tag
-        id: set_tag
-        uses: ./.github/actions/set-tag
-        with:
-          branch_name: ${{ github.event.workflow_run.head_branch }}
-          commit_sha: ${{ github.event.workflow_run.head_sha }}
-
       - name: Log in to the GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Pull unofficial image from GitHub Container Registry
-        run: |
-          docker pull ${{ env.GHCR_REPO }}:${{ steps.set_tag.outputs.tag }}
-
       - name: Login to Docker registry
         uses: docker/login-action@v3
         with:
           registry: docker.io
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-            
+      
       - name: Log in to Quay registry
         uses: docker/login-action@v3
         with:
           registry: quay.io
           username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_PASSWORD }}
+
+      - name: Prepare image tag
+        id: set_tag
+        uses: ./.github/actions/set-tag
+        with:
+          branch_name: ${{ github.event.workflow_run.head_branch }}
+          commit_sha: ${{ github.event.workflow_run.head_sha }}
 
       - name: Prepare tag for promoted image
         id: promoted_tag
@@ -73,6 +63,8 @@ jobs:
           IMAGE_DEST_REPO: ${{ env.DOCKER_REPO }}
           IMAGE_SRC_TAG: ${{ steps.set_tag.outputs.tag }}
           IMAGE_DEST_TAG: ${{ steps.promoted_tag.outputs.tag }}
+          ALIAS_ENABLED: true
+          ALIAS_TAG: promoted-latest
 
       - name: Move image to Quay
         run: ./scripts/move-image.sh
@@ -81,3 +73,5 @@ jobs:
           IMAGE_DEST_REPO: ${{ env.QUAY_REPO }}
           IMAGE_SRC_TAG: ${{ steps.set_tag.outputs.tag }}
           IMAGE_DEST_TAG: ${{ steps.promoted_tag.outputs.tag }}
+          ALIAS_ENABLED: true
+          ALIAS_TAG: promoted-latest
@@ -1,7 +1,7 @@
-# Create Release Branch
+# DEPRECATED: Create Release Branch
 # TODO after GitHub add permission for action-bot to commit to the protected branches - please merge release-* workflow into one
 
-name: Create Release Branch
+name: "[Deprecated] Create Release Branch"
 
 on:
   workflow_dispatch: