From cd2162d545d5fd064c5fa293c9ba0431f46a0345 Mon Sep 17 00:00:00 2001
From: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Date: Thu, 23 Jan 2025 14:58:18 +0100
Subject: [PATCH] add condition, push only from main

Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
---
 .github/workflows/bake.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/bake.yaml b/.github/workflows/bake.yaml
index de00a49e..ffe71f48 100644
--- a/.github/workflows/bake.yaml
+++ b/.github/workflows/bake.yaml
@@ -122,11 +122,13 @@ jobs:
           sarif_file: snyk.sarif
 
   # Use the metadata generated in the `testbuild` step to find all the images
-  # that have been built. We copy them one by one to the procuction registry
+  # that have been built. We copy them one by one to the production registry
   # using skopeo. Then we sign the production images too.
   copytoproduction:
     name: Copy images to production
-    if: github.event.inputs.environment == 'production' || github.event_name == 'schedule'
+    if: |
+      github.ref == 'refs/heads/main' &&
+      ( github.event.inputs.environment == 'production' || github.event_name == 'schedule' )
     runs-on: ubuntu-latest
     needs:
       - testbuild
@@ -182,4 +184,4 @@ jobs:
             '
           )
           echo "Signing ${images}"
-          cosign sign --yes ${images}
\ No newline at end of file
+          cosign sign --yes ${images}