add some fixes

Author: mrmoonl1ght94

.github/workflows/docker_build.yml

@@ -44,6 +44,9 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-buildx-
 
+        # Build multi platform images and loading them at the same time is not possible with default container runtime : https://github.com/docker/buildx/issues/59
+        # So let's use containerd instead as it supports this option
+        # Also containerd is one of the option to allow preserving provenance attestations :https://docs.docker.com/build/attestations/#creating-attestations
       - name: Setup docker with containerd
         uses: crazy-max/ghaction-setup-docker@v3
         with:

.github/workflows/main.yml

@@ -9,7 +9,7 @@ permissions:
   contents: read
 
 jobs:
-  jar-jar-build:
+  jar-build:
     runs-on: ubuntu-latest
 
     permissions:
@@ -22,7 +22,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.sha }}
+          ref: ${{ github.event.pull_request.head.sha }}
           token: ${{ github.token }}
 
       - name: Set up JDK
@@ -40,8 +40,6 @@ jobs:
           export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
 
-      - name: Upload jar
-        uses: actions/upload-artifact@v4
       - name: Upload jar
         uses: actions/upload-artifact@v4
         with:

.github/workflows/release.yml

@@ -19,7 +19,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          ref: ${{ github.sha }}
+          ref: ${{ github.event.pull_request.head.sha }}
           token: ${{ github.token }}
 
       - run: |
@@ -68,7 +68,7 @@ jobs:
     needs: [release, docker-build]
     permissions:
       packages: write
-      id-token: write
+      id-token: write # Required to authenticate with OIDC for AWS
     uses: ./.github/workflows/docker_publish.yml
     secrets: inherit
     with: