ci(ct): refactor app image pushes to skip deploy job on wrong pushed …

…branch

.github/workflows/container_app_push.yml

@@ -99,8 +99,12 @@ jobs:
         name: "Package & Publish"
         runs-on: ubuntu-latest
         # Only run this job if we have access to secrets. This is true for events like push/schedule which run in
-        # context of main repo, but for PRs only true if coming from the main repo! Forks have no secret access.
-        if: needs.check-secrets.outputs.available == 'true'
+        # context of the main repo, but for PRs only true if coming from the main repo! Forks have no secret access.
+        #
+        # Note: The team's decision was to not auto-deploy an image on any git push where no PR exists (yet).
+        #       Accordingly, only run for push events on branches develop and master.
+        if: needs.check-secrets.outputs.available == 'true' &&
+            ( github.event_name != 'push' || ( github.event_name == 'push' && contains(fromJSON('["develop", "master"]'), github.ref_name)))
         steps:
             - uses: actions/checkout@v3
             - uses: actions/setup-java@v3
@@ -109,14 +113,12 @@ jobs:
                   distribution: temurin
 
             # Depending on context, we push to different targets. Login accordingly.
-            - if: github.event_name != 'pull_request' && contains(fromJSON('["develop", "master"]'), github.ref_name)
+            - if: github.event_name != 'pull_request'
               name: Log in to Docker Hub registry
               uses: docker/login-action@v2
               with:
                   username: ${{ secrets.DOCKERHUB_USERNAME }}
                   password: ${{ secrets.DOCKERHUB_TOKEN }}
-            # Note: The team's decision was to not auto-push an image on any git push where no PR exists (yet).
-            #       Also avoids double pushes from push and PR event.
             - if: ${{ github.event_name == 'pull_request' }}
               name: Login to Github Container Registry
               uses: docker/login-action@v2