Problem

The most common scenario for the release app workflow is to use the latest available image tag for the service. For API and frontend, it's easy to get this by querying the version endpoints, but for the catalog and ingestion server, you need to go to the GHCR pages for them and copy the SHA from there. It's easy to forget how to do this for the different apps.

Description

Because the vast majority of the time we are just passing the latest available image for the app we want to release, we could make the SHA optional and pull the latest image tag ourselves. It might even work to just use latest as the default!

The only potentially fraught aspect of this is if somehow a new staging version that hasn't been verified is pushed that we didn't mean to deploy. I don't know what the chances of that are 🤔 If we pull the latest tag right at the start the reference will be stable throughout the rest of the workflow, so it should be okay.