From 1079abfd3e430a08bc657bb85b565a1b0b8be832 Mon Sep 17 00:00:00 2001
From: Magnus Kulke <magnuskulke@microsoft.com>
Date: Thu, 12 Dec 2024 13:38:53 +0100
Subject: [PATCH] ci: re-order sysctl step for podvm_mkosi wf

A default directory is set workflow-wide that will only work after
checkout, hence the sysctl call fails.

Signed-off-by: Magnus Kulke <magnuskulke@microsoft.com>
---
 .github/workflows/podvm_mkosi.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/podvm_mkosi.yaml b/.github/workflows/podvm_mkosi.yaml
index b8c6da6f7..c668605a6 100644
--- a/.github/workflows/podvm_mkosi.yaml
+++ b/.github/workflows/podvm_mkosi.yaml
@@ -75,17 +75,17 @@ jobs:
       qcow2_oras_image: ${{ steps.publish_oras_qcow2.outputs.image }}:${{ steps.publish_oras_qcow2.outputs.tag }}
       docker_oci_image: ${{ steps.build_docker_oci.outputs.image }}
     steps:
-      # Required by rootless mkosi
-      - name: Un-restrict user namespaces
-        if: inputs.arch == 'amd64'
-        run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
-
       - name: Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
           ref: "${{ inputs.git_ref }}"
 
+      # Required by rootless mkosi
+      - name: Un-restrict user namespaces
+        if: inputs.arch == 'amd64'
+        run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+
       - name: Rebase the code
         if: github.event_name == 'pull_request_target'
         working-directory: ./