name: Build and Push Docker Image on: workflow_dispatch: push: branches: - main paths: - 'src/**' - 'Dockerfile' - 'pyproject.toml' - '.github/workflows/docker-build-push.yaml' env: ACR_NAME: crfhiskybert IMAGE: crfhiskybert.azurecr.io/fida/ki/statistikk-mcp jobs: build-and-push: runs-on: ubuntu-latest permissions: id-token: write contents: read steps: - name: Checkout uses: actions/checkout@v4 - name: Get short SHA id: sha run: echo "short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" - name: Login to Azure using Federated Identity uses: azure/login@v2 with: client-id: ${{ vars.AZURE_CLIENT_ID }} tenant-id: ${{ vars.AZURE_TENANT_ID }} allow-no-subscriptions: true - name: Login to ACR run: az acr login --name ${{ env.ACR_NAME }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.IMAGE }} tags: | type=sha,prefix= type=raw,value=latest,enable={{is_default_branch}} - name: Build and push uses: docker/build-push-action@v6 with: context: . target: prod push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - name: Trigger GitOps tag update run: | curl -sS -f -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${{ secrets.GITOPS_PAT }}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ "https://api.github.com/repos/${{ vars.GITOPS_REPO }}/dispatches" \ -d '{"event_type":"update_tag","client_payload":{"env":"test","updates":[{"repository":"fida/ki/statistikk-mcp","tag":"${{ steps.sha.outputs.short }}"}]}}'