Enterprise Security Infrastructure for Azure OpenAI Workshop #43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push Docker Image for MCP Service | |
| on: | |
| pull_request: | |
| branches: [ main, int-agentic ] | |
| paths: | |
| - 'mcp/**' | |
| - '.github/workflows/docker-mcp.yml' | |
| workflow_call: | |
| inputs: | |
| environment: | |
| type: string | |
| required: true | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: Target environment | |
| type: choice | |
| options: [dev, integration, prod] | |
| default: dev | |
| env: | |
| IMAGE_NAME: mcp-service | |
| PROJECT_SUBPATH: mcp/ | |
| IMAGE_TAG: ${{ inputs.environment && format('{0}-latest', inputs.environment) || 'latest' }} | |
| jobs: | |
| build: | |
| name: Build & Push MCP Image | |
| runs-on: ubuntu-latest | |
| # environment: ${{ inputs.environment || 'dev' }} # Commented out to use repo-level variables | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Azure OIDC Login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ vars.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ vars.AZURE_TENANT_ID }} | |
| subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
| - name: Determine ACR Name | |
| id: acr | |
| run: | | |
| # Construct ACR name matching Terraform pattern: {project}{env}acr{iteration} | |
| PROJECT="${{ vars.PROJECT_NAME || 'OpenAIWorkshop' }}" | |
| ENV="${{ inputs.environment || 'dev' }}" | |
| ITERATION="${{ vars.ITERATION || '002' }}" | |
| ACR_NAME="${PROJECT}${ENV}acr${ITERATION}" | |
| echo "name=${ACR_NAME}" >> $GITHUB_OUTPUT | |
| echo "server=${ACR_NAME}.azurecr.io" >> $GITHUB_OUTPUT | |
| echo "Using ACR: ${ACR_NAME}" | |
| - name: Login to Azure Container Registry | |
| run: | | |
| # Get ACR access token using the OIDC-authenticated Azure CLI session | |
| ACR_TOKEN=$(az acr login --name ${{ steps.acr.outputs.name }} --expose-token --query accessToken -o tsv) | |
| echo "$ACR_TOKEN" | docker login ${{ steps.acr.outputs.server }} --username 00000000-0000-0000-0000-000000000000 --password-stdin | |
| - name: Build and Push Image | |
| run: | | |
| ACR_SERVER="${{ steps.acr.outputs.server }}" | |
| # Build with both SHA tag and environment tag | |
| docker build ${{ env.PROJECT_SUBPATH }} \ | |
| -t "${ACR_SERVER}/${{ env.IMAGE_NAME }}:${{ github.sha }}" \ | |
| -t "${ACR_SERVER}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}" \ | |
| -t "${ACR_SERVER}/${{ env.IMAGE_NAME }}:latest" | |
| # Push all tags | |
| docker push "${ACR_SERVER}/${{ env.IMAGE_NAME }}" --all-tags | |
| echo "✅ Pushed: ${ACR_SERVER}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}" | |
| echo "ACR: ${{ steps.acr.outputs.name }}" |