feat: append SHORT_COMMIT_HASH to all images

Author: MacMur85

.github/workflows/stage-3-build-images.yaml

@@ -73,6 +73,7 @@ jobs:
     if: needs.get-functions.outputs.FUNC_NAMES != '[]'
     outputs:
       pr_num_tag: ${{ env.PR_NUM_TAG }}
+      short_commit_hash: ${{ env.COMMIT_HASH_TAG }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -237,6 +238,90 @@ jobs:
           path: ./${{ env.VULNERABILITIES_SUMMARY_LOGFILE }}
           retention-days: 21
 
+  tag-all-repositories:
+    name: "Append short commit hash to images"
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    if: github.ref == 'refs/heads/main'
+    permissions:
+      id-token: write
+    steps:
+      - name: Az CLI login
+        if: github.ref == 'refs/heads/main'
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Azure Container Registry login
+        if: github.ref == 'refs/heads/main'
+        run: az acr login --name ${{ secrets.ACR_NAME }}
+
+      - name: Tag All Repositories with new short commit hash
+        env:
+          ACR_NAME: ${{ secrets.ACR_NAME }}
+          SHORT_COMMIT_HASH: ${{ needs.build-and-push.outputs.short_commit_hash }}
+          ENVIRONMENT_TAG: ${{ inputs.environment_tag }}
+
+        run: |
+          echo "Attempting to tag all repositories in ACR $ACR_NAME with short commit hash: $SHORT_COMMIT_HASH"
+
+          # Get list of repositories
+          repo_list=$(az acr repository list --name "$ACR_NAME" --output tsv)
+
+          if [ -z "$repo_list" ]; then
+            echo "No repositories found in ACR $ACR_NAME. Nothing to tag."
+            exit 0
+          fi
+
+          echo "Found repositories: $(echo $repo_list | wc -w)"
+          echo "---"
+
+          exit_code=0
+
+          for repo_name in $repo_list; do
+            source_image="${ACR_NAME}.azurecr.io/${repo_name}:${ENVIRONMENT_TAG}"
+            target_image="${ACR_NAME}.azurecr.io/${repo_name}:${SHORT_COMMIT_HASH}"
+
+            echo "Processing repository: $repo_name"
+
+            echo "  Checking for existing target tag: $SHORT_COMMIT_HASH"
+            target_tag_check_output=$(az acr repository show-manifests --name "$ACR_NAME" --repository "$repo_name" --query "[?tags.contains(@, '${SHORT_COMMIT_HASH}')]" --output tsv 2>&1)
+            target_tag_check_status=$? # Get exit status of the check command
+
+            if [ $target_tag_check_status -ne 0 ]; then
+                echo "  ⚠️ Warning: Failed to check for existing target tag '$SHORT_COMMIT_HASH' for repo '$repo_name'. Error: $target_tag_check_output"
+                echo "  Proceeding to import attempt regardless..."
+            elif [ -n "$target_tag_check_output" ]; then
+                # Check command succeeded (exit status 0) AND output is non-empty, meaning tag exists
+                echo "  Target tag '$SHORT_COMMIT_HASH' already exists. Skipping import for this repository."
+                echo "---"
+                continue
+            fi
+
+            echo "Target tag '$SHORT_COMMIT_HASH' not found or check failed. Attempting import: $source_image -> $target_image"
+
+            az acr import \
+              --name "$ACR_NAME" \
+              --source "$source_image" \
+              --image "$target_image" \
+              --force
+
+            import_status=$?
+
+            if [ $import_status -ne 0 ]; then
+              echo "  ⚠️ Warning: ACR import command failed for repository '$repo_name' (Exit Code: $import_status)."
+              exit_code=1 # Record import failure
+            else
+              echo "  Import successful for '$repo_name'."
+            fi
+            echo "---"
+          done
+
+          echo "Finished processing all repositories."
+          exit $exit_code
+
   aggregate-json:
     runs-on: ubuntu-latest
     needs: build-and-push