feat: DTOSS-8139 append commit hash tag to all images (#146)

MacMur85 · web-flow · commit aca424553b5a · 2025-04-30T08:39:40.000Z
* feat: append SHORT_COMMIT_HASH to all images

* feat: append SHORT_COMMIT_HASH to all images

* feat: append SHORT_COMMIT_HASH to all images

* feat: run step from a script file
diff --git a/.github/workflows/stage-3-build-images.yaml b/.github/workflows/stage-3-build-images.yaml
@@ -73,6 +73,7 @@ jobs:
     if: needs.get-functions.outputs.FUNC_NAMES != '[]'
     outputs:
       pr_num_tag: ${{ env.PR_NUM_TAG }}
+      short_commit_hash: ${{ env.COMMIT_HASH_TAG }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -237,6 +238,33 @@ jobs:
           path: ./${{ env.VULNERABILITIES_SUMMARY_LOGFILE }}
           retention-days: 21
 
+  tag-all-repositories:
+    name: "Append short commit hash to images"
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    if: github.ref == 'refs/heads/main'
+    permissions:
+      id-token: write
+    steps:
+      - name: Az CLI login
+        if: github.ref == 'refs/heads/main'
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Azure Container Registry login
+        if: github.ref == 'refs/heads/main'
+        run: az acr login --name ${{ secrets.ACR_NAME }}
+
+      - name: Tag all repositories with new short commit hash
+        env:
+          ACR_NAME: ${{ secrets.ACR_NAME }}
+          SHORT_COMMIT_HASH: ${{ needs.build-and-push.outputs.short_commit_hash }}
+          ENVIRONMENT_TAG: ${{ inputs.environment_tag }}
+        run: bash ./templates/scripts/deployments/append-commit-hash.sh
+
   aggregate-json:
     runs-on: ubuntu-latest
     needs: build-and-push
diff --git a/scripts/deployments/append-commit-hash.sh b/scripts/deployments/append-commit-hash.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+echo "Attempting to tag all repositories in ACR $ACR_NAME with short commit hash: $SHORT_COMMIT_HASH"
+echo "Source tag for import will be: $ENVIRONMENT_TAG"
+
+# Get list of repositories
+repo_list=$(az acr repository list --name "$ACR_NAME" --output tsv)
+
+if [ -z "$repo_list" ]; then
+  echo "No repositories found in ACR $ACR_NAME. Nothing to tag."
+  exit 0
+fi
+
+echo "Found repositories: $(echo $repo_list | wc -w)"
+echo "---"
+
+exit_code=0
+
+for repo_name in $repo_list; do
+  source_image="${ACR_NAME}.azurecr.io/${repo_name}:${ENVIRONMENT_TAG}"
+  target_image="${repo_name}:${SHORT_COMMIT_HASH}"
+
+  echo "Processing repository: $repo_name"
+
+  echo "  Checking for existing target tag: $SHORT_COMMIT_HASH"
+  target_tag_check_output=$(az acr manifest list-metadata --registry "$ACR_NAME" --name "$repo_name" --query "[?tags.contains(@, '${SHORT_COMMIT_HASH}')]" --output tsv)
+  target_tag_check_status=$?
+
+  if [ $target_tag_check_status -eq 0 ] && [ -n "$target_tag_check_output" ]; then
+    echo "  Target tag '$SHORT_COMMIT_HASH' already exists. Skipping import for this repository."
+    echo "---"
+    continue
+  fi
+
+  echo "  Proceeding with import attempt: $source_image -> $target_image"
+
+  az acr import \
+    --name "$ACR_NAME" \
+    --source "$source_image" \
+    --image "$target_image" \
+    --force
+
+  import_status=$?
+
+  if [ $import_status -ne 0 ]; then
+    echo "  ⚠️ Warning: ACR import command failed for repository '$repo_name' (Exit Code: $import_status)."
+    exit_code=1 # Record import failure
+  else
+    echo "  Import successful for '$repo_name'."
+  fi
+  echo "---"
+done
+
+echo "Finished processing all repositories."
+exit $exit_code
