PerfectThymeTech · marvinbuss · Oct 31, 2023 · Oct 26, 2023 · Oct 27, 2023 · Oct 30, 2023
diff --git a/.github/workflows/_containerTemplate.yml b/.github/workflows/_containerTemplate.yml
@@ -0,0 +1,111 @@
+name: Docker Template
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+        default: "dev"
+        description: "Specifies the environment of the deployment."
+      working_directory:
+        required: false
+        type: string
+        default: ./code/function
+        description: "Specifies the uri of the container registry."
+      registry_uri:
+        required: false
+        type: string
+        default: ghcr.io
+        description: "Specifies the uri of the container registry."
+      image_name:
+        required: true
+        type: string
+        description: "Specifies the name of the image."
+    secrets:
+      USER_NAME:
+        required: true
+        description: "Specifies the user name for the container registry."
+      PASSWORD:
+        required: true
+        description: "Specifies the password for the container registry."
+
+jobs:
+  deployment:
+    name: Container Build & Push
+    runs-on: ubuntu-latest
+    continue-on-error: false
+    environment: ${{ inputs.environment }}
+
+    steps:
+      # Check Out Repository
+      - name: Check Out Repository
+        id: checkout_repository
+        uses: actions/checkout@v4
+
+      # Install cosign
+      - name: Install cosign
+        uses: sigstore/[email protected]
+        id: install_cosign
+        if: github.event_name != 'pull_request'
+        with:
+          cosign-release: 'v2.2.0'
+
+      # Install QEMU
+      - name: Set up QEMU
+        id: install_qemu
+        uses: docker/setup-qemu-action@v3
+
+      # Install BuildKit
+      - name: Install Buildx
+        id: install_buildx
+        uses: docker/[email protected]
+
+      # Login Container Registry
+      - name: Login Container Registry
+        uses: docker/[email protected]
+        id: registry_login
+        if: github.event_name != 'pull_request'
+        with:
+          registry: ${{ inputs.registry_uri }}
+          username: ${{ secrets.USER_NAME }}
+          password: ${{ secrets.PASSWORD }}
+
+      # Extract Metadata (tags, labels)
+      - name: Extract Metadata
+        id: metadata
+        uses: docker/[email protected]
+        with:
+          context: workflow
+          images: |
+            ${{ inputs.registry_uri }}/${{ inputs.image_name }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      # Build and Push Docker Image with Buildx
+      - name: Build and push Docker image
+        id: build_push
+        uses: docker/[email protected]
+        with:
+          context: ${{ inputs.working_directory }}
+          file: ${{ inputs.working_directory }}/Dockerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign container image
+      # This step uses the identity token to provision an ephemeral certificate against the sigstore community Fulcio instance.
+      - name: Sign container image
+        id: sign
+        if: ${{ github.event_name != 'pull_request' }}
+        run: |
+          echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.metadata.outputs.tags }}
+          DIGEST: ${{ steps.build_push.outputs.digest }}
diff --git a/.github/workflows/functionApp.yml b/.github/workflows/functionApp.yml
@@ -22,6 +22,19 @@ jobs:
       python_version: "3.10"
       function_directory: "./code/function"
 
+  function_container:
+    uses: ./.github/workflows/_containerTemplate.yml
+    name: "Function App Container"
+    needs: [function_test]
+    with:
+      environment: "dev"
+      working_directory: "./code/function"
+      registry_uri: "ghcr.io"
+      image_name: "AzureFunctionPython"
+    secrets:
+      USER_NAME: ${{ github.actor }}
+      PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+
   function_deploy:
     uses: ./.github/workflows/_functionAppDeployTemplate.yml
     name: "Function App Deploy"

diff --git a/code/function/.dockerignore b/code/function/.dockerignore
@@ -0,0 +1 @@
+local.settings.json
diff --git a/code/function/Dockerfile b/code/function/Dockerfile
@@ -0,0 +1,11 @@
+# To enable ssh & remote debugging on app service change the base image to the one below
+# FROM mcr.microsoft.com/azure-functions/python:4-python3.7-appservice
+FROM mcr.microsoft.com/azure-functions/python:4-python3.11
+
+ENV AzureWebJobsScriptRoot=/home/site/wwwroot \
+    AzureFunctionsJobHost__Logging__Console__IsEnabled=true
+
+COPY requirements.txt /
+RUN pip install -r /requirements.txt
+
+COPY . /home/site/wwwroot