From e1076a51c9f95d0492fa78549d88ac329f8a3169 Mon Sep 17 00:00:00 2001
From: Michael McKeen <m.mckeen@f5.com>
Date: Thu, 23 Apr 2026 11:29:21 -0400
Subject: [PATCH] CI(build-push): Migrate to OIDC authentication

---
 .github/workflows/build-push.yml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
index 5513a177e2..12312577d8 100644
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@@ -10,7 +10,11 @@ on:
         default: preview
         type: string
     secrets:
-      AZURE_CREDENTIALS_DOCS:
+      DOCS_OIDC_CLIENT:
+        required: true
+      DOCS_OIDC_TENANT:
+        required: true
+      DOCS_OIDC_SUB:
         required: true
       AZURE_KEY_VAULT_DOCS:
         required: true
@@ -58,7 +62,7 @@ jobs:
 
   call-docs-build-push:
     needs: prod-check-branch
-    uses: nginxinc/docs-actions/.github/workflows/docs-build-push.yml@54da3ca1694da6ce34840123a133054d847efcd6 # v1.0.13
+    uses: nginxinc/docs-actions/.github/workflows/docs-build-push.yml@aca17c23745abf944f9dbfb8fb8c1a341118cd42 # v1.0.16
     with:
       production_url_path: ""
       preview_url_path: "${{ vars.PREVIEW_URL_PATH }}"
@@ -70,7 +74,9 @@ jobs:
       auto_deploy_branch: "main"
       auto_deploy_env: "prod"
     secrets:
-      AZURE_CREDENTIALS: ${{secrets.AZURE_CREDENTIALS_DOCS}}
+      OIDC_CLIENT_ID: ${{secrets.DOCS_OIDC_CLIENT}}
+      OIDC_TENANT_ID: ${{secrets.DOCS_OIDC_TENANT}}
+      OIDC_SUBSCRIPTION_ID: ${{secrets.DOCS_OIDC_SUB}}
       AZURE_KEY_VAULT: ${{secrets.AZURE_KEY_VAULT_DOCS}}
 
   trigger-theme-slack-notification: