Use 1es tasks for docker publishing

[hallipr]

What does this PR do?

Take the single-script process of:

• unpack the docker image tarballs
• publish the images to ACR
• publish the multi-architecture manifests to ACR

And split it into 3 steps:

• unpack the docker image tarballs using powershell
• publish the images to ACR using 1ES ado tasks
• publish the multi-architecture manifests to ACR using powershell
  • The 1ES tasks don't support manifest publishing

GitHub issue number?

Fixes #1665

Pre-merge Checklist

• Required for All PRs
  • Read contribution guidelines
  • PR title clearly describes the change
  • Commit history is clean with descriptive messages (cleanup guide)
  • Added comprehensive tests for new/modified functionality
  • Updated servers/Azure.Mcp.Server/CHANGELOG.md and/or servers/Fabric.Mcp.Server/CHANGELOG.md for product changes (features, bug fixes, UI/UX, updated dependencies)
• For MCP tool changes:
  • One tool per PR: This PR adds or modifies only one MCP tool for faster review cycles
  • Updated servers/Azure.Mcp.Server/README.md and/or servers/Fabric.Mcp.Server/README.md documentation
  • Validate README.md changes using script at eng/scripts/Process-PackageReadMe.ps1. See Package README
  • Updated command list in /servers/Azure.Mcp.Server/docs/azmcp-commands.md and/or /docs/fabric-commands.md
  • Run .\eng\scripts\Update-AzCommandsMetadata.ps1 to update tool metadata in azmcp-commands.md (required for CI)
  • For new or modified tool descriptions, ran ToolDescriptionEvaluator and obtained a score of 0.4 or more and a top 3 ranking for all related test prompts
  • For tools with new names, including new tools or renamed tools, update consolidated-tools.json
  • For renamed tools, follow the Tool Rename Checklist and tag the PR with the breaking-change label
  • For new tools associated with Azure services or publicly available tools/APIs/products, add URL to documentation in the PR description
• Extra steps for Azure MCP Server tool changes:
  • Updated test prompts in /servers/Azure.Mcp.Server/docs/e2eTestPrompts.md
  • 👉 For Community (non-Microsoft team member) PRs:
    • Security review: Reviewed code for security vulnerabilities, malicious code, or suspicious activities before running tests (crypto mining, spam, data exfiltration, etc.)
    • Manual tests run: added comment /azp run mcp - pullrequest - live to run Live Test Pipeline

[Copilot]

Pull request overview

This PR refactors the Docker release flow to separate image loading/tagging from registry pushes and manifest publishing, aligning the pipeline with 1ES container push tasks.

Changes:

• Replaces the monolithic Publish-DockerImages.ps1 script with Load-DockerImages.ps1 (local load/tag) and Publish-DockerManifests.ps1 (manifest creation/push).
• Updates docker release pipeline to push per-architecture images via 1ES.PushContainerImage@1 and then publish multi-arch manifests.
• Updates Prepare-Docker.ps1 staging to include the new scripts for release-time execution.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
eng/scripts/Publish-DockerManifests.ps1	New script to create/push versioned + latest multi-arch manifests from already-pushed arch tags.
eng/scripts/Publish-DockerImages.ps1	Removed old script that combined load/tag/push/manifest steps.
eng/scripts/Prepare-Docker.ps1	Stages the new docker scripts into the docker staging artifact for 1ES release jobs.
eng/scripts/Load-DockerImages.ps1	New script to load tarballs and apply predictable local tags for 1ES push tasks.
eng/pipelines/templates/jobs/docker/release-docker.yml	Updates release job to load locally, push arch images via 1ES tasks, then publish manifests.

---

You can also share your feedback on Copilot code review. Take the survey.