[Packaging] Add Azure Linux docker image #27204
Conversation
🔄AzureCLI-FullTest
|
️✔️AzureCLI-BreakingChangeTest
|
microsoft-github-policy-service
bot
requested review from
jiasli,
wangzelin007 and
yonzhan
|
Packaging |
Dockerfile.azure
Outdated
|
|
||
|
|
||
| # Azure Linux does not contain Mozilla CA certificates, install ca-certificates package to prevent CERTIFICATE_VERIFY_FAILED errors, see https://github.com/Azure/azure-cli/issues/26026 | ||
| RUN --mount=type=bind,target=/azure-cli.rpm,source=./docker/azure-cli.rpm pwd && ls && tdnf install ca-certificates /azure-cli.rpm -y && tdnf clean all |
There was a problem hiding this comment.
Use mount to get rid of copy and save image size.
Mounted file does not take up space in docker.
.dockerignore
Outdated
| # Make an exception for the license file | ||
| !LICENSE.txt | ||
| # Make an exception for docker related files | ||
| !docker/* |
There was a problem hiding this comment.
Add this to mount the rpm file, for
# Exclude everything by default
*
There was a problem hiding this comment.
The name is confusing. We can consider either renaming it or adding comments to clarify its content.
There was a problem hiding this comment.
It's better to use dockerfile as file extensions. See #21680
| # Azure Linux does not contain Mozilla CA certificates, install ca-certificates package to prevent CERTIFICATE_VERIFY_FAILED errors, see https://github.com/Azure/azure-cli/issues/26026 | ||
| RUN --mount=type=bind,target=/azure-cli.rpm,source=./docker/azure-cli.rpm tdnf install ca-certificates /azure-cli.rpm -y && tdnf clean all | ||
|
|
||
| ENV AZ_INSTALLER=DOCKER |
There was a problem hiding this comment.
Should we distinguish which docker image is used?
There was a problem hiding this comment.
Currently, the values are PIP, MSI, RPM, HOMEBREW, DEB and DOCKER, which do not contains a specific OS version. So I use the same value as Alpine.
Dockerfile.azure
Outdated
|
|
||
|
|
||
| # Azure Linux does not contain Mozilla CA certificates, install ca-certificates package to prevent CERTIFICATE_VERIFY_FAILED errors, see https://github.com/Azure/azure-cli/issues/26026 | ||
| RUN --mount=type=bind,target=/azure-cli.rpm,source=./docker/azure-cli.rpm tdnf install ca-certificates /azure-cli.rpm -y && tdnf clean all |
There was a problem hiding this comment.
I am not sure if it will be good to follow the same installation method of Alpine-based docker image:
Line 55 in 5f52c83
There was a problem hiding this comment.
We don't create package for Alpine, there is no other choice except installing from pypi.
Installing from rpm is faster than install from pypi. Although it depends on build rpm, the overall time is not increased as it runs faster than test rpm package.
azure-pipelines.yml
Outdated
| docker run $IMAGE_NAME /bin/bash -c "time az self-test && time az --version && sleep 5" | ||
| displayName: 'Bash Script' | ||
| - job: BuildExtraDockerImage |
There was a problem hiding this comment.
"Extra" is too general. It's a good practice to be specific.
| - job: BuildExtraDockerImage | |
| - job: BuildAzureLinuxDockerImage |
| - job: BuildExtraDockerImage | ||
| displayName: Build Extra Docker Image | ||
| dependsOn: BuildRpmPackageMariner |
There was a problem hiding this comment.
This job should be renamed:
| dependsOn: BuildRpmPackageMariner | |
| dependsOn: BuildRpmPackageAzureLinux |
There was a problem hiding this comment.
Mariner is still used in pipeline. Let's wait for Azure Linux team change the url of docker image.
| ${{ each arch in parameters.architectures }}: | ||
| Mariner 2.0 ${{ arch.name }}: | ||
| pool: ${{ arch.pool }} | ||
| artifactName: docker-mariner2.0-${{ arch.value }} |
There was a problem hiding this comment.
The artifact name is docker-mariner2.0-amd64 (align with the RPM artifact rpm-mariner2.0-amd64), the docker image tag is cbl-mariner2.0.
This is the reply from Mariner team:
To keep things consistent with other images in MCR, can we make the tag "cbl-mariner2.0"? Once we release Mariner 3.0 next year, there will be a larger rebranding where we will be changing all container image tags to use "Azure Linux". However, for now we want to stay consistent with what already exists
There was a problem hiding this comment.
Consider using the full name azure-linux. azure can easily cause confusion as it represents the Azure cloud.
azure-pipelines.yml
Outdated
| Alpine ${{ arch.name }}: | ||
| pool: ${{ arch.pool }} | ||
| artifactName: docker-${{ arch.value }} | ||
| dockerfile: Dockerfile |
There was a problem hiding this comment.
Maybe renaming the Dockerfile to make it more specific, such as alpine.dockerfile, given we already have another base - Azure Linux?
azure-pipelines.yml
Outdated
|
|
||
| dependsOn: BuildDockerImage | ||
| dependsOn: | ||
| - BuildDockerImage |
There was a problem hiding this comment.
Same here. Consider renaming it to BuildDockerImageAlpine.
azure-pipelines.yml
Outdated
| docker run $IMAGE_NAME /bin/bash -c "time az self-test && time az --version && sleep 5" | ||
| displayName: 'Bash Script' | ||
| - job: BuildAzureDockerImage |
There was a problem hiding this comment.
Maybe BuildDockerImageAzureLinux?
azure-pipelines.yml
Outdated
| DockerImagesToScan: 'clibuild$BUILD_BUILDNUMBER:latest' | ||
|
|
||
| - task: PublishPipelineArtifact@0 | ||
| displayName: 'Publish Artifact: docker image' |
There was a problem hiding this comment.
This displayName adds little value to the job. We may remove displayName everywhere if it is meaningless.
azure.dockerfile
Outdated
| org.label-schema.name="Azure CLI" \ | ||
| org.label-schema.version=$CLI_VERSION \ | ||
| org.label-schema.license="MIT" \ | ||
| org.label-schema.description="The Azure CLI is used for all Resource Manager deployments in Azure." \ |
There was a problem hiding this comment.
This description added 6 years ago by #4696 is no longer accurate, given we now support Microsoft Graph and other data-plane operations as well.
There was a problem hiding this comment.
I found a new description in the repo A great cloud needs great tools; we're excited to introduce Azure CLI, our next generation multi-platform command line experience for Azure.. Do we have any alternative for this?
bebound
modified the milestones:
September 2023 (2023-09-26),
October 2023 (2023-11-15)❗ Breaking change release ❗
bebound
force-pushed
the
azure-dockerfile
branch
from
75079d0 to
33f1f6d
Compare
bebound
force-pushed
the
azure-dockerfile
branch
from
c730dfb to
cb3786e
Compare
|
|
||
|
|
||
| # Azure Linux base image does not contain Mozilla CA certificates, install ca-certificates package to prevent CERTIFICATE_VERIFY_FAILED errors, see https://github.com/Azure/azure-cli/issues/26026 | ||
| RUN --mount=type=bind,target=/azure-cli.rpm,source=./docker-temp/azure-cli.rpm tdnf install ca-certificates /azure-cli.rpm -y && tdnf clean all && rm -rf /var/cache/tdnf |
There was a problem hiding this comment.
I am wondering why alpine.dockerfile uses COPY . /azure-cli instead of --mount=type=bind.
There was a problem hiding this comment.
--mount was added in dockerfile:1.2 on 2020-12-03.
Co-authored-by: Jiashuo Li <[email protected]>
4 participants
Description
Create Azure Linux based image
Testing Guide
History Notes
[Component Name 1] BREAKING CHANGE:
az command a: Make some customer-facing breaking change[Component Name 2]
az command b: Add some customer-facing featureThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.