Skip to content

[Packaging] Add Azure Linux docker image #27204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bebound merged 24 commits into from
Oct 17, 2023
Merged

[Packaging] Add Azure Linux docker image #27204

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
dff1c06
Init
bebound Aug 14, 2023
0516f14
Merge branch 'dev' into azure-dockerfile
bebound Aug 17, 2023
0f7dcb7
Minor fix
bebound Aug 17, 2023
9943174
Minor fix
bebound Aug 17, 2023
51dcee3
Test
bebound Aug 18, 2023
a38084d
Fix rpm path
bebound Aug 18, 2023
d854e86
Merge remote-tracking branch 'upstream/dev' into azure-dockerfile
bebound Aug 21, 2023
021c340
Minor fix
bebound Aug 22, 2023
a7d0360
Rename
bebound Aug 25, 2023
82ea672
Merge remote-tracking branch 'upstream/dev' into azure-dockerfile
bebound Aug 28, 2023
8bafcb2
Minor fix
bebound Sep 11, 2023
01c58d5
Minor fix
bebound Sep 12, 2023
a454719
User mariner 2.0 in name
bebound Sep 15, 2023
0f101c2
Change dockerfile name
bebound Sep 18, 2023
2bade4e
Use docker-temp folder
bebound Sep 18, 2023
be98383
Merge remote-tracking branch 'upstream/dev' into azure-dockerfile
bebound Sep 27, 2023
33f1f6d
Fix path
bebound Sep 27, 2023
e327a2d
Update test name
bebound Sep 27, 2023
c02fdb2
Merge remote-tracking branch 'upstream/dev' into azure-dockerfile
bebound Sep 27, 2023
f000edd
Merge branch 'dev' into azure-dockerfile
bebound Oct 9, 2023
24e6fb5
Merge branch 'dev' into azure-dockerfile
bebound Oct 9, 2023
cb3786e
Minor fix
bebound Oct 9, 2023
2dcab39
Update .dockerignore
bebound Oct 16, 2023
543c48a
Merge branch 'dev' into azure-dockerfile
bebound Oct 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@
!az.completion
# Make an exception for the license file
!LICENSE.txt
# Make an exception for Azure CLI RPMs
!docker-temp/*
# Exclude build droppings, as mentioned in .gitignore
src/build*
# Exclude tests
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile → alpine.dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ LABEL maintainer="Microsoft" \
org.label-schema.name="Azure CLI" \
org.label-schema.version=$CLI_VERSION \
org.label-schema.license="MIT" \
org.label-schema.description="The Azure CLI is used for all Resource Manager deployments in Azure." \
org.label-schema.description="A great cloud needs great tools; we're excited to introduce Azure CLI, our next generation multi-platform command line experience for Azure." \
org.label-schema.url="https://docs.microsoft.com/cli/azure/overview" \
org.label-schema.usage="https://docs.microsoft.com/cli/azure/install-az-cli2#docker" \
org.label-schema.build-date=$BUILD_DATE \
Expand Down
31 changes: 31 additions & 0 deletions azure-linux.dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
#---------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
#---------------------------------------------------------------------------------------------

FROM mcr.microsoft.com/cbl-mariner/base/core:2.0

ARG CLI_VERSION

# Metadata as defined at http://label-schema.org
ARG BUILD_DATE

LABEL maintainer="Microsoft" \
org.label-schema.schema-version="1.0" \
org.label-schema.vendor="Microsoft" \
org.label-schema.name="Azure CLI" \
org.label-schema.version=$CLI_VERSION \
org.label-schema.license="MIT" \
org.label-schema.description="A great cloud needs great tools; we're excited to introduce Azure CLI, our next generation multi-platform command line experience for Azure." \
org.label-schema.url="https://docs.microsoft.com/cli/azure/overview" \
org.label-schema.usage="https://learn.microsoft.com/en-us/cli/azure/run-azure-cli-docker" \
org.label-schema.build-date=$BUILD_DATE \
org.label-schema.vcs-url="https://github.com/Azure/azure-cli.git" \
org.label-schema.docker.cmd="docker run -v \${HOME}/.azure:/root/.azure -it mcr.microsoft.com/azure-cli:$CLI_VERSION-azure"


# Azure Linux base image does not contain Mozilla CA certificates, install ca-certificates package to prevent CERTIFICATE_VERIFY_FAILED errors, see https://github.com/Azure/azure-cli/issues/26026
RUN --mount=type=bind,target=/azure-cli.rpm,source=./docker-temp/azure-cli.rpm tdnf install ca-certificates /azure-cli.rpm -y && tdnf clean all && rm -rf /var/cache/tdnf
Copy link
Member

@jiasli jiasli Oct 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am wondering why alpine.dockerfile uses COPY . /azure-cli instead of --mount=type=bind.

Copy link
Contributor Author

@bebound bebound Oct 16, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

--mount was added in dockerfile:1.2 on 2020-12-03.


ENV AZ_INSTALLER=DOCKER
CMD bash
126 changes: 102 additions & 24 deletions azure-pipelines.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,19 +259,15 @@ jobs:
inputs:
filePath: build_scripts\windows\scripts\test_msi_installation.ps1

- job: BuildDockerImage
displayName: Build Docker Image

dependsOn: ExtractMetadata
condition: succeeded()
- job: BuildDockerImageAlpine
displayName: Build Docker Image Alpine
strategy:
matrix:
AMD64:
pool: ${{ variables.ubuntu_pool }}
artifactName: docker-amd64
ARM64:
pool: ${{ variables.ubuntu_arm64_pool }}
artifactName: docker-arm64
${{ each arch in parameters.architectures }}:
Alpine ${{ arch.name }}:
pool: ${{ arch.pool }}
artifactName: docker-${{ arch.value }}
dockerfile: alpine.dockerfile
pool:
name: $(pool)
steps:
Expand All @@ -295,19 +291,18 @@ jobs:
TargetPath: $(Build.ArtifactStagingDirectory)
ArtifactName: $(artifactName)

- job: TestDockerImage
displayName: Test Docker Image

dependsOn: BuildDockerImage
- job: TestDockerImageAlpine
displayName: Test Docker Image Alpine
dependsOn:
- BuildDockerImageAlpine
- ExtractMetadata
condition: succeeded()
strategy:
matrix:
AMD64:
pool: ${{ variables.ubuntu_pool }}
artifactName: docker-amd64
ARM64:
pool: ${{ variables.ubuntu_arm64_pool }}
artifactName: docker-arm64
${{ each arch in parameters.architectures }}:
Alpine ${{ arch.name }}:
pool: ${{ arch.pool }}
artifactName: docker-${{ arch.name }}
pool:
name: $(pool)
steps:
Expand All @@ -317,7 +312,6 @@ jobs:
TargetPath: '$(Build.ArtifactStagingDirectory)/metadata'
artifactName: metadata


- task: DownloadPipelineArtifact@1
displayName: 'Download Docker Image'
inputs:
Expand All @@ -340,6 +334,88 @@ jobs:
docker run $IMAGE_NAME /bin/bash -c "time az self-test && time az --version && sleep 5"
displayName: 'Bash Script'

- job: BuildDockerImageAzureLinux
displayName: Build Docker Image Azure Linux
dependsOn: BuildRpmPackageMariner
Copy link
Member

@jiasli jiasli Aug 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This job should be renamed:

Suggested change
dependsOn: BuildRpmPackageMariner
dependsOn: BuildRpmPackageAzureLinux

Copy link
Contributor Author

@bebound bebound Aug 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mariner is still used in pipeline. Let's wait for Azure Linux team change the url of docker image.

strategy:
matrix:
${{ each arch in parameters.architectures }}:
Mariner 2.0 ${{ arch.name }}:
pool: ${{ arch.pool }}
artifactName: docker-mariner2.0-${{ arch.value }}
Copy link
Contributor Author

@bebound bebound Sep 15, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The artifact name is docker-mariner2.0-amd64 (align with the RPM artifact rpm-mariner2.0-amd64), the docker image tag is cbl-mariner2.0.

This is the reply from Mariner team:

To keep things consistent with other images in MCR, can we make the tag "cbl-mariner2.0"? Once we release Mariner 3.0 next year, there will be a larger rebranding where we will be changing all container image tags to use "Azure Linux". However, for now we want to stay consistent with what already exists

dockerfile: azure-linux.dockerfile
packageArtifactName: rpm-mariner2.0-${{ arch.value }}
Copy link

@mandeepsplaha mandeepsplaha Sep 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar question here about mariner version: does it make sense to make the version a variable to allow for mariner 3.0 down the road?

pool:
name: $(pool)
steps:
- bash: ./scripts/ci/install_docker.sh
displayName: Install Docker
- task: DownloadPipelineArtifact@1
displayName: 'Download Build Artifacts'
inputs:
TargetPath: '$(Build.ArtifactStagingDirectory)/docker'
artifactName: $(packageArtifactName)
- bash: |
set -ex
mkdir docker-temp
mv $(Build.ArtifactStagingDirectory)/docker/*.rpm ./docker-temp/azure-cli.rpm

bash scripts/release/docker/pipeline.sh
displayName: 'Build Docker'

- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
displayName: 'SBOM'
inputs:
BuildDropPath: $(Build.ArtifactStagingDirectory)
DockerImagesToScan: 'clibuild$BUILD_BUILDNUMBER:latest'

- task: PublishPipelineArtifact@0
inputs:
TargetPath: $(Build.ArtifactStagingDirectory)
ArtifactName: $(artifactName)

- job: TestDockerImageAzureLinux
displayName: Test Docker Image Azure Linux
dependsOn:
- BuildDockerImageAzureLinux
- ExtractMetadata
strategy:
matrix:
${{ each arch in parameters.architectures }}:
Mariner 2.0 ${{ arch.name }}:
pool: ${{ arch.pool }}
artifactName: docker-mariner2.0-${{ arch.value }}
pool:
name: $(pool)
steps:
- task: DownloadPipelineArtifact@1
displayName: 'Download Metadata'
inputs:
TargetPath: '$(Build.ArtifactStagingDirectory)/metadata'
artifactName: metadata

- task: DownloadPipelineArtifact@1
displayName: 'Download Docker Image'
inputs:
TargetPath: '$(Build.ArtifactStagingDirectory)/docker'
artifactName: $(artifactName)

- bash: ./scripts/ci/install_docker.sh
displayName: Install Docker

- bash: |
set -exv

CLI_VERSION=`cat $SYSTEM_ARTIFACTSDIRECTORY/metadata/version`
IMAGE_NAME=clibuild$BUILD_BUILDNUMBER:latest
TAR_FILE=$SYSTEM_ARTIFACTSDIRECTORY/docker/docker-azure-cli-$CLI_VERSION.tar

echo "== Test docker image =="

docker load < $TAR_FILE
docker run $IMAGE_NAME /bin/bash -c "time az self-test && time az --version && sleep 5"
displayName: 'Bash Script'

- job: BuildPythonWheel
displayName: Build Python Wheels

Expand Down Expand Up @@ -1098,8 +1174,10 @@ jobs:
- VerifyVersions
- BuildWindowsMSI
- TestMsiInstallation
- BuildDockerImage
- TestDockerImage
- BuildDockerImageAlpine
- TestDockerImageAlpine
- BuildDockerImageAzureLinux
- TestDockerImageAzureLinux
- BuildPythonWheel
- TestPythonWheel
- TestCore
Expand Down
1 change: 1 addition & 0 deletions scripts/release/docker/pipeline.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ docker build --no-cache \
--build-arg BUILD_DATE="`date -u +"%Y-%m-%dT%H:%M:%SZ"`" \
--build-arg CLI_VERSION=$CLI_VERSION \
--tag $IMAGE_NAME:latest \
--file $DOCKERFILE \
$BUILD_SOURCESDIRECTORY

docker save -o "$BUILD_STAGINGDIRECTORY/docker-azure-cli-${CLI_VERSION}.tar" $IMAGE_NAME:latest