From 508600482c70fef73d986934df599ff2752cbc30 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Fri, 12 Dec 2025 15:45:53 -0800 Subject: [PATCH 01/19] init --- .devops/build.yml | 211 ++++++++++++--------------- .devops/templates/annotate-image.yml | 88 +++++++++++ scripts/build-image.sh | 20 ++- scripts/image-annotation.sh | 69 ++++++--- 4 files changed, 245 insertions(+), 143 deletions(-) create mode 100644 .devops/templates/annotate-image.yml diff --git a/.devops/build.yml b/.devops/build.yml index f6577b2..ec46f8d 100644 --- a/.devops/build.yml +++ b/.devops/build.yml @@ -20,8 +20,9 @@ parameters: type: string - name: feed type: string - - name: package + - name: az_package type: string + displayName: "Oras package name" - name: jobs type: object default: @@ -128,6 +129,8 @@ extends: stages: - stage: build_internal displayName: "Build Internal" + variables: + ACR_NAME: msopenjdk jobs: - job: build_internal displayName: "build internal" @@ -137,40 +140,22 @@ extends: strategy: matrix: ${{ parameters.jobs }} steps: - - task: AzureCLI@2 - displayName: "Download ORAS" - condition: ne( variables['new_LTS_image'], true) - inputs: - azureSubscription: "JEG-Infrastructure" - scriptType: "bash" - scriptLocation: "scriptPath" - scriptPath: $(Build.SourcesDirectory)/scripts/install-oras.sh - env: - AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) - ORAS_VERSION: 1.1.0 - ORGANIZATION: ${{ parameters.organization }} - FEED: ${{ parameters.feed }} - NAME: ${{ parameters.package }} + - template: /.devops/templates/annotate-image.yml@self + parameters: + registry: $(ACR_REGISTRY) + tag: $(version)-$(distro) + organization: ${{ parameters.organization }} + feed: ${{ parameters.feed }} + package: ${{ parameters.az_package }} - bash: | - REGISTRIES=msopenjdk.azurecr.io/internal/private/openjdk/jdk:$(version)-$(distro) + REGISTRIES=$(INTERNAL_ACR_REGISTRY):$(version)-$(distro) if [[ "$(distro)" == "azurelinux" ]]; then - REGISTRIES+=";msopenjdk.azurecr.io/internal/private/openjdk/jdk:$(version)-mariner" + REGISTRIES+=";$(INTERNAL_ACR_REGISTRY):$(version)-mariner" fi echo "##vso[task.setvariable variable=REGISTRIES]$REGISTRIES" displayName: Set REGISTRIES variable - - task: AzureCLI@2 - displayName: Annotate previous image - condition: ne( variables['new_LTS_image'], true) - inputs: - azureSubscription: "JEG-Infrastructure" - scriptType: "bash" - scriptLocation: "scriptPath" - scriptPath: $(Build.SourcesDirectory)/scripts/image-annotation.sh - env: - ACR_NAME: msopenjdk - REGISTRIES: $(REGISTRIES) - task: AzureCLI@2 inputs: azureSubscription: "JEG-Infrastructure" @@ -187,97 +172,89 @@ extends: INSTALLER_IMAGE: $(installer_image) INSTALLER_TAG: $(installer_tag) - - stage: validate_and_publish - displayName: "Validate & Publish" - dependsOn: build_internal - jobs: - - job: wait_for_validation - displayName: wait for validation - pool: server - steps: - - task: ManualValidation@0 - # 3 days - timeoutInMinutes: 4320 - inputs: - instructions: "please validate the build configuration, artifacts, tests, and resume" - onTimeout: "resume" + # - stage: validate_and_publish + # displayName: "Validate & Publish" + # dependsOn: build_internal + # jobs: + # - job: wait_for_validation + # displayName: wait for validation + # pool: server + # steps: + # - task: ManualValidation@0 + # # 3 days + # timeoutInMinutes: 4320 + # inputs: + # instructions: "please validate the build configuration, artifacts, tests, and resume" + # onTimeout: "resume" - - job: build_public - displayName: "build public " - dependsOn: wait_for_validation - pool: - name: JEG-azurelinux-x64-release - os: linux - strategy: - matrix: ${{ parameters.jobs }} - steps: - - task: AzureCLI@2 - displayName: "Download ORAS" - condition: ne( variables['new_LTS_image'], true) - inputs: - azureSubscription: "JEG-Infrastructure" - scriptType: "bash" - scriptLocation: "scriptPath" - scriptPath: $(Build.SourcesDirectory)/scripts/install-oras.sh - env: - AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) - ORAS_VERSION: 1.1.0 - ORGANIZATION: ${{ parameters.organization }} - FEED: ${{ parameters.feed }} - NAME: ${{ parameters.package }} + # - template: /.devops/annotate-image.yml@self + # parameters: + # registry: $(ACR_REGISTRY) + # tag: $(version)-$(distro) + # organization: ${{ parameters.organization }} + # feed: ${{ parameters.feed }} + # package: ${{ parameters.az_package }} - - bash: | - REGISTRIES=msopenjdk.azurecr.io/public/openjdk/jdk:$(version)-$(distro) - TAGS="$(version)-$(distro)" - if [[ "$(distro)" == "azurelinux" ]]; then - REGISTRIES+=";msopenjdk.azurecr.io/public/openjdk/jdk:$(version)-mariner" - fi - echo "##vso[task.setvariable variable=REGISTRIES]$REGISTRIES" - echo "##vso[task.setvariable variable=TAGS]$TAGS" - displayName: Set environment variables + # - ${{ if eq("$(distro)", "azurelinux") }}: + # - template: /.devops/annotate-image.yml@self + # parameters: + # registry: $(ACR_REGISTRY) + # tag: $(version)-mariner + # organization: ${{ parameters.organization }} + # feed: ${{ parameters.feed }} + # package: ${{ parameters.az_package }} - - task: AzureCLI@2 - displayName: Annotate previous image - condition: ne( variables['new_LTS_image'], true) - inputs: - azureSubscription: "JEG-Infrastructure" - scriptType: "bash" - scriptLocation: "scriptPath" - scriptPath: $(Build.SourcesDirectory)/scripts/image-annotation.sh - env: - ACR_NAME: msopenjdk - REGISTRIES: $(REGISTRIES) + # - job: build_public + # displayName: "build public " + # dependsOn: wait_for_validation + # pool: + # name: JEG-azurelinux-x64-release + # os: linux + # strategy: + # matrix: ${{ parameters.jobs }} + # steps: + # - bash: | + # REGISTRIES=$(ACR_REGISTRY):$(version)-$(distro) + # TAGS="$(version)-$(distro)" - - task: AzureCLI@2 - inputs: - azureSubscription: "JEG-Infrastructure" - scriptType: "bash" - scriptLocation: "scriptPath" - scriptPath: scripts/build-image.sh - displayName: build image - env: - REGISTRY_TAGS: $(REGISTRIES) - IMAGE: $(image) - TAG: $(tag) - PACKAGE: $(package) - DISTRIBUTION: $(distro) - INSTALLER_IMAGE: $(installer_image) - INSTALLER_TAG: $(installer_tag) + # if [[ "$(distro)" == "azurelinux" ]]; then + # REGISTRIES+=";$(ACR_REGISTRY):$(version)-mariner" + # fi - - task: AzureCLI@2 - displayName: Trigger image signing - env: - AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) - inputs: - azureSubscription: "JEG-Infrastructure" - scriptType: "bash" - scriptLocation: "inlineScript" - inlineScript: | - az pipelines run \ - --branch main \ - --org ${{ parameters.organization }} \ - --project $(OPENJDK_PROJECT) \ - --id $(OPENJDK_SIGNING_ID) \ - --parameters openjdk_tags="[$(TAGS)]" \ - image_registry="msopenjdk.azurecr.io/public/openjdk" \ - image_name="jdk" + # echo "##vso[task.setvariable variable=REGISTRIES]$REGISTRIES" + # echo "##vso[task.setvariable variable=TAGS]$TAGS" + # displayName: Set environment variables + + # - task: AzureCLI@2 + # inputs: + # azureSubscription: "JEG-Infrastructure" + # scriptType: "bash" + # scriptLocation: "scriptPath" + # scriptPath: scripts/build-image.sh + # displayName: Build image + # env: + # REGISTRY_TAGS: $(REGISTRIES) + # IMAGE: $(image) + # TAG: $(tag) + # PACKAGE: $(package) + # DISTRIBUTION: $(distro) + # INSTALLER_IMAGE: $(installer_image) + # INSTALLER_TAG: $(installer_tag) + + # - task: AzureCLI@2 + # displayName: Trigger image signing + # env: + # AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) + # inputs: + # azureSubscription: "JEG-Infrastructure" + # scriptType: "bash" + # scriptLocation: "inlineScript" + # inlineScript: | + # az pipelines run \ + # --branch main \ + # --org ${{ parameters.organization }} \ + # --project $(OPENJDK_PROJECT) \ + # --id $(OPENJDK_SIGNING_ID) \ + # --parameters openjdk_tags="[$(TAGS)]" \ + # image_registry="$(ACR_REGISTRY)" \ + # image_name="jdk" diff --git a/.devops/templates/annotate-image.yml b/.devops/templates/annotate-image.yml new file mode 100644 index 0000000..aa3486e --- /dev/null +++ b/.devops/templates/annotate-image.yml @@ -0,0 +1,88 @@ +# Do not call this if we have a new LTS image to support. There will be no image to EOL +parameters: + - name: registry + type: string + - name: tag + type: string + - name: organization + type: string + - name: feed + type: string + - name: package + type: string + - name: id + type: string + +steps: + - task: AzureCLI@2 + displayName: Download ORAS + inputs: + azureSubscription: "JEG-Infrastructure" + scriptType: "bash" + scriptLocation: "scriptPath" + scriptPath: $(Build.SourcesDirectory)/scripts/install-oras.sh + env: + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) + ORAS_VERSION: 1.1.0 + ORGANIZATION: ${{ parameters.organization }} + FEED: ${{ parameters.feed }} + NAME: ${{ parameters.package }} + + - task: AzureCLI@2 + displayName: Gather container image manifests + inputs: + azureSubscription: "JEG-Infrastructure" + scriptType: "bash" + scriptLocation: "inline" + script: | + az acr login --name $(ACR_NAME) + manifest=$(az acr manifest show ${{ parameters.registry }}/${{ parameters.tag }} -o json) + echo "##vso[task.setvariable variable=manifest]$manifest" + + - task: PythonScript@0 + displayName: Output image digest + inputs: + scriptSource: 'inline' + script: | + import json + + amd64_digest = "" + arm64_digest = "" + manifest = json.loads(r'''$(manifest)''') + + for descriptor in manifest['manifests']: + if descriptor['platform']['architecture'] == 'amd64': + amd64_digest = descriptor['digest'] + elif descriptor['platform']['architecture'] == 'arm64': + arm64_digest = descriptor['digest'] + + # Theoretically, we should always have both, but log a warning in the event one is not found + if not amd64_digest or not arm64_digest: + print(f"##vso[task.logissue type=warning]Missing one of amd64_digest: {amd64_digest} or arm64_digest: {arm64_digest}.") + + print(f"##vso[task.setvariable variable=imageDigestAmd64]{amd64_digest}") + print(f"##vso[task.setvariable variable=imageDigestArm64]{arm64_digest}") + + - task: AzureCLI@2 + displayName: Annotate amd64 $(imageDigestAmd64) as EOL + inputs: + azureSubscription: "JEG-Infrastructure" + scriptType: "bash" + scriptLocation: "scriptPath" + scriptPath: $(Build.SourcesDirectory)/scripts/image-annotation.sh + arguments: > + -r ${{ parameters.registry }} + -i jdk + -d $(imageDigestAmd64) + + - task: AzureCLI@2 + displayName: Annotate arm64 $(imageDigestArm64) as EOL + inputs: + azureSubscription: "JEG-Infrastructure" + scriptType: "bash" + scriptLocation: "scriptPath" + scriptPath: $(Build.SourcesDirectory)/scripts/image-annotation.sh + arguments: > + -r ${{ parameters.registry }} + -i jdk + -d $(imageDigestArm64) \ No newline at end of file diff --git a/scripts/build-image.sh b/scripts/build-image.sh index 16628dc..9379d05 100644 --- a/scripts/build-image.sh +++ b/scripts/build-image.sh @@ -1,6 +1,12 @@ #!/bin/bash az acr login -n junipercontainerregistry -docker buildx create --name mybuilder --driver docker-container --driver-opt image=junipercontainerregistry.azurecr.io/mirror/moby/buildkit --platform linux/amd64,linux/arm64 --use + +docker buildx create \ + --name mybuilder \ + --driver docker-container \ + --driver-opt image=junipercontainerregistry.azurecr.io/mirror/moby/buildkit \ + --platform linux/amd64,linux/arm64 \ + --use az acr login -n msopenjdk @@ -15,4 +21,14 @@ REGISTRY_TAGS="-t ${REGISTRY_TAGS/;/ -t }" # To push to a registry use --push # To build locally use --output=type=image,push=false echo "docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} ${REGISTRY_TAGS} -f docker/$DISTRIBUTION/Dockerfile.$PACKAGE-jdk . --push" -docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} ${REGISTRY_TAGS} -f docker/$DISTRIBUTION/Dockerfile.$PACKAGE-jdk . --push \ No newline at end of file + +docker buildx build \ + --platform linux/amd64,linux/arm64 \ + ${BUILD_ARGS} \ + ${REGISTRY_TAGS} \ + -f docker/$DISTRIBUTION/Dockerfile.$PACKAGE-jdk . \ + --metadata-file metadata.json \ + --push + +containerImageDigest=$(cat metadata.json | grep -oP ('?<="containerimage.digest": ")[^"]+')) +echo "##vso[task.setvariable variable=containerImageDigest]$containerImageDigest" \ No newline at end of file diff --git a/scripts/image-annotation.sh b/scripts/image-annotation.sh index 5e5a277..ec8bc8b 100644 --- a/scripts/image-annotation.sh +++ b/scripts/image-annotation.sh @@ -1,36 +1,57 @@ #!/bin/bash -az acr login -n msopenjdk +az acr login -n "$ACR_NAME" if [[ $? -ne 0 ]]; then echo "Failed to login to ACR" exit 1 fi -IFS=';' read -ra REGISTRIES_ARRAY <<< "$REGISTRIES" - -for REGISTRY in "${REGISTRIES_ARRAY[@]}"; do - echo "Pulling... $REGISTRY" +while getopts "r:i:d:" opt; do + case $opt in + r) registry="$OPTARG" ;; + i) image="$OPTARG" ;; + d) digest="$OPTARG" ;; + *) echo "Invalid option: -$OPTARG" ;; + esac +done + +# IFS=';' read -ra REGISTRIES_ARRAY <<< "$REGISTRIES" + +# for REGISTRY in "${REGISTRIES_ARRAY[@]}"; do +# echo "Pulling... $REGISTRY" +# echo "Pulling... $registry/$image@$digest" + +# docker pull "$registry/$image@$digest" +# if [[ $? -ne 0 ]]; then +# echo "Failed to pull image $registry/$tag" +# exit 1 +# fi + +# manifest=$(docker image inspect "$registry/$tag" | jq) +# digest=$(echo $manifest | jq '.[0].RepoDigests[0]') +# digest=${digest//\"/} + +if [[ -z "$digest" ]]; then + echo "##vso[task.logissue type=warning]Digest is empty or null. Skipping annotation." + exit 0 +fi - docker pull "$REGISTRY" - if [[ $? -ne 0 ]]; then - echo "Failed to pull image $REGISTRY" - exit 1 - fi +endOfLifeDate=$(date "+%Y-%m-%d") - manifest=$(docker image inspect "$REGISTRY" | jq) - digest=$(echo $manifest | jq '.[0].RepoDigests[0]') - digest=${digest//\"/} - endOfLifeDate=$(date "+%Y-%m-%d") +echo "Annotating image $registry/$image@$digest with end-of-life date $endOfLifeDate" +oras attach \ +--artifact-type "application/vnd.microsoft.artifact.lifecycle" \ +--annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=${endOfLifeDate}T00:00:00Z" \ +$registry/$image@$digest --verbose - echo "Annotating image $digest with end-of-life date $endOfLifeDate" - oras attach \ - --artifact-type "application/vnd.microsoft.artifact.lifecycle" \ - --annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=${endOfLifeDate}T00:00:00Z" \ - $digest --verbose +# oras attach \ +# --artifact-type "application/vnd.microsoft.artifact.lifecycle" \ +# --annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=${endOfLifeDate}T00:00:00Z" \ +# $digest --verbose - if [[ $? -ne 0 ]]; then - echo "Failed to annotate image!" - exit 1 - fi +if [[ $? -ne 0 ]]; then + echo "Failed to annotate image!" + exit 1 +fi -done \ No newline at end of file +# done \ No newline at end of file From ee091d2e2f326e9cefc325c437628180dbef95e6 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Fri, 12 Dec 2025 15:47:42 -0800 Subject: [PATCH 02/19] wip --- .devops/templates/annotate-image.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.devops/templates/annotate-image.yml b/.devops/templates/annotate-image.yml index aa3486e..1c257fa 100644 --- a/.devops/templates/annotate-image.yml +++ b/.devops/templates/annotate-image.yml @@ -10,8 +10,6 @@ parameters: type: string - name: package type: string - - name: id - type: string steps: - task: AzureCLI@2 From ab988ae3e3e90850c1d76e6e53700fdc7dd27fae Mon Sep 17 00:00:00 2001 From: joe-braley Date: Mon, 15 Dec 2025 08:45:37 -0800 Subject: [PATCH 03/19] Wip: correct registry --- .devops/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devops/build.yml b/.devops/build.yml index ec46f8d..8733bb4 100644 --- a/.devops/build.yml +++ b/.devops/build.yml @@ -142,7 +142,7 @@ extends: steps: - template: /.devops/templates/annotate-image.yml@self parameters: - registry: $(ACR_REGISTRY) + registry: $(INTERNAL_ACR_REGISTRY) tag: $(version)-$(distro) organization: ${{ parameters.organization }} feed: ${{ parameters.feed }} From 05db721de2a0430617a07eb9228fc64456e59505 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Mon, 15 Dec 2025 11:05:13 -0800 Subject: [PATCH 04/19] add dryrun function --- .devops/build.yml | 9 ++++++ .devops/templates/annotate-image.yml | 33 ++++++++++++++++------ scripts/build-image.sh | 29 +++++++++++-------- scripts/image-annotation.sh | 42 +++++++++++++++------------- 4 files changed, 75 insertions(+), 38 deletions(-) diff --git a/.devops/build.yml b/.devops/build.yml index 8733bb4..4f45317 100644 --- a/.devops/build.yml +++ b/.devops/build.yml @@ -23,6 +23,10 @@ parameters: - name: az_package type: string displayName: "Oras package name" + - name: dryrun + displayName: "Execute a dry run?" + type: boolean + default: false - name: jobs type: object default: @@ -147,6 +151,7 @@ extends: organization: ${{ parameters.organization }} feed: ${{ parameters.feed }} package: ${{ parameters.az_package }} + dryrun: ${{ parameters.dryrun }} - bash: | REGISTRIES=$(INTERNAL_ACR_REGISTRY):$(version)-$(distro) @@ -171,6 +176,10 @@ extends: DISTRIBUTION: $(distro) INSTALLER_IMAGE: $(installer_image) INSTALLER_TAG: $(installer_tag) + ${{ if eq(parameters.dryrun, true) }}: + DRYRUN: "true" + ${{ else }}: + DRYRUN: "false" # - stage: validate_and_publish # displayName: "Validate & Publish" diff --git a/.devops/templates/annotate-image.yml b/.devops/templates/annotate-image.yml index 1c257fa..a4cf425 100644 --- a/.devops/templates/annotate-image.yml +++ b/.devops/templates/annotate-image.yml @@ -10,6 +10,9 @@ parameters: type: string - name: package type: string + - name: dryrun + type: boolean + default: false steps: - task: AzureCLI@2 @@ -68,10 +71,17 @@ steps: scriptType: "bash" scriptLocation: "scriptPath" scriptPath: $(Build.SourcesDirectory)/scripts/image-annotation.sh - arguments: > - -r ${{ parameters.registry }} - -i jdk - -d $(imageDigestAmd64) + ${{ if eq(parameters.dryrun, true) }}: + arguments: > + -r ${{ parameters.registry }} + -i jdk + -m $(imageDigestAmd64) + -d + ${{ else }}: + arguments: > + -r ${{ parameters.registry }} + -i jdk + -m $(imageDigestAmd64) - task: AzureCLI@2 displayName: Annotate arm64 $(imageDigestArm64) as EOL @@ -80,7 +90,14 @@ steps: scriptType: "bash" scriptLocation: "scriptPath" scriptPath: $(Build.SourcesDirectory)/scripts/image-annotation.sh - arguments: > - -r ${{ parameters.registry }} - -i jdk - -d $(imageDigestArm64) \ No newline at end of file + ${{ if eq(parameters.dryrun, true) }}: + arguments: > + -r ${{ parameters.registry }} + -i jdk + -m $(imageDigestArm64) + -d + ${{ else }}: + arguments: > + -r ${{ parameters.registry }} + -i jdk + -m $(imageDigestArm64) \ No newline at end of file diff --git a/scripts/build-image.sh b/scripts/build-image.sh index 9379d05..91685e6 100644 --- a/scripts/build-image.sh +++ b/scripts/build-image.sh @@ -20,15 +20,22 @@ REGISTRY_TAGS="-t ${REGISTRY_TAGS/;/ -t }" # To push to a registry use --push # To build locally use --output=type=image,push=false -echo "docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} ${REGISTRY_TAGS} -f docker/$DISTRIBUTION/Dockerfile.$PACKAGE-jdk . --push" -docker buildx build \ - --platform linux/amd64,linux/arm64 \ - ${BUILD_ARGS} \ - ${REGISTRY_TAGS} \ - -f docker/$DISTRIBUTION/Dockerfile.$PACKAGE-jdk . \ - --metadata-file metadata.json \ - --push - -containerImageDigest=$(cat metadata.json | grep -oP ('?<="containerimage.digest": ")[^"]+')) -echo "##vso[task.setvariable variable=containerImageDigest]$containerImageDigest" \ No newline at end of file +if [[ "$DRY_RUN" == "true" ]]; then + echo "[DRY-RUN] Running in dry-run mode. No changes will be made." + echo "[DRY-RUN] Command that would be executed:" + echo "docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} ${REGISTRY_TAGS} -f docker/$DISTRIBUTION/Dockerfile.$PACKAGE-jdk . --metadata-file metadata.json --push" +else + echo "docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} ${REGISTRY_TAGS} -f docker/$DISTRIBUTION/Dockerfile.$PACKAGE-jdk . --push" + + docker buildx build \ + --platform linux/amd64,linux/arm64 \ + ${BUILD_ARGS} \ + ${REGISTRY_TAGS} \ + -f docker/$DISTRIBUTION/Dockerfile.$PACKAGE-jdk . \ + --metadata-file metadata.json \ + --push + + containerImageDigest=$(cat metadata.json | grep -oP ('?<="containerimage.digest": ")[^"]+')) + echo "##vso[task.setvariable variable=containerImageDigest]$containerImageDigest" +fi \ No newline at end of file diff --git a/scripts/image-annotation.sh b/scripts/image-annotation.sh index ec8bc8b..d44658f 100644 --- a/scripts/image-annotation.sh +++ b/scripts/image-annotation.sh @@ -6,11 +6,14 @@ if [[ $? -ne 0 ]]; then exit 1 fi -while getopts "r:i:d:" opt; do +debug=false + +while getopts "r:i:m:d" opt; do case $opt in r) registry="$OPTARG" ;; i) image="$OPTARG" ;; - d) digest="$OPTARG" ;; + m) manifest="$OPTARG" ;; + d) debug=true ;; *) echo "Invalid option: -$OPTARG" ;; esac done @@ -31,27 +34,28 @@ done # digest=$(echo $manifest | jq '.[0].RepoDigests[0]') # digest=${digest//\"/} -if [[ -z "$digest" ]]; then - echo "##vso[task.logissue type=warning]Digest is empty or null. Skipping annotation." - exit 0 +if [[ -z "$manifest" ]]; then + echo "##vso[task.logissue type=error]Container image manifest is empty or null. Unable to add annotation!" fi endOfLifeDate=$(date "+%Y-%m-%d") -echo "Annotating image $registry/$image@$digest with end-of-life date $endOfLifeDate" -oras attach \ ---artifact-type "application/vnd.microsoft.artifact.lifecycle" \ ---annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=${endOfLifeDate}T00:00:00Z" \ -$registry/$image@$digest --verbose - -# oras attach \ -# --artifact-type "application/vnd.microsoft.artifact.lifecycle" \ -# --annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=${endOfLifeDate}T00:00:00Z" \ -# $digest --verbose - -if [[ $? -ne 0 ]]; then - echo "Failed to annotate image!" - exit 1 +echo "Annotating image $registry/$image@$manifest with end-of-life date $endOfLifeDate" + +if [[ "$debug" == "true" ]]; then + echo "[DRY-RUN] Running in dry-run mode. No changes will be made." + echo "[DRY-RUN] Command that would be executed:" + echo "oras attach --artifact-type \"application/vnd.microsoft.artifact.lifecycle\" --annotation \"vnd.microsoft.artifact.lifecycle.end-of-life.date=${endOfLifeDate}T00:00:00Z\" $registry/$image@$manifest --verbose" +else + oras attach \ + --artifact-type "application/vnd.microsoft.artifact.lifecycle" \ + --annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=${endOfLifeDate}T00:00:00Z" \ + $registry/$image@$manifest --verbose + + if [[ $? -ne 0 ]]; then + echo "Failed to annotate image!" + exit 1 + fi fi # done \ No newline at end of file From 6eeb351abe7aac57cd1ea23013f151b094adb484 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Mon, 15 Dec 2025 11:08:16 -0800 Subject: [PATCH 05/19] Wip: fix running inline script --- .devops/templates/annotate-image.yml | 4 ++-- scripts/build-image.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.devops/templates/annotate-image.yml b/.devops/templates/annotate-image.yml index a4cf425..430b4b0 100644 --- a/.devops/templates/annotate-image.yml +++ b/.devops/templates/annotate-image.yml @@ -34,7 +34,7 @@ steps: inputs: azureSubscription: "JEG-Infrastructure" scriptType: "bash" - scriptLocation: "inline" + scriptLocation: "inlineScript" script: | az acr login --name $(ACR_NAME) manifest=$(az acr manifest show ${{ parameters.registry }}/${{ parameters.tag }} -o json) @@ -43,7 +43,7 @@ steps: - task: PythonScript@0 displayName: Output image digest inputs: - scriptSource: 'inline' + scriptSource: 'inlineScript' script: | import json diff --git a/scripts/build-image.sh b/scripts/build-image.sh index 91685e6..d39efde 100644 --- a/scripts/build-image.sh +++ b/scripts/build-image.sh @@ -36,6 +36,6 @@ else --metadata-file metadata.json \ --push - containerImageDigest=$(cat metadata.json | grep -oP ('?<="containerimage.digest": ")[^"]+')) + containerImageDigest=$(cat metadata.json | grep -oP '(?<="containerimage.digest": ")[^"]+') echo "##vso[task.setvariable variable=containerImageDigest]$containerImageDigest" fi \ No newline at end of file From 26d8d0ba6817ae6d05bc6dfe1e0b58e986f8082e Mon Sep 17 00:00:00 2001 From: joe-braley Date: Mon, 15 Dec 2025 11:18:13 -0800 Subject: [PATCH 06/19] fix AzCLI task --- .devops/templates/annotate-image.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.devops/templates/annotate-image.yml b/.devops/templates/annotate-image.yml index 430b4b0..139661c 100644 --- a/.devops/templates/annotate-image.yml +++ b/.devops/templates/annotate-image.yml @@ -34,8 +34,8 @@ steps: inputs: azureSubscription: "JEG-Infrastructure" scriptType: "bash" - scriptLocation: "inlineScript" - script: | + scriptLocation: inlineScript + inlineScript: | az acr login --name $(ACR_NAME) manifest=$(az acr manifest show ${{ parameters.registry }}/${{ parameters.tag }} -o json) echo "##vso[task.setvariable variable=manifest]$manifest" @@ -43,7 +43,7 @@ steps: - task: PythonScript@0 displayName: Output image digest inputs: - scriptSource: 'inlineScript' + scriptSource: 'inline' script: | import json From 07a48b2c3562dc597e54023dbfcd44b001331973 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Mon, 15 Dec 2025 11:26:53 -0800 Subject: [PATCH 07/19] wip: fix formatting --- .devops/templates/annotate-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devops/templates/annotate-image.yml b/.devops/templates/annotate-image.yml index 139661c..f2f459b 100644 --- a/.devops/templates/annotate-image.yml +++ b/.devops/templates/annotate-image.yml @@ -37,7 +37,7 @@ steps: scriptLocation: inlineScript inlineScript: | az acr login --name $(ACR_NAME) - manifest=$(az acr manifest show ${{ parameters.registry }}/${{ parameters.tag }} -o json) + manifest=$(az acr manifest show ${{ parameters.registry }}:${{ parameters.tag }} -o json) echo "##vso[task.setvariable variable=manifest]$manifest" - task: PythonScript@0 From 73bbd412cad6bd6370abf068a04c0080d0bff670 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Mon, 15 Dec 2025 11:32:09 -0800 Subject: [PATCH 08/19] Wip: single to double quotes for object --- .devops/templates/annotate-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devops/templates/annotate-image.yml b/.devops/templates/annotate-image.yml index f2f459b..d8c5a5a 100644 --- a/.devops/templates/annotate-image.yml +++ b/.devops/templates/annotate-image.yml @@ -49,7 +49,7 @@ steps: amd64_digest = "" arm64_digest = "" - manifest = json.loads(r'''$(manifest)''') + manifest = json.loads(r"""$(manifest)""") for descriptor in manifest['manifests']: if descriptor['platform']['architecture'] == 'amd64': From d2a1e60dbcb6d3223fc0088921ce4625dc4285e3 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Mon, 15 Dec 2025 13:07:25 -0800 Subject: [PATCH 09/19] Wip: Adjust how we parse manifest json --- .devops/templates/annotate-image.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.devops/templates/annotate-image.yml b/.devops/templates/annotate-image.yml index d8c5a5a..08f5913 100644 --- a/.devops/templates/annotate-image.yml +++ b/.devops/templates/annotate-image.yml @@ -42,14 +42,21 @@ steps: - task: PythonScript@0 displayName: Output image digest + env: + manifest: $(manifest) inputs: scriptSource: 'inline' script: | import json + import os amd64_digest = "" arm64_digest = "" - manifest = json.loads(r"""$(manifest)""") + manifest = json.loads(os.environ.get('manifest', {})) + + if not manifest: + print("##vso[task.logissue type=error]Container image manifest is empty or null. Unable to retrieve image digests!") + exit(1) for descriptor in manifest['manifests']: if descriptor['platform']['architecture'] == 'amd64': From da91ceb1438553a0a6c2d2e1eab466399ee93530 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Mon, 15 Dec 2025 13:23:11 -0800 Subject: [PATCH 10/19] Wip: condense output using jq --- .devops/templates/annotate-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devops/templates/annotate-image.yml b/.devops/templates/annotate-image.yml index 08f5913..26ab98e 100644 --- a/.devops/templates/annotate-image.yml +++ b/.devops/templates/annotate-image.yml @@ -37,7 +37,7 @@ steps: scriptLocation: inlineScript inlineScript: | az acr login --name $(ACR_NAME) - manifest=$(az acr manifest show ${{ parameters.registry }}:${{ parameters.tag }} -o json) + manifest=$(az acr manifest show ${{ parameters.registry }}:${{ parameters.tag }} -o json | jq -c .) echo "##vso[task.setvariable variable=manifest]$manifest" - task: PythonScript@0 From eddff852b38dd9e323bbe0b1a669c4fcd7e57d03 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Mon, 15 Dec 2025 13:45:16 -0800 Subject: [PATCH 11/19] Wip: Remove var names from displayname, quotes around bool condition --- .devops/build.yml | 3 ++- .devops/templates/annotate-image.yml | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.devops/build.yml b/.devops/build.yml index 4f45317..b79c4d7 100644 --- a/.devops/build.yml +++ b/.devops/build.yml @@ -13,6 +13,7 @@ trigger: exclude: - .devops - .github/workflows + pr: none parameters: @@ -176,7 +177,7 @@ extends: DISTRIBUTION: $(distro) INSTALLER_IMAGE: $(installer_image) INSTALLER_TAG: $(installer_tag) - ${{ if eq(parameters.dryrun, true) }}: + ${{ if eq(parameters.dryrun, 'true') }}: DRYRUN: "true" ${{ else }}: DRYRUN: "false" diff --git a/.devops/templates/annotate-image.yml b/.devops/templates/annotate-image.yml index 26ab98e..efdcf16 100644 --- a/.devops/templates/annotate-image.yml +++ b/.devops/templates/annotate-image.yml @@ -72,7 +72,7 @@ steps: print(f"##vso[task.setvariable variable=imageDigestArm64]{arm64_digest}") - task: AzureCLI@2 - displayName: Annotate amd64 $(imageDigestAmd64) as EOL + displayName: Annotate amd64 as EOL inputs: azureSubscription: "JEG-Infrastructure" scriptType: "bash" @@ -91,7 +91,7 @@ steps: -m $(imageDigestAmd64) - task: AzureCLI@2 - displayName: Annotate arm64 $(imageDigestArm64) as EOL + displayName: Annotate arm64 as EOL inputs: azureSubscription: "JEG-Infrastructure" scriptType: "bash" From b97c0d5ff93aa65090b665f057e2b9cc35653b23 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Mon, 15 Dec 2025 14:12:27 -0800 Subject: [PATCH 12/19] Wip: adjust parameter bool --- .devops/build.yml | 2 +- scripts/build-image.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.devops/build.yml b/.devops/build.yml index b79c4d7..446715c 100644 --- a/.devops/build.yml +++ b/.devops/build.yml @@ -177,7 +177,7 @@ extends: DISTRIBUTION: $(distro) INSTALLER_IMAGE: $(installer_image) INSTALLER_TAG: $(installer_tag) - ${{ if eq(parameters.dryrun, 'true') }}: + ${{ if eq(parameters.dryrun, true) }}: DRYRUN: "true" ${{ else }}: DRYRUN: "false" diff --git a/scripts/build-image.sh b/scripts/build-image.sh index d39efde..ddd9cb2 100644 --- a/scripts/build-image.sh +++ b/scripts/build-image.sh @@ -21,7 +21,7 @@ REGISTRY_TAGS="-t ${REGISTRY_TAGS/;/ -t }" # To push to a registry use --push # To build locally use --output=type=image,push=false -if [[ "$DRY_RUN" == "true" ]]; then +if [[ "$DRYRUN" == "true" ]]; then echo "[DRY-RUN] Running in dry-run mode. No changes will be made." echo "[DRY-RUN] Command that would be executed:" echo "docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} ${REGISTRY_TAGS} -f docker/$DISTRIBUTION/Dockerfile.$PACKAGE-jdk . --metadata-file metadata.json --push" From c54e7e617428bef0054c8e96a7e573e75923b848 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Mon, 15 Dec 2025 14:42:58 -0800 Subject: [PATCH 13/19] Wip: remove image from script --- .devops/build.yml | 1 - .devops/templates/annotate-image.yml | 4 ---- scripts/image-annotation.sh | 25 ++++--------------------- 3 files changed, 4 insertions(+), 26 deletions(-) diff --git a/.devops/build.yml b/.devops/build.yml index 446715c..c8ff21b 100644 --- a/.devops/build.yml +++ b/.devops/build.yml @@ -138,7 +138,6 @@ extends: ACR_NAME: msopenjdk jobs: - job: build_internal - displayName: "build internal" pool: name: JEG-azurelinux-x64-release os: linux diff --git a/.devops/templates/annotate-image.yml b/.devops/templates/annotate-image.yml index efdcf16..2c704c3 100644 --- a/.devops/templates/annotate-image.yml +++ b/.devops/templates/annotate-image.yml @@ -81,13 +81,11 @@ steps: ${{ if eq(parameters.dryrun, true) }}: arguments: > -r ${{ parameters.registry }} - -i jdk -m $(imageDigestAmd64) -d ${{ else }}: arguments: > -r ${{ parameters.registry }} - -i jdk -m $(imageDigestAmd64) - task: AzureCLI@2 @@ -100,11 +98,9 @@ steps: ${{ if eq(parameters.dryrun, true) }}: arguments: > -r ${{ parameters.registry }} - -i jdk -m $(imageDigestArm64) -d ${{ else }}: arguments: > -r ${{ parameters.registry }} - -i jdk -m $(imageDigestArm64) \ No newline at end of file diff --git a/scripts/image-annotation.sh b/scripts/image-annotation.sh index d44658f..3ef5ad7 100644 --- a/scripts/image-annotation.sh +++ b/scripts/image-annotation.sh @@ -8,49 +8,32 @@ fi debug=false -while getopts "r:i:m:d" opt; do +while getopts "r:m:d" opt; do case $opt in r) registry="$OPTARG" ;; - i) image="$OPTARG" ;; m) manifest="$OPTARG" ;; d) debug=true ;; *) echo "Invalid option: -$OPTARG" ;; esac done -# IFS=';' read -ra REGISTRIES_ARRAY <<< "$REGISTRIES" - -# for REGISTRY in "${REGISTRIES_ARRAY[@]}"; do -# echo "Pulling... $REGISTRY" -# echo "Pulling... $registry/$image@$digest" - -# docker pull "$registry/$image@$digest" -# if [[ $? -ne 0 ]]; then -# echo "Failed to pull image $registry/$tag" -# exit 1 -# fi - -# manifest=$(docker image inspect "$registry/$tag" | jq) -# digest=$(echo $manifest | jq '.[0].RepoDigests[0]') -# digest=${digest//\"/} - if [[ -z "$manifest" ]]; then echo "##vso[task.logissue type=error]Container image manifest is empty or null. Unable to add annotation!" fi endOfLifeDate=$(date "+%Y-%m-%d") -echo "Annotating image $registry/$image@$manifest with end-of-life date $endOfLifeDate" +echo "Annotating image $registry@$manifest with end-of-life date $endOfLifeDate" if [[ "$debug" == "true" ]]; then echo "[DRY-RUN] Running in dry-run mode. No changes will be made." echo "[DRY-RUN] Command that would be executed:" - echo "oras attach --artifact-type \"application/vnd.microsoft.artifact.lifecycle\" --annotation \"vnd.microsoft.artifact.lifecycle.end-of-life.date=${endOfLifeDate}T00:00:00Z\" $registry/$image@$manifest --verbose" + echo "oras attach --artifact-type \"application/vnd.microsoft.artifact.lifecycle\" --annotation \"vnd.microsoft.artifact.lifecycle.end-of-life.date=${endOfLifeDate}T00:00:00Z\" $registry@$manifest --verbose" else oras attach \ --artifact-type "application/vnd.microsoft.artifact.lifecycle" \ --annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=${endOfLifeDate}T00:00:00Z" \ - $registry/$image@$manifest --verbose + $registry@$manifest --verbose if [[ $? -ne 0 ]]; then echo "Failed to annotate image!" From 81c12e4ab7b50aa73a9f57a13b14af5b23208a33 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Tue, 16 Dec 2025 09:01:50 -0800 Subject: [PATCH 14/19] refactors --- .devops/build.yml | 62 ++++++++++++++++++----------------- scripts/build-image.sh | 64 ++++++++++++++++++++++++++++++------- scripts/image-annotation.sh | 7 ++-- 3 files changed, 89 insertions(+), 44 deletions(-) diff --git a/.devops/build.yml b/.devops/build.yml index c8ff21b..8632213 100644 --- a/.devops/build.yml +++ b/.devops/build.yml @@ -167,19 +167,26 @@ extends: scriptType: "bash" scriptLocation: "scriptPath" scriptPath: $(Build.SourcesDirectory)/scripts/build-image.sh - displayName: build image - env: - REGISTRY_TAGS: $(REGISTRIES) - IMAGE: $(image) - TAG: $(tag) - PACKAGE: $(package) - DISTRIBUTION: $(distro) - INSTALLER_IMAGE: $(installer_image) - INSTALLER_TAG: $(installer_tag) ${{ if eq(parameters.dryrun, true) }}: - DRYRUN: "true" + arguments: > + --image $(image) + --tag $(tag) + --package $(package) + --distribution $(distro) + --registries $(REGISTRIES) + --installer-image $(installer_image) + --installer-tag $(installer_tag) + --dryrun ${{ else }}: - DRYRUN: "false" + arguments: > + --image $(image) + --tag $(tag) + --package $(package) + --distribution $(distro) + --registries $(REGISTRIES) + --installer-image $(installer_image) + --installer-tag $(installer_tag) + displayName: build image # - stage: validate_and_publish # displayName: "Validate & Publish" @@ -196,23 +203,6 @@ extends: # instructions: "please validate the build configuration, artifacts, tests, and resume" # onTimeout: "resume" - # - template: /.devops/annotate-image.yml@self - # parameters: - # registry: $(ACR_REGISTRY) - # tag: $(version)-$(distro) - # organization: ${{ parameters.organization }} - # feed: ${{ parameters.feed }} - # package: ${{ parameters.az_package }} - - # - ${{ if eq("$(distro)", "azurelinux") }}: - # - template: /.devops/annotate-image.yml@self - # parameters: - # registry: $(ACR_REGISTRY) - # tag: $(version)-mariner - # organization: ${{ parameters.organization }} - # feed: ${{ parameters.feed }} - # package: ${{ parameters.az_package }} - # - job: build_public # displayName: "build public " # dependsOn: wait_for_validation @@ -222,6 +212,15 @@ extends: # strategy: # matrix: ${{ parameters.jobs }} # steps: + # - template: /.devops/templates/annotate-image.yml@self + # parameters: + # registry: $(INTERNAL_ACR_REGISTRY) + # tag: $(version)-$(distro) + # organization: ${{ parameters.organization }} + # feed: ${{ parameters.feed }} + # package: ${{ parameters.az_package }} + # dryrun: ${{ parameters.dryrun }} + # - bash: | # REGISTRIES=$(ACR_REGISTRY):$(version)-$(distro) # TAGS="$(version)-$(distro)" @@ -249,9 +248,14 @@ extends: # DISTRIBUTION: $(distro) # INSTALLER_IMAGE: $(installer_image) # INSTALLER_TAG: $(installer_tag) + # ${{ if eq(parameters.dryrun, true) }}: + # DRYRUN: "true" + # ${{ else }}: + # DRYRUN: "false" + # ${{ if ne(parameters.dryrun, true) }}: # - task: AzureCLI@2 - # displayName: Trigger image signing + # displayName: Trigger signing # env: # AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) # inputs: diff --git a/scripts/build-image.sh b/scripts/build-image.sh index ddd9cb2..b126bc0 100644 --- a/scripts/build-image.sh +++ b/scripts/build-image.sh @@ -1,5 +1,47 @@ #!/bin/bash + +dryRun=false + +while [[ "$#" -gt 0 ]]; do + case $1 in + -i | --image) + image="$2"; + shift 2 + ;; + -t | --tag) + tag="$2"; + shift 2 + ;; + -p | --package) + package="$2"; + shift 2 + ;; + -d | --distribution) + distro="$2"; + shift 2 + ;; + -r | --registries) + registryTags="$2"; + shift 2 + ;; + -D | --dryrun) + dryRun=true + shift + ;; + -I | --installer-image) + installerImg="$2"; + shift 2 + ;; + -T | --installer-tag) + installerTag="$2"; + shift 2 + ;; + *) echo "Unknown parameter passed: $1"; exit 1 ;; + esac +done + az acr login -n junipercontainerregistry +az acr login -n "$ACR_NAME" docker buildx create \ --name mybuilder \ @@ -8,34 +50,34 @@ docker buildx create \ --platform linux/amd64,linux/arm64 \ --use -az acr login -n msopenjdk -if [[ '$DISTRIBUTION' != 'distroless' ]]; then - BUILD_ARGS="--build-arg IMAGE=$IMAGE --build-arg TAG=$TAG --build-arg package=$PACKAGE" +if [[ "$distro" != "distroless" ]]; then + buildArgs="--build-arg IMAGE=$image --build-arg TAG=$tag --build-arg package=$package" else - BUILD_ARGS="--build-arg INSTALLER_IMAGE=$INSTALLER_IMAGE --build-arg INSTALLER_TAG=$INSTALLER_TAG --build-arg BASE_IMAGE=$(base_image) --build-arg BASE_TAG=$(base_tag) --build-arg package=$PACKAGE" + buildArgs="--build-arg INSTALLER_IMAGE=$installerImg --build-arg INSTALLER_TAG=$installerTag --build-arg BASE_IMAGE=$(base_image) --build-arg BASE_TAG=$(base_tag) --build-arg package=$package" fi -REGISTRY_TAGS="-t ${REGISTRY_TAGS/;/ -t }" +registryTags="-t ${registryTags/;/ -t }" # To push to a registry use --push # To build locally use --output=type=image,push=false -if [[ "$DRYRUN" == "true" ]]; then +if [[ "$dryRun" == true ]]; then echo "[DRY-RUN] Running in dry-run mode. No changes will be made." echo "[DRY-RUN] Command that would be executed:" - echo "docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} ${REGISTRY_TAGS} -f docker/$DISTRIBUTION/Dockerfile.$PACKAGE-jdk . --metadata-file metadata.json --push" + echo "docker buildx build --platform linux/amd64,linux/arm64 ${buildArgs} ${registryTags} -f docker/$distro/Dockerfile.$package-jdk . --metadata-file metadata.json --push" else - echo "docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} ${REGISTRY_TAGS} -f docker/$DISTRIBUTION/Dockerfile.$PACKAGE-jdk . --push" + echo "docker buildx build --platform linux/amd64,linux/arm64 ${buildArgs} ${registryTags} -f docker/$distro/Dockerfile.$package-jdk . --push" docker buildx build \ --platform linux/amd64,linux/arm64 \ - ${BUILD_ARGS} \ - ${REGISTRY_TAGS} \ - -f docker/$DISTRIBUTION/Dockerfile.$PACKAGE-jdk . \ + ${buildArgs} \ + ${registryTags} \ + -f docker/$distro/Dockerfile.$package-jdk . \ --metadata-file metadata.json \ --push containerImageDigest=$(cat metadata.json | grep -oP '(?<="containerimage.digest": ")[^"]+') echo "##vso[task.setvariable variable=containerImageDigest]$containerImageDigest" + rn metadata.json fi \ No newline at end of file diff --git a/scripts/image-annotation.sh b/scripts/image-annotation.sh index 3ef5ad7..a27c25f 100644 --- a/scripts/image-annotation.sh +++ b/scripts/image-annotation.sh @@ -25,7 +25,7 @@ endOfLifeDate=$(date "+%Y-%m-%d") echo "Annotating image $registry@$manifest with end-of-life date $endOfLifeDate" -if [[ "$debug" == "true" ]]; then +if [[ "$debug" == true ]]; then echo "[DRY-RUN] Running in dry-run mode. No changes will be made." echo "[DRY-RUN] Command that would be executed:" echo "oras attach --artifact-type \"application/vnd.microsoft.artifact.lifecycle\" --annotation \"vnd.microsoft.artifact.lifecycle.end-of-life.date=${endOfLifeDate}T00:00:00Z\" $registry@$manifest --verbose" @@ -33,12 +33,11 @@ else oras attach \ --artifact-type "application/vnd.microsoft.artifact.lifecycle" \ --annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=${endOfLifeDate}T00:00:00Z" \ - $registry@$manifest --verbose + $registry@$manifest \ + --verbose if [[ $? -ne 0 ]]; then echo "Failed to annotate image!" exit 1 fi fi - -# done \ No newline at end of file From 9d82606c8f05697281685af0e18850338ead78a0 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Tue, 16 Dec 2025 09:32:04 -0800 Subject: [PATCH 15/19] fix typo --- scripts/build-image.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/build-image.sh b/scripts/build-image.sh index b126bc0..4d4f84c 100644 --- a/scripts/build-image.sh +++ b/scripts/build-image.sh @@ -79,5 +79,5 @@ else containerImageDigest=$(cat metadata.json | grep -oP '(?<="containerimage.digest": ")[^"]+') echo "##vso[task.setvariable variable=containerImageDigest]$containerImageDigest" - rn metadata.json + rm metadata.json fi \ No newline at end of file From 2ae9c1c81ec1608a8f5c0cc4f1f91fc1ffc24310 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Tue, 16 Dec 2025 09:44:18 -0800 Subject: [PATCH 16/19] Wip: Adjust order of operations --- .devops/build.yml | 16 ++-- .devops/templates/annotate-image.yml | 76 +++++++++---------- .devops/templates/prepare-annotation.yml | 97 ++++++++++++++++++++++++ 3 files changed, 144 insertions(+), 45 deletions(-) create mode 100644 .devops/templates/prepare-annotation.yml diff --git a/.devops/build.yml b/.devops/build.yml index 8632213..9b4d8b1 100644 --- a/.devops/build.yml +++ b/.devops/build.yml @@ -144,14 +144,10 @@ extends: strategy: matrix: ${{ parameters.jobs }} steps: - - template: /.devops/templates/annotate-image.yml@self + - template: /.devops/templates/prepare-annotation.yml@self parameters: registry: $(INTERNAL_ACR_REGISTRY) tag: $(version)-$(distro) - organization: ${{ parameters.organization }} - feed: ${{ parameters.feed }} - package: ${{ parameters.az_package }} - dryrun: ${{ parameters.dryrun }} - bash: | REGISTRIES=$(INTERNAL_ACR_REGISTRY):$(version)-$(distro) @@ -186,7 +182,15 @@ extends: --registries $(REGISTRIES) --installer-image $(installer_image) --installer-tag $(installer_tag) - displayName: build image + displayName: build container image + + - template: /.devops/templates/annotate-image.yml@self + parameters: + registry: $(INTERNAL_ACR_REGISTRY) + organization: ${{ parameters.organization }} + feed: ${{ parameters.feed }} + package: ${{ parameters.az_package }} + dryrun: ${{ parameters.dryrun }} # - stage: validate_and_publish # displayName: "Validate & Publish" diff --git a/.devops/templates/annotate-image.yml b/.devops/templates/annotate-image.yml index 2c704c3..99045f6 100644 --- a/.devops/templates/annotate-image.yml +++ b/.devops/templates/annotate-image.yml @@ -2,8 +2,6 @@ parameters: - name: registry type: string - - name: tag - type: string - name: organization type: string - name: feed @@ -29,50 +27,50 @@ steps: FEED: ${{ parameters.feed }} NAME: ${{ parameters.package }} - - task: AzureCLI@2 - displayName: Gather container image manifests - inputs: - azureSubscription: "JEG-Infrastructure" - scriptType: "bash" - scriptLocation: inlineScript - inlineScript: | - az acr login --name $(ACR_NAME) - manifest=$(az acr manifest show ${{ parameters.registry }}:${{ parameters.tag }} -o json | jq -c .) - echo "##vso[task.setvariable variable=manifest]$manifest" + # - task: AzureCLI@2 + # displayName: Gather container image manifests + # inputs: + # azureSubscription: "JEG-Infrastructure" + # scriptType: "bash" + # scriptLocation: inlineScript + # inlineScript: | + # az acr login --name $(ACR_NAME) + # manifest=$(az acr manifest show ${{ parameters.registry }}:${{ parameters.tag }} -o json | jq -c .) + # echo "##vso[task.setvariable variable=manifest]$manifest" - - task: PythonScript@0 - displayName: Output image digest - env: - manifest: $(manifest) - inputs: - scriptSource: 'inline' - script: | - import json - import os + # - task: PythonScript@0 + # displayName: Output image digest + # env: + # manifest: $(manifest) + # inputs: + # scriptSource: 'inline' + # script: | + # import json + # import os - amd64_digest = "" - arm64_digest = "" - manifest = json.loads(os.environ.get('manifest', {})) + # amd64_digest = "" + # arm64_digest = "" + # manifest = json.loads(os.environ.get('manifest', {})) - if not manifest: - print("##vso[task.logissue type=error]Container image manifest is empty or null. Unable to retrieve image digests!") - exit(1) + # if not manifest: + # print("##vso[task.logissue type=error]Container image manifest is empty or null. Unable to retrieve image digests!") + # exit(1) - for descriptor in manifest['manifests']: - if descriptor['platform']['architecture'] == 'amd64': - amd64_digest = descriptor['digest'] - elif descriptor['platform']['architecture'] == 'arm64': - arm64_digest = descriptor['digest'] + # for descriptor in manifest['manifests']: + # if descriptor['platform']['architecture'] == 'amd64': + # amd64_digest = descriptor['digest'] + # elif descriptor['platform']['architecture'] == 'arm64': + # arm64_digest = descriptor['digest'] - # Theoretically, we should always have both, but log a warning in the event one is not found - if not amd64_digest or not arm64_digest: - print(f"##vso[task.logissue type=warning]Missing one of amd64_digest: {amd64_digest} or arm64_digest: {arm64_digest}.") + # # Theoretically, we should always have both, but log a warning in the event one is not found + # if not amd64_digest or not arm64_digest: + # print(f"##vso[task.logissue type=warning]Missing one of amd64_digest: {amd64_digest} or arm64_digest: {arm64_digest}.") - print(f"##vso[task.setvariable variable=imageDigestAmd64]{amd64_digest}") - print(f"##vso[task.setvariable variable=imageDigestArm64]{arm64_digest}") + # print(f"##vso[task.setvariable variable=imageDigestAmd64]{amd64_digest}") + # print(f"##vso[task.setvariable variable=imageDigestArm64]{arm64_digest}") - task: AzureCLI@2 - displayName: Annotate amd64 as EOL + displayName: Annotate previous amd64 as EOL inputs: azureSubscription: "JEG-Infrastructure" scriptType: "bash" @@ -89,7 +87,7 @@ steps: -m $(imageDigestAmd64) - task: AzureCLI@2 - displayName: Annotate arm64 as EOL + displayName: Annotate previous arm64 as EOL inputs: azureSubscription: "JEG-Infrastructure" scriptType: "bash" diff --git a/.devops/templates/prepare-annotation.yml b/.devops/templates/prepare-annotation.yml new file mode 100644 index 0000000..2940fa5 --- /dev/null +++ b/.devops/templates/prepare-annotation.yml @@ -0,0 +1,97 @@ +# Do not call this if we have a new LTS image to support. There will be no image to EOL +parameters: + - name: registry + type: string + - name: tag + type: string + +steps: + # - task: AzureCLI@2 + # displayName: Download ORAS + # inputs: + # azureSubscription: "JEG-Infrastructure" + # scriptType: "bash" + # scriptLocation: "scriptPath" + # scriptPath: $(Build.SourcesDirectory)/scripts/install-oras.sh + # env: + # AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) + # ORAS_VERSION: 1.1.0 + # ORGANIZATION: ${{ parameters.organization }} + # FEED: ${{ parameters.feed }} + # NAME: ${{ parameters.package }} + + - task: AzureCLI@2 + displayName: Gather container image manifests + inputs: + azureSubscription: "JEG-Infrastructure" + scriptType: "bash" + scriptLocation: inlineScript + inlineScript: | + az acr login --name $(ACR_NAME) + manifest=$(az acr manifest show ${{ parameters.registry }}:${{ parameters.tag }} -o json | jq -c .) + echo "##vso[task.setvariable variable=manifest]$manifest" + + - task: PythonScript@0 + displayName: Output image digest variables + env: + manifest: $(manifest) + inputs: + scriptSource: 'inline' + script: | + import json + import os + + amd64_digest = "" + arm64_digest = "" + manifest = json.loads(os.environ.get('manifest', {})) + + if not manifest: + print("##vso[task.logissue type=error]Container image manifest is empty or null. Unable to retrieve image digests!") + exit(1) + + for descriptor in manifest['manifests']: + if descriptor['platform']['architecture'] == 'amd64': + amd64_digest = descriptor['digest'] + elif descriptor['platform']['architecture'] == 'arm64': + arm64_digest = descriptor['digest'] + + # Theoretically, we should always have both, but log a warning in the event one is not found + if not amd64_digest or not arm64_digest: + print(f"##vso[task.logissue type=warning]Missing one of amd64_digest: {amd64_digest} or arm64_digest: {arm64_digest}.") + + print(f"##vso[task.setvariable variable=imageDigestAmd64]{amd64_digest}") + print(f"##vso[task.setvariable variable=imageDigestArm64]{arm64_digest}") + + # - task: AzureCLI@2 + # displayName: Annotate amd64 as EOL + # inputs: + # azureSubscription: "JEG-Infrastructure" + # scriptType: "bash" + # scriptLocation: "scriptPath" + # scriptPath: $(Build.SourcesDirectory)/scripts/image-annotation.sh + # ${{ if eq(parameters.dryrun, true) }}: + # arguments: > + # -r ${{ parameters.registry }} + # -m $(imageDigestAmd64) + # -d + # ${{ else }}: + # arguments: > + # -r ${{ parameters.registry }} + # -m $(imageDigestAmd64) + + # - task: AzureCLI@2 + # displayName: Annotate arm64 as EOL + # inputs: + # azureSubscription: "JEG-Infrastructure" + # scriptType: "bash" + # scriptLocation: "scriptPath" + # scriptPath: $(Build.SourcesDirectory)/scripts/image-annotation.sh + # ${{ if eq(parameters.dryrun, true) }}: + # arguments: > + # -r ${{ parameters.registry }} + # -m $(imageDigestArm64) + # -d + # ${{ else }}: + # arguments: > + # -r ${{ parameters.registry }} + # -m $(imageDigestArm64) \ No newline at end of file From 9c724215f94e6b2b9e64ec643c336ef6e1a2330a Mon Sep 17 00:00:00 2001 From: joe-braley Date: Tue, 16 Dec 2025 09:58:48 -0800 Subject: [PATCH 17/19] Adjust echo statement --- scripts/image-annotation.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/image-annotation.sh b/scripts/image-annotation.sh index a27c25f..e63cdc4 100644 --- a/scripts/image-annotation.sh +++ b/scripts/image-annotation.sh @@ -23,7 +23,7 @@ fi endOfLifeDate=$(date "+%Y-%m-%d") -echo "Annotating image $registry@$manifest with end-of-life date $endOfLifeDate" +echo "Annotating image ${registry}@${manifest} with end-of-life date ${endOfLifeDate}T00:00:00Z" if [[ "$debug" == true ]]; then echo "[DRY-RUN] Running in dry-run mode. No changes will be made." From 11f3bb6da42fb377e3e276bfc36441424438d034 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Tue, 16 Dec 2025 10:38:10 -0800 Subject: [PATCH 18/19] Wip: rename matrix variable --- .devops/build.yml | 24 ++++++------ .devops/templates/annotate-image.yml | 46 ++-------------------- .devops/templates/prepare-annotation.yml | 50 +----------------------- 3 files changed, 17 insertions(+), 103 deletions(-) diff --git a/.devops/build.yml b/.devops/build.yml index 9b4d8b1..dc41e95 100644 --- a/.devops/build.yml +++ b/.devops/build.yml @@ -32,14 +32,14 @@ parameters: type: object default: azurelinux_8: - new_LTS_image: false + hasExistingImages: true distro: azurelinux version: 8 package: temurin-8 image: "image-repository" tag: "3.0" distroless_8: - new_LTS_image: false + hasExistingImages: true distro: distroless version: 8 package: temurin-8 @@ -48,21 +48,21 @@ parameters: base_image: "image-repository" base_tag: "3.0" ubuntu_11: - new_LTS_image: false + hasExistingImages: true distro: ubuntu version: 11 package: msopenjdk-11 image: "image-repository" tag: "image-tag" azurelinux_11: - new_LTS_image: false + hasExistingImages: true distro: azurelinux version: 11 package: msopenjdk-11 image: "image-repository" tag: "3.0" distroless_11: - new_LTS_image: false + hasExistingImages: true distro: distroless version: 11 package: msopenjdk-11 @@ -71,21 +71,21 @@ parameters: base_image: "image-repository" base_tag: "3.0" ubuntu_17: - new_LTS_image: false + hasExistingImages: true distro: ubuntu version: 17 package: msopenjdk-17 image: "image-repository" tag: "image-tag" azurelinux_17: - new_LTS_image: false + hasExistingImages: true distro: azurelinux version: 17 package: msopenjdk-17 image: "image-repository" tag: "3.0" distroless_17: - new_LTS_image: false + hasExistingImages: true distro: distroless version: 17 package: msopenjdk-17 @@ -94,21 +94,21 @@ parameters: base_image: "image-repository" base_tag: "3.0" ubuntu_21: - new_LTS_image: false + hasExistingImages: true distro: ubuntu version: 21 package: msopenjdk-21 image: "image-repository" tag: "image-tag" azurelinux_21: - new_LTS_image: false + hasExistingImages: true distro: azurelinux version: 21 package: msopenjdk-21 image: "image-repository" tag: "3.0" distroless_21: - new_LTS_image: false + hasExistingImages: true distro: distroless version: 21 package: msopenjdk-21 @@ -133,7 +133,7 @@ extends: os: windows stages: - stage: build_internal - displayName: "Build Internal" + displayName: Build Internal variables: ACR_NAME: msopenjdk jobs: diff --git a/.devops/templates/annotate-image.yml b/.devops/templates/annotate-image.yml index 99045f6..68449cf 100644 --- a/.devops/templates/annotate-image.yml +++ b/.devops/templates/annotate-image.yml @@ -1,4 +1,3 @@ -# Do not call this if we have a new LTS image to support. There will be no image to EOL parameters: - name: registry type: string @@ -15,6 +14,7 @@ parameters: steps: - task: AzureCLI@2 displayName: Download ORAS + condition: eq(variables['hasExistingImages'], 'true') inputs: azureSubscription: "JEG-Infrastructure" scriptType: "bash" @@ -27,50 +27,9 @@ steps: FEED: ${{ parameters.feed }} NAME: ${{ parameters.package }} - # - task: AzureCLI@2 - # displayName: Gather container image manifests - # inputs: - # azureSubscription: "JEG-Infrastructure" - # scriptType: "bash" - # scriptLocation: inlineScript - # inlineScript: | - # az acr login --name $(ACR_NAME) - # manifest=$(az acr manifest show ${{ parameters.registry }}:${{ parameters.tag }} -o json | jq -c .) - # echo "##vso[task.setvariable variable=manifest]$manifest" - - # - task: PythonScript@0 - # displayName: Output image digest - # env: - # manifest: $(manifest) - # inputs: - # scriptSource: 'inline' - # script: | - # import json - # import os - - # amd64_digest = "" - # arm64_digest = "" - # manifest = json.loads(os.environ.get('manifest', {})) - - # if not manifest: - # print("##vso[task.logissue type=error]Container image manifest is empty or null. Unable to retrieve image digests!") - # exit(1) - - # for descriptor in manifest['manifests']: - # if descriptor['platform']['architecture'] == 'amd64': - # amd64_digest = descriptor['digest'] - # elif descriptor['platform']['architecture'] == 'arm64': - # arm64_digest = descriptor['digest'] - - # # Theoretically, we should always have both, but log a warning in the event one is not found - # if not amd64_digest or not arm64_digest: - # print(f"##vso[task.logissue type=warning]Missing one of amd64_digest: {amd64_digest} or arm64_digest: {arm64_digest}.") - - # print(f"##vso[task.setvariable variable=imageDigestAmd64]{amd64_digest}") - # print(f"##vso[task.setvariable variable=imageDigestArm64]{arm64_digest}") - - task: AzureCLI@2 displayName: Annotate previous amd64 as EOL + condition: eq(variables['hasExistingImages'], 'true') inputs: azureSubscription: "JEG-Infrastructure" scriptType: "bash" @@ -88,6 +47,7 @@ steps: - task: AzureCLI@2 displayName: Annotate previous arm64 as EOL + condition: eq(variables['hasExistingImages'], 'true') inputs: azureSubscription: "JEG-Infrastructure" scriptType: "bash" diff --git a/.devops/templates/prepare-annotation.yml b/.devops/templates/prepare-annotation.yml index 2940fa5..d3f92ec 100644 --- a/.devops/templates/prepare-annotation.yml +++ b/.devops/templates/prepare-annotation.yml @@ -1,4 +1,3 @@ -# Do not call this if we have a new LTS image to support. There will be no image to EOL parameters: - name: registry type: string @@ -6,22 +5,10 @@ parameters: type: string steps: - # - task: AzureCLI@2 - # displayName: Download ORAS - # inputs: - # azureSubscription: "JEG-Infrastructure" - # scriptType: "bash" - # scriptLocation: "scriptPath" - # scriptPath: $(Build.SourcesDirectory)/scripts/install-oras.sh - # env: - # AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) - # ORAS_VERSION: 1.1.0 - # ORGANIZATION: ${{ parameters.organization }} - # FEED: ${{ parameters.feed }} - # NAME: ${{ parameters.package }} - task: AzureCLI@2 displayName: Gather container image manifests + condition: eq(variables['hasExistingImages'], 'true') inputs: azureSubscription: "JEG-Infrastructure" scriptType: "bash" @@ -33,6 +20,7 @@ steps: - task: PythonScript@0 displayName: Output image digest variables + condition: eq(variables['hasExistingImages'], 'true') env: manifest: $(manifest) inputs: @@ -61,37 +49,3 @@ steps: print(f"##vso[task.setvariable variable=imageDigestAmd64]{amd64_digest}") print(f"##vso[task.setvariable variable=imageDigestArm64]{arm64_digest}") - - # - task: AzureCLI@2 - # displayName: Annotate amd64 as EOL - # inputs: - # azureSubscription: "JEG-Infrastructure" - # scriptType: "bash" - # scriptLocation: "scriptPath" - # scriptPath: $(Build.SourcesDirectory)/scripts/image-annotation.sh - # ${{ if eq(parameters.dryrun, true) }}: - # arguments: > - # -r ${{ parameters.registry }} - # -m $(imageDigestAmd64) - # -d - # ${{ else }}: - # arguments: > - # -r ${{ parameters.registry }} - # -m $(imageDigestAmd64) - - # - task: AzureCLI@2 - # displayName: Annotate arm64 as EOL - # inputs: - # azureSubscription: "JEG-Infrastructure" - # scriptType: "bash" - # scriptLocation: "scriptPath" - # scriptPath: $(Build.SourcesDirectory)/scripts/image-annotation.sh - # ${{ if eq(parameters.dryrun, true) }}: - # arguments: > - # -r ${{ parameters.registry }} - # -m $(imageDigestArm64) - # -d - # ${{ else }}: - # arguments: > - # -r ${{ parameters.registry }} - # -m $(imageDigestArm64) \ No newline at end of file From d6ebb43eb1fd75c9fa6abb705f979817e67b2291 Mon Sep 17 00:00:00 2001 From: joe-braley Date: Tue, 16 Dec 2025 14:43:59 -0800 Subject: [PATCH 19/19] wip --- .devops/build.yml | 202 ++++++++++++++++++++++++++++------------------ 1 file changed, 125 insertions(+), 77 deletions(-) diff --git a/.devops/build.yml b/.devops/build.yml index dc41e95..c7c8c9e 100644 --- a/.devops/build.yml +++ b/.devops/build.yml @@ -192,86 +192,134 @@ extends: package: ${{ parameters.az_package }} dryrun: ${{ parameters.dryrun }} - # - stage: validate_and_publish - # displayName: "Validate & Publish" - # dependsOn: build_internal - # jobs: - # - job: wait_for_validation - # displayName: wait for validation - # pool: server - # steps: - # - task: ManualValidation@0 - # # 3 days - # timeoutInMinutes: 4320 - # inputs: - # instructions: "please validate the build configuration, artifacts, tests, and resume" - # onTimeout: "resume" + - stage: validate_and_publish + displayName: "Validate & Publish" + dependsOn: build_internal + jobs: + + - job: wait_for_validation + displayName: wait for validation + pool: server + steps: + - task: ManualValidation@0 + # 3 days + timeoutInMinutes: 4320 + inputs: + instructions: "please validate the build configuration, artifacts, tests, and resume" + onTimeout: "resume" + + - job: build_public + dependsOn: wait_for_validation + pool: + name: JEG-azurelinux-x64-release + os: linux + strategy: + matrix: ${{ parameters.jobs }} + steps: + - template: /.devops/templates/prepare-annotation.yml@self + parameters: + registry: $(ACR_REGISTRY) + tag: $(version)-$(distro) + + - bash: | + REGISTRIES=$(ACR_REGISTRY):$(version)-$(distro) + if [[ "$(distro)" == "azurelinux" ]]; then + REGISTRIES+=";$(ACR_REGISTRY):$(version)-mariner" + fi + echo "##vso[task.setvariable variable=REGISTRIES]$REGISTRIES" + displayName: Set REGISTRIES variable + + - task: AzureCLI@2 + inputs: + azureSubscription: "JEG-Infrastructure" + scriptType: "bash" + scriptLocation: "scriptPath" + scriptPath: $(Build.SourcesDirectory)/scripts/build-image.sh + ${{ if eq(parameters.dryrun, true) }}: + arguments: > + --image $(image) + --tag $(tag) + --package $(package) + --distribution $(distro) + --registries $(REGISTRIES) + --installer-image $(installer_image) + --installer-tag $(installer_tag) + --dryrun + ${{ else }}: + arguments: > + --image $(image) + --tag $(tag) + --package $(package) + --distribution $(distro) + --registries $(REGISTRIES) + --installer-image $(installer_image) + --installer-tag $(installer_tag) + displayName: build container image + + - template: /.devops/templates/annotate-image.yml@self + parameters: + registry: $(ACR_REGISTRY) + organization: ${{ parameters.organization }} + feed: ${{ parameters.feed }} + package: ${{ parameters.az_package }} + dryrun: ${{ parameters.dryrun }} - # - job: build_public - # displayName: "build public " - # dependsOn: wait_for_validation - # pool: - # name: JEG-azurelinux-x64-release - # os: linux - # strategy: - # matrix: ${{ parameters.jobs }} - # steps: - # - template: /.devops/templates/annotate-image.yml@self - # parameters: - # registry: $(INTERNAL_ACR_REGISTRY) - # tag: $(version)-$(distro) - # organization: ${{ parameters.organization }} - # feed: ${{ parameters.feed }} - # package: ${{ parameters.az_package }} - # dryrun: ${{ parameters.dryrun }} + # - template: /.devops/templates/annotate-image.yml@self + # parameters: + # registry: $(INTERNAL_ACR_REGISTRY) + # tag: $(version)-$(distro) + # organization: ${{ parameters.organization }} + # feed: ${{ parameters.feed }} + # package: ${{ parameters.az_package }} + # dryrun: ${{ parameters.dryrun }} - # - bash: | - # REGISTRIES=$(ACR_REGISTRY):$(version)-$(distro) - # TAGS="$(version)-$(distro)" + # - bash: | + # REGISTRIES=$(ACR_REGISTRY):$(version)-$(distro) + # TAGS="$(version)-$(distro)" - # if [[ "$(distro)" == "azurelinux" ]]; then - # REGISTRIES+=";$(ACR_REGISTRY):$(version)-mariner" - # fi + # if [[ "$(distro)" == "azurelinux" ]]; then + # REGISTRIES+=";$(ACR_REGISTRY):$(version)-mariner" + # fi - # echo "##vso[task.setvariable variable=REGISTRIES]$REGISTRIES" - # echo "##vso[task.setvariable variable=TAGS]$TAGS" - # displayName: Set environment variables + # echo "##vso[task.setvariable variable=REGISTRIES]$REGISTRIES" + # echo "##vso[task.setvariable variable=TAGS]$TAGS" + # displayName: Set environment variables - # - task: AzureCLI@2 - # inputs: - # azureSubscription: "JEG-Infrastructure" - # scriptType: "bash" - # scriptLocation: "scriptPath" - # scriptPath: scripts/build-image.sh - # displayName: Build image - # env: - # REGISTRY_TAGS: $(REGISTRIES) - # IMAGE: $(image) - # TAG: $(tag) - # PACKAGE: $(package) - # DISTRIBUTION: $(distro) - # INSTALLER_IMAGE: $(installer_image) - # INSTALLER_TAG: $(installer_tag) - # ${{ if eq(parameters.dryrun, true) }}: - # DRYRUN: "true" - # ${{ else }}: - # DRYRUN: "false" + # - task: AzureCLI@2 + # inputs: + # azureSubscription: "JEG-Infrastructure" + # scriptType: "bash" + # scriptLocation: "scriptPath" + # scriptPath: scripts/build-image.sh + # displayName: Build image + # env: + # REGISTRY_TAGS: $(REGISTRIES) + # IMAGE: $(image) + # TAG: $(tag) + # PACKAGE: $(package) + # DISTRIBUTION: $(distro) + # INSTALLER_IMAGE: $(installer_image) + # INSTALLER_TAG: $(installer_tag) + # ${{ if eq(parameters.dryrun, true) }}: + # DRYRUN: "true" + # ${{ else }}: + # DRYRUN: "false" - # ${{ if ne(parameters.dryrun, true) }}: - # - task: AzureCLI@2 - # displayName: Trigger signing - # env: - # AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) - # inputs: - # azureSubscription: "JEG-Infrastructure" - # scriptType: "bash" - # scriptLocation: "inlineScript" - # inlineScript: | - # az pipelines run \ - # --branch main \ - # --org ${{ parameters.organization }} \ - # --project $(OPENJDK_PROJECT) \ - # --id $(OPENJDK_SIGNING_ID) \ - # --parameters openjdk_tags="[$(TAGS)]" \ - # image_registry="$(ACR_REGISTRY)" \ - # image_name="jdk" + - ${{ if ne(parameters.dryrun, true) }}: + - task: AzureCLI@2 + displayName: Trigger signing + env: + AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) + inputs: + azureSubscription: "JEG-Infrastructure" + scriptType: "bash" + scriptLocation: "inlineScript" + inlineScript: | + az pipelines run \ + --branch main \ + --org ${{ parameters.organization }} \ + --project $(OPENJDK_PROJECT) \ + --id $(OPENJDK_SIGNING_ID) \ + --parameters openjdk_tags="[$(TAGS)]" \ + image_registry="$(ACR_REGISTRY)" \ + image_name="jdk"