Skip to content

Commit

Permalink
Update node
Browse files Browse the repository at this point in the history
  • Loading branch information
daniv-msft committed Mar 22, 2024
1 parent e364183 commit d14fedc
Show file tree
Hide file tree
Showing 3 changed files with 103 additions and 149 deletions.
95 changes: 54 additions & 41 deletions vsts/pipelines/baseImages/node.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,45 +8,58 @@ variables:
value: true
- name: Packaging.EnableSBOMSigning
value: true

jobs:
- template: ../templates/_buildimageBasesJobTemplate.yml
resources:
repositories:
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
displayName: Build Node runtime buster based images
scriptPath: ./build/buildRunTimeImageBases.sh
imageDir: node
imageDebianFlavor: buster
artifactsFileName: node-runtimeimage-bases-buster.txt
jobName: Build_Buster_BaseImages

- template: ../templates/_buildimageBasesJobTemplate.yml
parameters:
displayName: Build Node runtime bullseye base images
scriptPath: ./build/buildRunTimeImageBases.sh
imageDir: node
imageDebianFlavor: bullseye
artifactsFileName: node-runtimeimage-bases-bullseye.txt
jobName: Build_Bullseye_BaseImages

- template: ../templates/_buildimageBasesJobTemplate.yml
parameters:
displayName: Build Node runtime bookworm base images
scriptPath: ./build/buildRunTimeImageBases.sh
imageDir: node
imageDebianFlavor: bookworm
artifactsFileName: node-runtimeimage-bases-bookworm.txt
jobName: Build_Bookworm_BaseImages

- job: Release_NodeRuntimeBaseImage
dependsOn:
- Build_Buster_BaseImages
displayName: Push images to MCR
timeoutInMinutes: 250
pool:
name: AzurePipelines-EO
demands:
- ImageOverride -equals AzurePipelinesUbuntu20.04compliant
steps:
- template: ../templates/_releaseBaseImagesStepTemplate.yml
parameters:
baseImageName: 'node'
pool:
name: AzurePipelines-EO
image: AzurePipelinesUbuntu20.04compliant
os: linux
sdl:
sourceAnalysisPool:
name: AzurePipelines-EO
os: windows
customBuildTags:
- ES365AIMigrationTooling-BulkMigrated
stages:
- stage: stage
jobs:
- template: /vsts/pipelines/templates/_buildimageBasesJobTemplate.yml@self
parameters:
displayName: Build Node runtime buster based images
scriptPath: ./build/buildRunTimeImageBases.sh
imageDir: node
imageDebianFlavor: buster
artifactsFileName: node-runtimeimage-bases-buster.txt
jobName: Build_Buster_BaseImages
- template: /vsts/pipelines/templates/_buildimageBasesJobTemplate.yml@self
parameters:
displayName: Build Node runtime bullseye base images
scriptPath: ./build/buildRunTimeImageBases.sh
imageDir: node
imageDebianFlavor: bullseye
artifactsFileName: node-runtimeimage-bases-bullseye.txt
jobName: Build_Bullseye_BaseImages
- template: /vsts/pipelines/templates/_buildimageBasesJobTemplate.yml@self
parameters:
displayName: Build Node runtime bookworm base images
scriptPath: ./build/buildRunTimeImageBases.sh
imageDir: node
imageDebianFlavor: bookworm
artifactsFileName: node-runtimeimage-bases-bookworm.txt
jobName: Build_Bookworm_BaseImages
- job: Release_NodeRuntimeBaseImage
dependsOn:
- Build_Buster_BaseImages
displayName: Push images to MCR
timeoutInMinutes: 250
steps:
- template: /vsts/pipelines/templates/_releaseBaseImagesStepTemplate.yml@self
parameters:
baseImageName: 'node'
138 changes: 47 additions & 91 deletions vsts/pipelines/templates/_buildimageBasesJobTemplate.yml
Original file line number Diff line number Diff line change
@@ -1,91 +1,47 @@
# trigger: none

# The `resources` specify the location and version of the 1ES PT.
resources:
repositories:
- repository: 1esPipelines
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release

extends:
# The pipeline extends the 1ES PT which will inject different SDL and compliance tasks.
# For non-production pipelines, use "Unofficial" as defined below.
# For productions pipelines, use "Official".
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
parameters:
# Update the pool with your team's 1ES hosted pool.
pool:
name: AzurePipelines-EO
image: AzurePipelinesUbuntu20.04compliant # Name of the image in your pool. If not specified, first image of the pool is used
os: linux # OS of the image. Allowed values: windows, linux, macOS

stages:
- stage: Stage
jobs:
- job: HostJob
timeoutInMinutes: 250
# If the pipeline publishes artifacts, use `templateContext` to define the artifacts.
# This will enable 1ES PT to run SDL analysis tools on the artifacts and then upload them.
templateContext:
outputs:
- output: pipelineArtifact
targetPath: $(Build.ArtifactStagingDirectory)
artifactName: buildImageBasesJobArtifact
# Define the steps that the pipeline will run.
# In most cases, copy and paste the steps from the original pipeline.
steps:
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
displayName: 'Component Detection - OSS Compliance'
inputs:
ignoreDirectories: '$(Build.SourcesDirectory)/tests'

- task: ShellScript@2
displayName: Build images
inputs:
scriptPath: ${{ parameters.scriptPath }}
args: ${{ parameters.imageDir }} ${{ parameters.imageDebianFlavor }}
env:
ORYX_SDK_STORAGE_ACCOUNT_ACCESS_TOKEN: $(ORYX-SDK-STAGING-PRIVATE-SAS-TOKEN)
DOTNET_PRIVATE_STORAGE_ACCOUNT_ACCESS_TOKEN: $(DotnetPrivateStorageAccountAccessToken)

- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
displayName: Generate Software Bill of Materials (SBOM)
inputs:
BuildDropPath: '$(Build.ArtifactStagingDirectory)'
AdditionalComponentDetectorArgs: '--DirectoryExclusionList **/SampleApps/**'

- task: CopyFiles@2
displayName: Copy artifacts to staging directory
inputs:
sourceFolder: '$(Build.SourcesDirectory)/artifacts'
contents: '**/*.*'
targetFolder: $(Build.ArtifactStagingDirectory)
overWrite: true
condition: true

- task: Docker@1
displayName: Push built base images to dev ACR
inputs:
command: push
azureSubscriptionEndpoint: $(ascName)
azureContainerRegistry: $(acrName)
pushMultipleImages: true
imageNamesPath: '$(Build.ArtifactStagingDirectory)/images/${{ parameters.artifactsFileName }}'
enforceDockerNamingConvention: false

- task: ShellScript@2
displayName: 'Clean up Docker containers and images'
inputs:
scriptPath: ./vsts/scripts/cleanDocker.sh

- task: PublishBuildArtifacts@1
displayName: Publish build artifacts
inputs:
pathtoPublish: $(Build.ArtifactStagingDirectory)

- task: ShellScript@2
displayName: 'Clean up Docker containers and images'
inputs:
scriptPath: ./vsts/scripts/cleanDocker.sh
condition: true
parameters:
displayName: ''
imageDir: ''
imageDebianFlavor: ''
scriptPath: ''
artifactsFileName: ''
jobName: ''
jobs:
- job: ${{ parameters.jobName }}
displayName: ${{ parameters.displayName }}
timeoutInMinutes: 250
templateContext:
outputs:
- output: pipelineArtifact
displayName: 'Publish build artifacts'
targetPath: $(Build.ArtifactStagingDirectory)
steps:
- task: ShellScript@2
displayName: Build images
inputs:
scriptPath: ${{ parameters.scriptPath }}
args: ${{ parameters.imageDir }} ${{ parameters.imageDebianFlavor }}
env:
ORYX_SDK_STORAGE_ACCOUNT_ACCESS_TOKEN: $(ORYX-SDK-STAGING-PRIVATE-SAS-TOKEN)
DOTNET_PRIVATE_STORAGE_ACCOUNT_ACCESS_TOKEN: $(DotnetPrivateStorageAccountAccessToken)
- task: CopyFiles@2
displayName: Copy artifacts to staging directory
inputs:
sourceFolder: '$(Build.SourcesDirectory)/artifacts'
contents: '**/*.*'
targetFolder: $(Build.ArtifactStagingDirectory)
overWrite: true
condition: true
- task: 1ES.PushContainerImage@1
displayName: Push built base images to dev ACR
inputs:
image: '$(Build.ArtifactStagingDirectory)/images/${{ parameters.artifactsFileName }}'
remoteImage: $(acrname)/$(Build.ArtifactStagingDirectory)/images/${{ parameters.artifactsFileName }}
- task: ShellScript@2
displayName: 'Clean up Docker containers and images'
inputs:
scriptPath: ./vsts/scripts/cleanDocker.sh
- task: ShellScript@2
displayName: 'Clean up Docker containers and images'
inputs:
scriptPath: ./vsts/scripts/cleanDocker.sh
condition: true
19 changes: 2 additions & 17 deletions vsts/pipelines/templates/_releaseBaseImagesStepTemplate.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,64 +4,49 @@ parameters:
acrProdName: oryxmcr
acrPmeProdName: oryxprodmcr
acrPmeProdSrvConnection: Oryx-PME-ACR-Production
baseImageName: '' # defaults
baseImageName: ''
baseImageRepository: public/oryx/base

steps:
- checkout: self
clean: true

- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
displayName: 'Component Detection - OSS Compliance'
inputs:
ignoreDirectories: '$(Build.SourcesDirectory)/tests'

- task: Docker@1
displayName: Container registry login
inputs:
command: login
azureSubscriptionEndpoint: ${{ parameters.ascName }}
azureContainerRegistry: ${{ parameters.acrDevName }}.azurecr.io

- task: DownloadBuildArtifacts@0
displayName: 'Download Artifacts for release'
inputs:
artifactName: drop

- task: CopyFiles@2
displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)'
inputs:
SourceFolder: '$(System.ArtifactsDirectory)'
TargetFolder: '$(Build.ArtifactStagingDirectory)'

- task: Shellpp@0
displayName: 'Pull and create release tags for PME staging ACR'
inputs:
type: FilePath
scriptPath: ./vsts/scripts/tagBaseImagesForRelease.sh
args: '${{ parameters.baseImageName }} ${{ parameters.acrPmeProdName }}'

- task: Docker@2
displayName: Login to production PME ACR
inputs:
command: login
containerRegistry: ${{ parameters.acrPmeProdSrvConnection }}

- script: echo base image is ${{ parameters.baseImageName }} and repository is ${{ parameters.baseImageRepository }}

- script: echo base image is ${{ parameters.baseImageName }} and repository is ${{ parameters.baseImageRepository }}
- task: Shellpp@0
displayName: 'Push images to PME staging ACR'
inputs:
type: FilePath
scriptPath: ./vsts/scripts/pushBaseImagesToRegistry.sh
args: '$(Build.ArtifactStagingDirectory)/drop/images/${{ parameters.baseImageName }}/${{ parameters.acrPmeProdName }}'

- task: Docker@2
displayName: Logout from PME ACR
inputs:
command: logout
containerRegistry: ${{ parameters.acrPmeProdSrvConnection }}

- task: ShellScript@2
displayName: 'Clean up Docker containers and images'
inputs:
Expand Down

0 comments on commit d14fedc

Please sign in to comment.