ci: 1ES Template

.config/.gdnsuppress

@@ -3,24 +3,22 @@
   "suppressionSets": {
     "default": {
       "name": "default",
-      "createdDate": "2022-11-28 20:04:38Z",
-      "lastUpdatedDate": "2022-11-28 20:04:38Z"
+      "createdDate": "2024-11-21 01:58:07Z",
+      "lastUpdatedDate": "2024-11-21 01:58:07Z"
     }
   },
   "results": {
-    "d7e55b5f3e54f9253a2fec595f97520ab0ffece607981d2db0fcfe4dae4cd490": {
-      "signature": "d7e55b5f3e54f9253a2fec595f97520ab0ffece607981d2db0fcfe4dae4cd490",
+    "9a675be4784d448ece481deb7f6f1429fd6606a08b9598f33f23c2123c581520": {
+      "signature": "9a675be4784d448ece481deb7f6f1429fd6606a08b9598f33f23c2123c581520",
       "alternativeSignatures": [],
-      "target": "**/testdata/dummy.pem",
+      "target": "keyvault/testdata/dummy.pem",
+      "line": 1,
       "memberOf": [
         "default"
       ],
       "tool": "credscan",
       "ruleId": "CSCAN-GENERAL0020",
-      "justification": null,
-      "createdDate": "2022-11-28 20:04:38Z",
-      "expirationDate": null,
-      "type": null
+      "createdDate": "2024-11-21 01:58:07Z"
     }
   }
 }

.config/credScanSuppressions.json

@@ -1,4 +1,9 @@
 {
- "tool": "Credential Scanner",
- "suppressions": []
+  "tool": "Credential Scanner",
+  "suppressions": [
+    {
+      "file": "keyvault/testdata/dummy.pem",
+      "_justification": "Fake credentials for testing"
+    }
+  ]
 }

.pipelines/cni/k8s-e2e/k8s-e2e-job-template.yaml

@@ -8,11 +8,11 @@ parameters:
 
 jobs:
   - job: CNI_${{ parameters.os }}
-    condition: and( not(canceled()), not(failed()) )
     displayName: CNI k8s E2E ${{ parameters.os }}
     dependsOn: ${{ parameters.dependsOn }}
     pool:
       name: $(BUILD_POOL_NAME_DEFAULT)
+      os: linux
     steps:
       - task: AzureCLI@2
         inputs:

.pipelines/cni/k8s-e2e/k8s-e2e.jobs.yaml

@@ -8,26 +8,17 @@ parameters:
 
 jobs:
   - job: CNI_${{ parameters.os }}
-    condition: and( not(canceled()), not(failed()) )
     displayName: CNI k8s E2E ${{ parameters.os }}
     dependsOn: ${{ parameters.dependsOn }}
     pool:
-      isCustom: true
-      type: linux
       name: $(BUILD_POOL_NAME_DEFAULT)
-    variables:
-      ob_outputDirectory: $(Build.ArtifactStagingDirectory)/output
-      ob_git_checkout: true
+      os: linux
     steps:
-      - checkout: ACNReviewChanges
-        clean: true
-
       - task: AzureCLI@2
         inputs:
           azureSubscription: ${{ parameters.sub }}
           scriptLocation: "inlineScript"
           scriptType: "bash"
-          workingDirectory: $(ACN_DIR)
           addSpnToEnvironment: true
           inlineScript: |
             set -e
@@ -42,9 +33,8 @@ jobs:
             # https://github.com/kubernetes/sig-release/blob/master/release-engineering/artifacts.md#content-of-kubernetes-test-system-archtargz-on-example-of-kubernetes-test-linux-amd64targz-directories-removed-from-list
             # explictly unzip and strip directories from ginkgo and e2e.test
             tar -xvzf kubernetes-test-linux-amd64.tar.gz --strip-components=3 kubernetes/test/bin/ginkgo kubernetes/test/bin/e2e.test
-        displayName: "Setup Environment"
-        retryCountOnTaskFailure: 5
 
+        displayName: "Setup Environment"
       - ${{ if contains(parameters.os, 'windows') }}:
         - script: |
             set -e
@@ -57,13 +47,11 @@ jobs:
               kubectl exec -i -n kube-system $pod -- powershell "Restart-Service kubeproxy"
               kubectl exec -i -n kube-system $pod -- powershell "Get-Service kubeproxy"
             done
-          workingDirectory: $(ACN_DIR)
           name: kubeproxy
           displayName: Restart Kubeproxy on Windows nodes
           retryCountOnTaskFailure: 3
-
       - ${{ if eq(parameters.datapath, true) }}:
-        - template: k8s-e2e.steps.yaml@ACNTools
+        - template: ../k8s-e2e/k8s-e2e-step-template.yaml
           parameters:
             testName: Datapath
             name: datapath
@@ -72,9 +60,8 @@ jobs:
             os: ${{ parameters.os }}
             processes: 8
             attempts: 10
-
       - ${{ if eq(parameters.dns, true) }}:
-        - template: k8s-e2e.steps.yaml@ACNTools
+        - template: ../k8s-e2e/k8s-e2e-step-template.yaml
           parameters:
             testName: DNS
             name: dns
@@ -83,9 +70,8 @@ jobs:
             os: ${{ parameters.os }}
             processes: 8
             attempts: 3
-
       - ${{ if eq(parameters.portforward, true) }}:
-        - template: k8s-e2e.steps.yaml@ACNTools
+        - template: ../k8s-e2e/k8s-e2e-step-template.yaml
           parameters:
             testName: Kubectl Portforward
             name: portforward
@@ -94,9 +80,8 @@ jobs:
             os: ${{ parameters.os }}
             processes: 8
             attempts: 3
-
       - ${{ if and( eq(parameters.service, true), contains(parameters.cni, 'cni') ) }}:
-        - template: k8s-e2e.steps.yaml@ACNTools
+        - template: ../k8s-e2e/k8s-e2e-step-template.yaml
           parameters:
             testName: Service Conformance
             name: service
@@ -105,9 +90,8 @@ jobs:
             os: ${{ parameters.os }}
             processes: 8
             attempts: 3
-
       - ${{ if and( eq(parameters.service, true), contains(parameters.cni, 'cilium') ) }}:
-        - template: k8s-e2e.steps.yaml@ACNTools
+        - template: ../k8s-e2e/k8s-e2e-step-template.yaml
           parameters:
             testName: Service Conformance|Cilium
             name: service
@@ -116,9 +100,8 @@ jobs:
             os: ${{ parameters.os }}
             processes: 8
             attempts: 3
-
       - ${{ if eq(parameters.hostport, true) }}:
-        - template: k8s-e2e.steps.yaml@ACNTools
+        - template: ../k8s-e2e/k8s-e2e-step-template.yaml
           parameters:
             testName: Host Port
             name: hostport
@@ -127,9 +110,8 @@ jobs:
             os: ${{ parameters.os }}
             processes: 1 # Has a short serial test
             attempts: 3
-
       - ${{ if and(eq(parameters.hybridWin, true), eq(parameters.os, 'windows')) }}:
-        - template: k8s-e2e.steps.yaml@ACNTools
+        - template: ../k8s-e2e/k8s-e2e-step-template.yaml
           parameters:
             testName: Hybrid Network
             name: hybrid
@@ -138,9 +120,8 @@ jobs:
             os: ${{ parameters.os }}
             processes: 8
             attempts: 3
-
       - ${{ if and( eq(parameters.dualstack, true), eq(contains(parameters.cni, 'cilium'), false) ) }}:
-        - template: k8s-e2e.steps.yaml@ACNTools
+        - template: ../k8s-e2e/k8s-e2e-step-template.yaml
           parameters:
             testName: DualStack Test
             name: DualStack
@@ -150,9 +131,8 @@ jobs:
             os: ${{ parameters.os }}
             processes: 8
             attempts: 3
-
       - ${{ if and( eq(parameters.dualstack, true), contains(parameters.cni, 'cilium') ) }}:
-        - template: k8s-e2e.steps.yaml@ACNTools
+        - template: ../k8s-e2e/k8s-e2e-step-template.yaml
           parameters:
             testName: DualStack Test|Cilium
             name: DualStack

.pipelines/containers/container-template.jobs.yaml

@@ -0,0 +1,64 @@
+parameters:
+- name: arch
+  type: string
+
+- name: os
+  type: string
+
+- name: images
+  type: object
+
+- name: containerRegistry
+  type: object
+
+
+jobs:
+- ${{ each image in parameters.images }}:
+  - job: ${{ replace(image, '-', '_') }}_${{ parameters.os }}_${{ parameters.arch }}
+    displayName: Build Image - (${{ image }} ${{ parameters.os }}/${{ parameters.arch }})
+    templateContext:
+      authenticatedContainerRegistries:
+      - serviceConnection: $(ACR_SERVICECONNECTION)
+
+    steps:
+    - checkout: self
+
+    - task: GoTool@0
+      inputs:
+        version: $(GO_VERSION)
+
+    - bash: |
+        set -e
+
+        ip address
+        systemctl status docker
+        systemctl restart docker
+
+        BUILD_CONTEXT=$(make "$MAKE_BUILD_CONTEXT")
+        echo >&2 "##vso[task.setvariable variable=BUILD_CONTEXT_${VAR_ID};]$BUILD_CONTEXT"
+
+        IMAGE_PLATFORM_TAG=$(make "$MAKE_IMAGE_TAG")
+        echo >&2 "##vso[task.setvariable variable=IMAGE_PLATFORM_TAG_${VAR_ID};]$IMAGE_PLATFORM_TAG"
+
+        IMAGE_NAME_AND_TAG=$(make "$MAKE_IMAGE_NAME_AND_TAG")
+        echo >&2 "##vso[task.setvariable variable=IMAGE_NAME_AND_TAG_${VAR_ID};]$IMAGE_NAME_AND_TAG"
+
+        DOCKERFILE_PATH=$(make "$MAKE_DOCKERFILE_PATH")
+        echo >&2 "##vso[task.setvariable variable=DOCKERFILE_PATH_${VAR_ID};]$DOCKERFILE_PATH"
+
+        EXTRA_BUILD_ARGS=$(make "$MAKE_EXTRA_BUILD_ARGS")
+        echo >&2 "##vso[task.setvariable variable=EXTRA_BUILD_ARGS_${VAR_ID};]$EXTRA_BUILD_ARGS"
+      displayName: "Get Image Build Data"
+      env:
+        VAR_ID: ${{ image }}
+        MAKE_IMAGE_TAG: ${{ image }}-image-tag
+        MAKE_BUILD_CONTEXT: ${{ image }}-image-build-context
+        MAKE_IMAGE_NAME_AND_TAG: ${{ image }}-image-name-and-tag
+        MAKE_DOCKERFILE_PATH: ${{ image }}-dockerfile-path
+        MAKE_EXTRA_BUILD_ARGS: ${{ image }}-docker-build-args
+
+    - template: container-template.steps.yaml
+      parameters:
+        arch: ${{ parameters.arch }}
+        name: ${{ image }}
+        os: ${{ parameters.os }}

.pipelines/containers/container-template.steps.yaml

@@ -1,37 +1,42 @@
 parameters:
-  arch: ""
-  name: ""
-  os: ""
+- name: name
+  type: string
+  values:
+  - azure-ipam
+  - cni
+  - cns
+  - ipv6-hp-bpf
+  - npm
 
-steps:
-- task: AzureCLI@2
-  displayName: "Login"
-  inputs:
-    azureSubscription: $(ACR_ARM_SERVICE_CONNECTION)
-    scriptLocation: "inlineScript"
-    scriptType: "bash"
-    inlineScript: |
-      az acr login -n $(ACR)
+- name: arch
+  type: string
+  default: ""
+  values:
+  - amd64
+  - arm64
+
+- name: os
+  type: string
+  default: ""
+  values:
+  - windows
+  - linux
 
-- script: |
-    set -e
-    if [ "$IN_OS" = 'windows' ]; then export BUILDX_ACTION='--push'; fi
-    make "$IMGNAME" OS="$IN_OS" ARCH="$IN_ARCH" 
-  name: image_build
-  displayName: Image Build
-  workingDirectory: $(ACN_DIR)
-  retryCountOnTaskFailure: 3
-  env:
-    IMGNAME: '${{ parameters.name }}-image'
-    IN_OS: '${{ parameters.os }}'
-    IN_ARCH: '${{ parameters.arch }}'
 
-- task: AzureCLI@2
-  displayName: "Logout"
+steps:
+- task: 1ES.BuildContainerImage@1
+  retryCountOnTaskFailure: 3
   inputs:
-    azureSubscription: $(ACR_ARM_SERVICE_CONNECTION)
-    scriptLocation: "inlineScript"
-    scriptType: "bash"
-    inlineScript: |
-      docker logout
+    image: $(IMAGE_NAME_AND_TAG_${{ parameters.name }})
+    dockerfile: $(DOCKERFILE_PATH_${{ parameters.name }})
+    path: $(Build.SourcesDirectory)
+    buildArguments: --platform "${{ parameters.os }}/${{ parameters.arch }}" --build-arg ARCH="${{ parameters.arch }}" --build-arg OS="${{ parameters.os }}" --build-arg PLATFORM="${{ parameters.os }}/${{ parameters.arch }}" --build-arg VERSION="$(IMAGE_PLATFORM_TAG_${{ parameters.name }})" --target "${{ parameters.os }}" $(EXTRA_BUILD_ARGS_${{ parameters.name }})
+    enableNetwork: true
+    enablePull: false
+    enableCache: true
+    useBuildKit: true
 
+- task: 1ES.PushContainerImage@1
+  condition: ${{ eq(parameters.os, 'windows') }}
+  inputs:
+    image: $(IMAGE_NAME_AND_TAG_${{ parameters.name }})