diff --git a/.github/workflows/pipeline.yaml b/.github/workflows/pipeline.yaml index 98d92f6b..39ea3b30 100644 --- a/.github/workflows/pipeline.yaml +++ b/.github/workflows/pipeline.yaml @@ -25,53 +25,53 @@ env: # https://npmjs.com/package/@microsoft/sarif-multitool?activeTab=versions SARIF_MULTITOOL_VERSION: 4.5.4 # https://npmjs.com/package/snyk?activeTab=versions - SNYK_VERSION: 1.1293.1 + SNYK_VERSION: 1.1294.3 # https://github.com/microsoft/azure-pipelines-agent/releases - AZP_AGENT_VERSION: 3.244.1 + AZP_AGENT_VERSION: 4.248.0 # https://github.com/PowerShell/PowerShell/releases - POWERSHELL_VERSION: 7.2.23 + POWERSHELL_VERSION: 7.2.24 # https://github.com/krallin/tini/releases TINI_VERSION: 0.19.0 # https://github.com/mikefarah/yq/releases - YQ_VERSION: 4.44.3 + YQ_VERSION: 4.44.6 # https://go.dev/dl - GO_VERSION: 1.23.2 + GO_VERSION: 1.23.4 # https://github.com/rootless-containers/rootlesskit/releases ROOTLESSKIT_VERSION: 2.3.1 # https://github.com/moby/buildkit/releases - BUILDKIT_VERSION: 0.16.0 + BUILDKIT_VERSION: 0.18.2 # https://github.com/Azure/azure-cli/releases - AZURE_CLI_VERSION: 2.65.0 + AZURE_CLI_VERSION: 2.67.0 # https://github.com/stedolan/jq/releases JQ_WIN_VERSION: 1.7.1 # https://github.com/aws/aws-cli/tags - AWS_CLI_VERSION: 2.18.4 + AWS_CLI_VERSION: 2.22.29 # https://console.cloud.google.com/artifacts/docker/google.com:cloudsdktool/us/gcr.io/google-cloud-cli # Note: To get thhe version number, spot the version tag on the latest pushed container - GCLOUD_CLI_VERSION: 490.0.0 + GCLOUD_CLI_VERSION: 497.0.0 # https://github.com/git-for-windows/git/releases - GIT_WIN_VERSION: 2.47.0 + GIT_WIN_VERSION: 2.47.1 # https://github.com/facebook/zstd/releases ZSTD_WIN_VERSION: 1.5.6 # https://www.python.org/downloads PYTHON_VERSION_MAJOR_MINOR: 3.12 - PYTHON_VERSION_PATCH: 7 + PYTHON_VERSION_PATCH: 8 # https://nodejs.org/en/download/releases - NODE_VERSION: 20.18.0 + NODE_VERSION: 22.12.0 # https://github.com/helm/helm/releases - HELM_VERSION: 3.16.2 + HELM_VERSION: 3.16.4 # https://github.com/oras-project/oras/releases - ORAS_VERSION: 1.2.0 + ORAS_VERSION: 1.2.2 # https://github.com/docker/buildx/releases - BUILDX_VERSION: 0.17.1 + BUILDX_VERSION: 0.19.3 # https://github.com/hadolint/hadolint/releases HADOLINT_VERSION: 2.12.0 # https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-history#fixed-version-bootstrappers - VS_BUILDTOOLS_WIN_VERSION: 80c57218-b55f-4260-af46-a64ffd76e7a6/7fee719abc3ba9eced84ea258ccae39a7b0cc953b539c2ea3a98c3ff588b7870 + VS_BUILDTOOLS_WIN_VERSION: f2819554-a618-400d-bced-774bb5379965/cc7231dc668ec1fb92f694c66b5d67cba1a9e21127a6e0b31c190f772bd442f2 # https://github.com/gohugoio/hugo/releases - HUGO_VERSION: 0.135.0 + HUGO_VERSION: 0.140.2 # See: https://github.com/getsops/sops/releases - SOPS_VERSION: 3.9.1 + SOPS_VERSION: 3.9.3 jobs: init: @@ -148,7 +148,7 @@ jobs: - name: Setup Cosign # Only sign builds on main branch if: github.ref == 'refs/heads/main' - uses: sigstore/cosign-installer@v3.6.0 + uses: sigstore/cosign-installer@v3.7.0 with: cosign-release: v${{ env.COSIGN_VERSION }} @@ -183,7 +183,7 @@ jobs: .cr-release-packages/blue-agent-${{ needs.init.outputs.VERSION }}.tgz - name: Upload Helm chart - uses: actions/upload-artifact@v4.4.0 + uses: actions/upload-artifact@v4.4.3 with: if-no-files-found: error # Fail if no files are uploaded include-hidden-files: true # Folder begins with a dot, if not checked the whole folder is ignored @@ -308,11 +308,9 @@ jobs: fail-fast: false matrix: include: - - os: bookworm - arch: linux/amd64,linux/arm64 - - os: bullseye + - os: azurelinux3 arch: linux/amd64,linux/arm64 - - os: focal + - os: bookworm arch: linux/amd64,linux/arm64 - os: jammy arch: linux/amd64,linux/arm64 @@ -341,7 +339,7 @@ jobs: # Required for "docker build" command - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v3.6.1 + uses: docker/setup-buildx-action@v3.7.1 with: version: v${{ env.BUILDX_VERSION }} driver-opts: | @@ -357,7 +355,7 @@ jobs: - name: Setup Cosign # Only sign builds on main branch if: github.ref == 'refs/heads/main' - uses: sigstore/cosign-installer@v3.6.0 + uses: sigstore/cosign-installer@v3.7.0 with: cosign-release: v${{ env.COSIGN_VERSION }} @@ -421,7 +419,7 @@ jobs: echo "tag=$tag" >> $GITHUB_OUTPUT - name: Build & push container - uses: docker/build-push-action@v6.7.0 + uses: docker/build-push-action@v6.10.0 with: build-args: | AWS_CLI_VERSION=${{ env.AWS_CLI_VERSION }} @@ -546,7 +544,7 @@ jobs: - name: Setup Cosign # Only sign builds on main branch if: github.ref == 'refs/heads/main' - uses: sigstore/cosign-installer@v3.6.0 + uses: sigstore/cosign-installer@v3.7.0 with: cosign-release: v${{ env.COSIGN_VERSION }} @@ -749,7 +747,7 @@ jobs: # Required for running "oras" CLI - name: Setup ORAS - uses: oras-project/setup-oras@v1.2.0 + uses: oras-project/setup-oras@v1.2.1 with: version: ${{ env.ORAS_VERSION }} @@ -841,7 +839,7 @@ jobs: --baseURL "${{ steps.pages.outputs.base_url }}/" - name: Upload build artifact - uses: actions/upload-artifact@v4.4.0 + uses: actions/upload-artifact@v4.4.3 with: if-no-files-found: error # Fail if no files are uploaded name: hugo @@ -903,7 +901,7 @@ jobs: # Rate limiting on Azure DevOps SaaS APIs is triggered quickly by integration tests, so we need to limit the number of parallel jobs max-parallel: 3 matrix: - os: [bookworm, bullseye, focal, jammy, noble, ubi8, ubi9] + os: [azurelinux3, bookworm, jammy, noble, ubi8, ubi9] steps: - name: Checkout uses: actions/checkout@v4.1.7 @@ -938,9 +936,11 @@ jobs: - name: Integration env: + # See: https://learn.microsoft.com/en-us/azure/devops/cli/log-in-via-pat?view=azure-devops&tabs=windows#use-the-azure_devops_ext_pat-environment-variable # Permissions: agent pools (read & manage); build (read & execute); pipeline resources (use & manage); project and team (read, write, & manage); service connections (read, query, & manage) # Recommended group membership: Project Collection Build Service Accounts AZURE_DEVOPS_EXT_PAT: ${{ secrets.AZURE_DEVOPS_PAT }} + # See: https://learn.microsoft.com/en-us/cli/azure/devops/service-endpoint/github?view=azure-cli-latest#az-devops-service-endpoint-github-create # Scope: clemlesne/blue-agent # Permissions: contents (read-only); metadata (read-only); webhooks (read & write) AZURE_DEVOPS_EXT_GITHUB_PAT: ${{ secrets.AZURE_DEVOPS_GITHUB_PAT }} @@ -955,6 +955,7 @@ jobs: - name: Cleanup if: always() env: + # See: https://learn.microsoft.com/en-us/azure/devops/cli/log-in-via-pat?view=azure-devops&tabs=windows#use-the-azure_devops_ext_pat-environment-variable # Permissions: agent pools (read & manage); build (read & execute); pipeline resources (use & manage); project and team (read, write, & manage); service connections (read, query, & manage) # Recommended group membership: Project Collection Build Service Accounts AZURE_DEVOPS_EXT_PAT: ${{ secrets.AZURE_DEVOPS_PAT }} diff --git a/.sops.yaml b/.sops.yaml index f82e344d..272eca30 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,3 +1,3 @@ creation_rules: - - age: age1up54yhdjs672usk4etmy8naa5uh0qamy5tn3nmkwua5vp6fn7v7qz80945 + - age: age1fxq8nhldys0d49jhw474zzk305qytqnasjerrcysja8zu08zcyjqs7ck5g encrypted_regex: value diff --git a/docs/content/docs/advanced-topics/bicep-deployment.md b/docs/content/docs/advanced-topics/bicep-deployment.md index e143716c..182126b5 100644 --- a/docs/content/docs/advanced-topics/bicep-deployment.md +++ b/docs/content/docs/advanced-topics/bicep-deployment.md @@ -12,7 +12,7 @@ Bicep is a deployment language for Azure, allowing to easily deploy resources on | `autoscalingMinReplicas` | Minimum number of replicas the agent should have | `0` | | `autoscalingPollingInterval` | Minimum number of replicas the agent should have; Warning, a low value will cause rate limiting or throttling, and can cause high load on the Azure DevOps API | `10` | | `extraEnv` | Extra environment variables to pass to the agent | `[]` | -| `imageFlavor` | Flavor of the container image, represents the Linux distribution. Allowed values: `bookworm`, `bullseye`, `focal`, `jammy`, `noble`, `ubi8`, `ubi9` | `bookworm` | +| `imageFlavor` | Flavor of the container image, represents the Linux distribution. Allowed values: `azurelinux3`, `bookworm`, `jammy`, `noble`, `ubi8`, `ubi9` | `bookworm` | | `imageName` | Name of the container image | `clemlesne/blue-agent` | | `imageRegistry` | Registry of the container image. Allowed values: `docker.io`, `ghcr.io` | `ghcr.io` | | `imageVersion` | Version of the container image, it is recommended to use a specific version like "1.0.0" instead of "latest" | `main` | diff --git a/docs/content/docs/advanced-topics/build-aspnet.md b/docs/content/docs/advanced-topics/build-aspnet.md index 82dcaad3..c9fc5d5e 100644 --- a/docs/content/docs/advanced-topics/build-aspnet.md +++ b/docs/content/docs/advanced-topics/build-aspnet.md @@ -7,10 +7,7 @@ It was chosen arbitrarily to install the LTS non SDK version of ASNP.NET. Becaus - LTS is better supported by Microsoft than STS - The non-SDK is lighter when included in a container, knowing that not everyone will use it for building purposes -Bundled versions installed depends on the image used: - -- Debian Bullseye (11) and Ubuntu Focal (20.04) use the `6.x` version (Microsoft doesn't support any LTS upgrades for these versions) -- Other images use the `8.x` version +All images are bundled with the `8.x` version. It is recommended that development teams to hard-code the framework version you want to use, in your pipeline. With this setup, the developer controls its environment, not the platform. If they decide to upgrade, they update the pipeline, if not, not. This is under the responsibility of the developer. diff --git a/docs/content/docs/advanced-topics/docker-in-docker.md b/docs/content/docs/advanced-topics/docker-in-docker.md index 056f4c8a..82846976 100644 --- a/docs/content/docs/advanced-topics/docker-in-docker.md +++ b/docs/content/docs/advanced-topics/docker-in-docker.md @@ -17,9 +17,8 @@ Linux systems are supported, but not Windows: | `Ref` | Container build inside of the agent with BuildKit | | ------------------------------------------------ | ------------------------------------------------- | +| `ghcr.io/clemlesne/blue-agent:azurelinux3-main` | ✅ | | `ghcr.io/clemlesne/blue-agent:bookworm-main` | ✅ | -| `ghcr.io/clemlesne/blue-agent:bullseye-main` | ✅ | -| `ghcr.io/clemlesne/blue-agent:focal-main` | ✅ | | `ghcr.io/clemlesne/blue-agent:jammy-main` | ✅ | | `ghcr.io/clemlesne/blue-agent:noble-main` | ✅ | | `ghcr.io/clemlesne/blue-agent:ubi8-main` | ✅ | diff --git a/docs/content/docs/advanced-topics/helm-deployment.md b/docs/content/docs/advanced-topics/helm-deployment.md index 6ac2bd41..bb5064cd 100644 --- a/docs/content/docs/advanced-topics/helm-deployment.md +++ b/docs/content/docs/advanced-topics/helm-deployment.md @@ -23,10 +23,10 @@ Helm is a package manager for Kubernetes, allowing to easily deploy applications | `extraVolumeMounts` | Additional volume mounts for the agent container | `[]` | | `extraVolumes` | Additional volumes for the agent pod | `[]` | | `fullnameOverride` | Overrides release fullname | `""` | -| `image.flavor` | Container image tag, can be `bookworm`, `bullseye`, `focal`, `jammy`, `noble`, `ubi8`, `ubi9`, `win-ltsc2019`, or `win-ltsc2022` | `bookworm` | +| `image.flavor` | Container image tag, can be `bookworm`, `jammy`, `noble`, `ubi8`, `ubi9`, `win-ltsc2019`, or `win-ltsc2022` | `bookworm` | | `image.isWindows` | Turn on is the agent is a Windows-based system | `false` | | `image.pullPolicy` | Container image pull policy | `IfNotPresent` | -| `image.repository` | Container image repository | `ghcr.io/clemlesne/blue-agent:bullseye` | +| `image.repository` | Container image repository | `ghcr.io/clemlesne/blue-agent` | | `image.version` | Container image tag | _Version_ | | `imagePullSecrets` | Use secrets to pull the container image | `[]` | | `initContainers` | Init containers for the agent pod | `[]` | diff --git a/docs/content/docs/getting-started.md b/docs/content/docs/getting-started.md index 63e7cdbd..97933c45 100644 --- a/docs/content/docs/getting-started.md +++ b/docs/content/docs/getting-started.md @@ -84,11 +84,10 @@ OS support is generally called "flavor" in this documentation. The following tab | `Ref` | OS | `Size` | `Arch` | Support | | ------------------------------------------------ | ---------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | +| `ghcr.io/clemlesne/blue-agent:azurelinux3-main` | [Azure Linux 3](https://github.com/microsoft/azurelinux) | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/clemlesne/blue-agent/azurelinux3-main?label=) | `amd64`, `arm64/v8` | [See Microsoft Azure documentation.](https://learn.microsoft.com/en-us/azure/aks/support-policies) | | `ghcr.io/clemlesne/blue-agent:bookworm-main` | [Debian Bookworm (12)](https://www.debian.org/releases/bookworm) slim | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/clemlesne/blue-agent/bookworm-main?label=) | `amd64`, `arm64/v8` | [See Debian LTS wiki.](https://wiki.debian.org/LTS) | -| `ghcr.io/clemlesne/blue-agent:bullseye-main` | [Debian Bullseye (11)](https://www.debian.org/releases/bullseye) slim | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/clemlesne/blue-agent/bullseye-main?label=) | `amd64`, `arm64/v8` | [See Debian LTS wiki.](https://wiki.debian.org/LTS) | | `ghcr.io/clemlesne/blue-agent:noble-main` | [Ubuntu Noble (24.04)](https://www.releases.ubuntu.com/noble) minimal | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/clemlesne/blue-agent/noble-main?label=) | `amd64` | [See Ubuntu LTS wiki.](https://wiki.ubuntu.com/Releases) | | `ghcr.io/clemlesne/blue-agent:jammy-main` | [Ubuntu Jammy (22.04)](https://www.releases.ubuntu.com/jammy) minimal | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/clemlesne/blue-agent/jammy-main?label=) | `amd64`, `arm64/v8` | [See Ubuntu LTS wiki.](https://wiki.ubuntu.com/Releases) | -| `ghcr.io/clemlesne/blue-agent:focal-main` | [Ubuntu Focal (20.04)](https://www.releases.ubuntu.com/focal) minimal | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/clemlesne/blue-agent/focal-main?label=) | `amd64`, `arm64/v8` | [See Ubuntu LTS wiki.](https://wiki.ubuntu.com/Releases) | | `ghcr.io/clemlesne/blue-agent:ubi9-main` | [Red Hat UBI 9](https://developers.redhat.com/articles/ubi-faq) minimal | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/clemlesne/blue-agent/ubi9-main?label=) | `amd64`, `arm64/v8` | [See Red Hat product life cycles.](https://access.redhat.com/product-life-cycles/?product=Red%20Hat%20Enterprise%20Linux) | | `ghcr.io/clemlesne/blue-agent:ubi8-main` | [Red Hat UBI 8](https://developers.redhat.com/articles/ubi-faq) minimal | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/clemlesne/blue-agent/ubi8-main?label=) | `amd64`, `arm64/v8` | [See Red Hat product life cycles.](https://access.redhat.com/product-life-cycles/?product=Red%20Hat%20Enterprise%20Linux) | | `ghcr.io/clemlesne/blue-agent:win-ltsc2022-main` | [Windows Server 2022](https://learn.microsoft.com/en-us/windows-server) Core | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/clemlesne/blue-agent/win-ltsc2022-main?label=) | `amd64` | [See base image servicing lifecycles.](https://learn.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/base-image-lifecycle) | diff --git a/docs/content/docs/security.md b/docs/content/docs/security.md index e664b7ed..b97207dc 100644 --- a/docs/content/docs/security.md +++ b/docs/content/docs/security.md @@ -14,9 +14,8 @@ Scanned systems: | `Ref` | Vulnerability scans with Snyk | | ------------------------------------------------ | ----------------------------- | +| `ghcr.io/clemlesne/blue-agent:azurelinux3-main` | ✅ | | `ghcr.io/clemlesne/blue-agent:bookworm-main` | ✅ | -| `ghcr.io/clemlesne/blue-agent:bullseye-main` | ✅ | -| `ghcr.io/clemlesne/blue-agent:focal-main` | ✅ | | `ghcr.io/clemlesne/blue-agent:jammy-main` | ✅ | | `ghcr.io/clemlesne/blue-agent:noble-main` | ✅ | | `ghcr.io/clemlesne/blue-agent:ubi8-main` | ✅ | @@ -40,8 +39,8 @@ Cosign public key is available in [`/cosign.pub`](cosign.pub). ```bash # Example of verification with Cosign -❯ cosign verify --key cosign.pub ghcr.io/clemlesne/blue-agent:bullseye-main -Verification for ghcr.io/clemlesne/blue-agent:bullseye-main -- +❯ cosign verify --key cosign.pub ghcr.io/clemlesne/blue-agent:bookworm-main +Verification for ghcr.io/clemlesne/blue-agent:bookworm-main -- The following checks were performed on each of these signatures: - The cosign claims were validated - Existence of the claims in the transparency log was verified offline @@ -80,4 +79,4 @@ Systems are built every days. Each image is accompanied by a [SBOM (Software Bil Nevertheless it can happen that a package provider (e.g. Debian, Canonical, Red Hat) deploys a system update that introduces a bug. This is difficult to predict. -Each image is pushed with a unique tag, which corresponds to the date of the last update (example: `bullseye-20230313` for a build on March 13, 2023). It is therefore possible to fix the download of a version by modifying the `image.version` property to `20230313`. +Each image is pushed with a unique tag, which corresponds to the date of the last update (example: `bookworm-20230313` for a build on March 13, 2023). It is therefore possible to fix the download of a version by modifying the `image.version` property to `20230313`. diff --git a/src/bicep/main.bicep b/src/bicep/main.bicep index 8e53fff3..1d71a9eb 100644 --- a/src/bicep/main.bicep +++ b/src/bicep/main.bicep @@ -11,9 +11,8 @@ param autoscalingPollingInterval int = 10 param extraEnv array = [] @description('Flavor of the container image, represents the Linux distribution') @allowed([ + 'azurelinux3' 'bookworm' - 'bullseye' - 'focal' 'jammy' 'noble' 'ubi8' diff --git a/src/docker/Dockerfile-bullseye b/src/docker/Dockerfile-azurelinux3 similarity index 82% rename from src/docker/Dockerfile-bullseye rename to src/docker/Dockerfile-azurelinux3 index 3ff13cc3..ceb49640 100644 --- a/src/docker/Dockerfile-bullseye +++ b/src/docker/Dockerfile-azurelinux3 @@ -1,53 +1,50 @@ -# syntax=docker/dockerfile:1 -# check=skip=UndefinedVar - -FROM mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim@sha256:3717ce4bc6e34336ac100762eb766dc9cb739543686d0189001c1cafa57ba29c AS base - -# Force apt-get to not use TTY -ENV DEBIAN_FRONTEND=noninteractive +FROM mcr.microsoft.com/dotnet/aspnet:8.0-azurelinux3.0@sha256:e1cddf0093fc04fc5ded6c475abb0205db1279ff3dc2597b34403b4853a5a00c AS base # Configure local user ENV USER=root ENV HOME=/app-root +# Allow tdnf to valides TLS connections +ENV GNUPGHOME=/root/.gnupg + # Avoid Python cache during build ENV PYTHONDONTWRITEBYTECODE=1 # Install: # - Azure CLI system requirements (C/Rust build tools for libs non pre-built on this platform) # - Azure Pipelines agent system requirements -# - dbus-user-session, fuse-overlayfs, iptables, for BuildKit +# - iptables, for BuildKit # - gzip, make, tar, unzip, wget, zip, zstd, dnsutils, rsync, for developer ease-of-life # - zsh, for inter-operability -RUN rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache -RUN --mount=target=/var/lib/apt/lists,type=cache,id=apt-lists-${TARGETPLATFORM},sharing=locked --mount=target=/var/cache,type=cache,id=var-cache-${TARGETPLATFORM},sharing=locked \ - apt-get update -q \ - && apt-get install -y -q --no-install-recommends \ +RUN --mount=target=/var/cache/tdnf,type=cache,id=yum-${TARGETPLATFORM},sharing=locked \ + tdnf update -y \ + && tdnf install -y \ + bind-utils \ build-essential \ ca-certificates \ cargo \ curl \ - dbus-user-session \ - dnsutils \ - fuse-overlayfs \ + findutils \ + gcc \ + gcc-c++ \ git \ + git-core \ git-lfs \ gnupg \ gzip \ + hostname \ iptables \ - iputils-ping \ + iputils \ jq \ - libffi-dev \ - libssl-dev \ lsb-release \ make \ + openssl \ + openssl-devel \ pkg-config \ rsync \ - software-properties-common \ + shadow-utils \ sudo \ tar \ - uidmap \ unzip \ wget \ zip \ @@ -95,41 +92,41 @@ FROM base AS python # Build Python from source, then verify installation ARG PYTHON_VERSION ENV PYTHON_VERSION=${PYTHON_VERSION} -RUN --mount=target=/var/lib/apt/lists,type=cache,id=apt-lists-${TARGETPLATFORM},sharing=locked --mount=target=/var/cache,type=cache,id=var-cache-${TARGETPLATFORM},sharing=locked --mount=target=/Python-${PYTHON_VERSION},type=cache,id=python-${PYTHON_VERSION}-${TARGETPLATFORM},sharing=locked \ - apt-get update -q \ - && apt-get install -y -q --no-install-recommends \ - g++ \ - lcov \ - libbz2-dev \ - libgdbm-compat-dev \ - libgdbm-dev \ - liblzma-dev \ - libmpdec-dev \ - libncurses5-dev \ - libncursesw5-dev \ - libreadline-dev \ - libreadline6-dev \ - libsqlite3-dev \ - libxml2-dev \ - libxmlsec1-dev \ - lzma \ - lzma-dev \ - uuid-dev \ - xz-utils \ - zlib1g-dev \ +RUN --mount=target=/var/cache/tdnf,type=cache,id=yum-${TARGETPLATFORM},sharing=locked --mount=target=/Python-${PYTHON_VERSION},type=cache,id=python-${PYTHON_VERSION}-${TARGETPLATFORM},sharing=locked \ + tdnf update -y \ + && tdnf install -y \ + bzip2 \ + bzip2-devel \ + expat \ + expat-devel \ + gdb \ + gdbm-devel \ + glibc-devel \ + libffi-devel \ + libstdc++-devel \ + libuuid-devel \ + libxml2-devel \ + ncurses-devel \ + rpm-build \ + sqlite \ + sqlite-devel \ + sqlite-libs \ + xz-devel \ + xz-libs \ + zlib-devel \ && curl -LsSf --retry 8 --retry-all-errors https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz -o python.tgz \ && tar -xzf python.tgz \ && rm python.tgz \ && cd Python-${PYTHON_VERSION} \ - && gnu_arch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + && gnu_arch="$(rpm --eval '%{_target_cpu}')-centos-linux-gnu" \ && ./configure \ --build=$gnu_arch \ --enable-optimizations \ --with-ensurepip=install \ --with-lto \ && make profile-removal \ - && extra_cflags="$(dpkg-buildflags --get CFLAGS)" \ - && ldflags="$(dpkg-buildflags --get LDFLAGS)" \ + && extra_cflags="$(rpm --eval '%{optflags}')" \ + && ldflags="$(rpm --eval '%{__global_ldflags}')" \ && make -j $(nproc) "EXTRA_CFLAGS=${extra_cflags:-}" "LDFLAGS=${ldflags:-}" \ && make install \ && cd .. \ @@ -261,6 +258,7 @@ RUN rm arch.sh # Reset Python configs to default ENV PYTHONDONTWRITEBYTECODE= +ENV PIP_BREAK_SYSTEM_PACKAGES= # Configure local user RUN mkdir -p /run/user/0 ${HOME}/.local/tmp ${HOME}/.local/share/buildkit \ diff --git a/src/docker/Dockerfile-bookworm b/src/docker/Dockerfile-bookworm index 059e9fcf..0116f45b 100644 --- a/src/docker/Dockerfile-bookworm +++ b/src/docker/Dockerfile-bookworm @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 # check=skip=UndefinedVar -FROM mcr.microsoft.com/dotnet/aspnet:8.0-bookworm-slim@sha256:b3cdb99fb356091b6395f3444d355da8ae5d63572ba777bed95b65848d6e02be AS base +FROM mcr.microsoft.com/dotnet/aspnet:8.0-bookworm-slim@sha256:d53ebf3481ea8ac8e4fa5c4213ae1f32a33e68e5b8181868edb11d0496a00432 AS base # Force apt-get to not use TTY ENV DEBIAN_FRONTEND=noninteractive diff --git a/src/docker/Dockerfile-focal b/src/docker/Dockerfile-focal deleted file mode 100644 index a310d4eb..00000000 --- a/src/docker/Dockerfile-focal +++ /dev/null @@ -1,277 +0,0 @@ -# syntax=docker/dockerfile:1 -# check=skip=UndefinedVar - -FROM mcr.microsoft.com/dotnet/aspnet:6.0-focal@sha256:fe64a7f5bf2e300e52ad4eadc8d59c0ec7f096e22107d910c478366ee99c903d AS base - -# Force apt-get to not use TTY -ENV DEBIAN_FRONTEND=noninteractive - -# Configure local user -ENV USER=root -ENV HOME=/app-root - -# Avoid Python cache during build -ENV PYTHONDONTWRITEBYTECODE=1 - -# Install: -# - Azure CLI system requirements (C/Rust build tools for libs non pre-built on this platform) -# - Azure Pipelines agent system requirements -# - dbus-user-session, iptables, uidmap, for BuildKit -# - gzip, make, tar, unzip, wget, zip, zstd, dnsutils, rsync, for developer ease-of-life -# - zsh, for inter-operability -RUN rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache -RUN --mount=target=/var/lib/apt/lists,type=cache,id=apt-lists-${TARGETPLATFORM},sharing=locked --mount=target=/var/cache,type=cache,id=var-cache-${TARGETPLATFORM},sharing=locked \ - apt-get update -q \ - && apt-get install -y -q --no-install-recommends \ - build-essential \ - ca-certificates \ - cargo \ - curl \ - dbus-user-session \ - dnsutils \ - git \ - git-lfs \ - gnupg \ - gzip \ - iptables \ - iputils-ping \ - jq \ - libffi-dev \ - libssl-dev \ - lsb-release \ - make \ - pkg-config \ - rsync \ - software-properties-common \ - sudo \ - tar \ - uidmap \ - unzip \ - wget \ - zip \ - zsh \ - zstd \ - && find / -depth -type d -name __pycache__ -exec rm -rf {} \; 2> /dev/null - -# Copy helper script, then verify installation -COPY arch.sh . -RUN chmod +x arch.sh \ - && bash arch.sh - -# Persist Python version -ARG PYTHON_VERSION_MAJOR_MINOR -ARG PYTHON_VERSION_PATCH -ENV PYTHON_VERSION=${PYTHON_VERSION_MAJOR_MINOR}.${PYTHON_VERSION_PATCH} - -FROM base AS rootlesskit - -# Install Go, then verify installation -ARG GO_VERSION -ENV GO_VERSION=${GO_VERSION} -RUN rm -rf /usr/local/go \ - && curl -LsSf --retry 8 https://go.dev/dl/go${GO_VERSION}.linux-$(ARCH_X64=amd64 bash arch.sh).tar.gz | tar -xz -C /usr/local -ENV PATH="${PATH}:/usr/local/go/bin" -RUN go version - -# Install RootlessKit, then verify installation -ARG ROOTLESSKIT_VERSION -ENV ROOTLESSKIT_VERSION=${ROOTLESSKIT_VERSION} -RUN --mount=target=/rootlesskit-${ROOTLESSKIT_VERSION},type=cache,id=rootlesskit-${ROOTLESSKIT_VERSION}-${TARGETPLATFORM},sharing=locked \ - git clone --depth 1 --branch v${ROOTLESSKIT_VERSION} https://github.com/rootless-containers/rootlesskit.git rootlesskit \ - # Ugly but that's work - && cp -r rootlesskit/* rootlesskit-${ROOTLESSKIT_VERSION} \ - && rm -rf rootlesskit \ - && cd rootlesskit-${ROOTLESSKIT_VERSION} \ - && make \ - && make install \ - && cd .. \ - && rootlesskit --version \ - && rootlessctl --version - -FROM base AS python - -# Build Python from source, then verify installation -ARG PYTHON_VERSION -ENV PYTHON_VERSION=${PYTHON_VERSION} -RUN --mount=target=/var/lib/apt/lists,type=cache,id=apt-lists-${TARGETPLATFORM},sharing=locked --mount=target=/var/cache,type=cache,id=var-cache-${TARGETPLATFORM},sharing=locked --mount=target=/Python-${PYTHON_VERSION},type=cache,id=python-${PYTHON_VERSION}-${TARGETPLATFORM},sharing=locked \ - apt-get update -q \ - && apt-get install -y -q --no-install-recommends \ - g++ \ - lcov \ - libbz2-dev \ - libgdbm-compat-dev \ - libgdbm-dev \ - liblzma-dev \ - libmpdec-dev \ - libncurses5-dev \ - libncursesw5-dev \ - libreadline-dev \ - libreadline6-dev \ - libsqlite3-dev \ - libxml2-dev \ - libxmlsec1-dev \ - lzma \ - lzma-dev \ - uuid-dev \ - xz-utils \ - zlib1g-dev \ - && curl -LsSf --retry 8 https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz -o python.tgz \ - && tar -xzf python.tgz \ - && rm python.tgz \ - && cd Python-${PYTHON_VERSION} \ - && gnu_arch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ - && ./configure \ - --build=$gnu_arch \ - --enable-optimizations \ - --with-ensurepip=install \ - --with-lto \ - && make profile-removal \ - && extra_cflags="$(dpkg-buildflags --get CFLAGS)" \ - && ldflags="$(dpkg-buildflags --get LDFLAGS)" \ - && make -j $(nproc) "EXTRA_CFLAGS=${extra_cflags:-}" "LDFLAGS=${ldflags:-}" \ - && make install \ - && cd .. \ - && python3 --version \ - && python3 -m pip --version \ - && find / -depth -type d -name __pycache__ -exec rm -rf {} \; 2> /dev/null - -FROM base - -# Install Python, then verify installation -COPY --from=python /usr/local/bin/python${PYTHON_VERSION_MAJOR_MINOR} /usr/local/bin/python${PYTHON_VERSION_MAJOR_MINOR} -COPY --from=python /usr/local/lib/python${PYTHON_VERSION_MAJOR_MINOR} /usr/local/lib/python${PYTHON_VERSION_MAJOR_MINOR} -RUN ln -s /usr/local/bin/python${PYTHON_VERSION_MAJOR_MINOR} /usr/local/bin/python3 \ - && ln -s /usr/local/bin/python${PYTHON_VERSION_MAJOR_MINOR} /usr/local/bin/python \ - && python --version \ - && python3 --version \ - && python${PYTHON_VERSION_MAJOR_MINOR} --version \ - && python3 -m pip --version - -# Install Python build tools -RUN --mount=target=/${USER}/.cache/pip,type=cache,id=pip-${PYTHON_VERSION_MAJOR_MINOR}-${TARGETPLATFORM},sharing=locked \ - python3 -m pip \ - --disable-pip-version-check \ - --quiet \ - --retries 8 \ - --timeout 120 \ - install \ - --upgrade \ - pip setuptools wheel \ - && find / -depth -type d -name __pycache__ -exec rm -rf {} \; 2> /dev/null - -# Install Azure CLI, then verify installation -ARG AZURE_CLI_VERSION -ENV AZURE_CLI_VERSION=${AZURE_CLI_VERSION} -RUN --mount=target=/${USER}/.cache/pip,type=cache,id=pip-${PYTHON_VERSION_MAJOR_MINOR}-${TARGETPLATFORM},sharing=locked \ - python3 -m pip \ - --disable-pip-version-check \ - --quiet \ - --retries 8 \ - --timeout 120 \ - install \ - azure-cli==${AZURE_CLI_VERSION} \ - && az version \ - && rm -rf ${HOME}/.azure ${HOME}/.cache/pip \ - && find / -depth -type d -name __pycache__ -exec rm -rf {} \; 2> /dev/null - -# Install AWS CLI, then verify installation -ARG AWS_CLI_VERSION -ENV AWS_CLI_VERSION=${AWS_CLI_VERSION} -RUN curl -LsSf --retry 8 https://awscli.amazonaws.com/awscli-exe-linux-$(ARCH_X64=x86_64 ARCH_ARM64=aarch64 bash arch.sh)-${AWS_CLI_VERSION}.zip -o awscli.zip \ - && unzip -q awscli.zip \ - && ./aws/install \ - && rm -rf awscli.zip aws \ - && aws --version - -# Install Google Cloud CLI, then verify installation -ARG GCLOUD_CLI_VERSION -ENV GCLOUD_CLI_VERSION=${GCLOUD_CLI_VERSION} -RUN curl -LsSf --retry 8 https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-${GCLOUD_CLI_VERSION}-linux-$(ARCH_X64=x86_64 ARCH_ARM64=arm bash arch.sh).tar.gz | tar -xz -C /usr/local \ - && /usr/local/google-cloud-sdk/install.sh \ - --additional-components beta \ - --quiet \ - && ln -s /usr/local/google-cloud-sdk/bin/gcloud /usr/bin/gcloud \ - && ln -s /usr/local/google-cloud-sdk/bin/gsutil /usr/bin/gsutil \ - && gcloud version \ - && rm -rf /usr/local/google-cloud-sdk/.install ${HOME}/.config/gcloud \ - && find / -depth -type d -name __pycache__ -exec rm -rf {} \; 2> /dev/null - -# Install Powershell, then verify installation -ARG POWERSHELL_VERSION -ENV POWERSHELL_VERSION=${POWERSHELL_VERSION} -RUN mkdir -p /opt/microsoft/powershell \ - && curl -LsSf --retry 8 https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell-${POWERSHELL_VERSION}-linux-$(bash arch.sh).tar.gz | tar -xz -C /opt/microsoft/powershell \ - && chmod +x /opt/microsoft/powershell/pwsh \ - && ln -s /opt/microsoft/powershell/pwsh /usr/bin/pwsh \ - && pwsh -Version \ - && rm -rf ${HOME}/.config/powershell ${HOME}/.cache/powershell - -# Install YQ, then verify installation -ARG YQ_VERSION -ENV YQ_VERSION=${YQ_VERSION} -RUN curl -LsSf --retry 8 https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_$(ARCH_X64=amd64 bash arch.sh) -o /usr/bin/yq \ - && chmod +x /usr/bin/yq \ - && yq --version - -# Install Tini, then verify installation -ARG TINI_VERSION -ENV TINI_VERSION=${TINI_VERSION} -RUN curl -LsSf --retry 8 https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$(ARCH_X64=amd64 bash arch.sh) -o /tini \ - && chmod +x /tini \ - && /tini --version -ENTRYPOINT ["/tini", "--"] - -# Install BuildKit, then verify installation -ARG BUILDKIT_VERSION -ENV BUILDKIT_VERSION=${BUILDKIT_VERSION} -RUN mkdir buildkit \ - && curl -LsSf --retry 8 https://github.com/moby/buildkit/releases/download/v${BUILDKIT_VERSION}/buildkit-v${BUILDKIT_VERSION}.linux-$(ARCH_X64=amd64 bash arch.sh).tar.gz | tar -xz -C buildkit \ - && mv buildkit/bin/* /usr/local/bin \ - && rm -rf buildkit \ - && buildctl --version \ - && buildkitd --version - -# Install RootlessKit, then verify installation -COPY --from=rootlesskit /usr/local/bin/rootless* /usr/bin/ -RUN rootlesskit --version \ - && rootlessctl --version - -# Install Azure Pipelines Agent sources, then verify installation -ARG AZP_AGENT_VERSION -ENV AZP_AGENT_VERSION=${AZP_AGENT_VERSION} -ENV AZP_HOME=${HOME}/azp-agent -# Disable agent auto-updates -# See: https://github.com/microsoft/azure-pipelines-agent/blob/b5ff4408239f3e938560f8b2e3848df76489a8d0/src/Agent.Listener/Agent.cs#L354C24-L354C24 -ENV agent.disableupdate="1" -RUN mkdir -p ${AZP_HOME} \ - && curl -LsSf --retry 8 https://vstsagentpackage.azureedge.net/agent/${AZP_AGENT_VERSION}/pipelines-agent-linux-$(bash arch.sh)-${AZP_AGENT_VERSION}.tar.gz | tar -xz -C ${AZP_HOME} \ - && cd ${AZP_HOME} \ - && chmod +x run-docker.sh config.sh \ - && AGENT_ALLOW_RUNASROOT="1" bash run-docker.sh --version \ - && rm -rf _diag \ - # Allow local user to R/W to agent home - && chmod -R a+w . -ENV AZP_WORK=${HOME}/azp-work -ENV AZP_CUSTOM_CERT_PEM=${HOME}/azp-custom-certs - -# Cleanup helper script -RUN rm arch.sh - -# Reset Python configs to default -ENV PYTHONDONTWRITEBYTECODE= - -# Configure local user -RUN mkdir -p /run/user/0 ${HOME}/.local/tmp ${HOME}/.local/share/buildkit \ - && chown -R ${USER} /run/user/0 ${HOME} \ - && echo ${USER}:100000:65536 | tee /etc/subuid | tee /etc/subgid -USER 0:0 -ENV XDG_RUNTIME_DIR=/run/user/0 -ENV TMPDIR=${HOME}/.local/tmp -ENV BUILDKIT_HOST=unix:///run/user/0/buildkit/buildkitd.sock - -# Install Azure Pipelines Agent startup script -WORKDIR ${AZP_HOME} -COPY start.sh . -# Run as exec form, so that it can receive signals from Tini -CMD ["bash", "start.sh"] diff --git a/src/docker/Dockerfile-jammy b/src/docker/Dockerfile-jammy index 25cb6f23..9cb1958c 100644 --- a/src/docker/Dockerfile-jammy +++ b/src/docker/Dockerfile-jammy @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 # check=skip=UndefinedVar -FROM mcr.microsoft.com/dotnet/aspnet:8.0-jammy@sha256:d41af821cc90286d7c0d81c6a25733846ee7eebb2b55479934af909afd36471a AS base +FROM mcr.microsoft.com/dotnet/aspnet:8.0-jammy@sha256:440fcf7393169e07526df19360628c424a95c435d1beaf70a53048387398e79f AS base # Force apt-get to not use TTY ENV DEBIAN_FRONTEND=noninteractive diff --git a/src/docker/Dockerfile-noble b/src/docker/Dockerfile-noble index 62d43a7c..0cf4fb9b 100644 --- a/src/docker/Dockerfile-noble +++ b/src/docker/Dockerfile-noble @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 # check=skip=UndefinedVar -FROM mcr.microsoft.com/dotnet/aspnet:8.0-noble@sha256:a516b80935ab07dc415244dcdb8c52f4592644282127ecfa37c77561d26d25d5 AS base +FROM mcr.microsoft.com/dotnet/aspnet:8.0-noble@sha256:d1f7c5f0ef897b62d8580f5a51dbc9add024c273d06b67ff28580c882e9ff672 AS base # Force apt-get to not use TTY ENV DEBIAN_FRONTEND=noninteractive diff --git a/src/docker/Dockerfile-ubi8 b/src/docker/Dockerfile-ubi8 index 984bfcad..5becec2b 100644 --- a/src/docker/Dockerfile-ubi8 +++ b/src/docker/Dockerfile-ubi8 @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 # check=skip=UndefinedVar -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.10@sha256:7583ca0ea52001562bd81a961da3f75222209e6192e4e413ee226cff97dbd48c AS base +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.10@sha256:c12e67af6a7e15113d76bc72f10bef2045c026c71ec8b7124c8a075458188a83 AS base # Configure local user ENV USER=root diff --git a/src/docker/Dockerfile-ubi9 b/src/docker/Dockerfile-ubi9 index e752c5db..b8ab39da 100644 --- a/src/docker/Dockerfile-ubi9 +++ b/src/docker/Dockerfile-ubi9 @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 # check=skip=UndefinedVar -FROM registry.access.redhat.com/ubi9-minimal:9.4@sha256:f182b500ff167918ca1010595311cf162464f3aa1cab755383d38be61b4d30aa AS base +FROM registry.access.redhat.com/ubi9-minimal:9.5@sha256:6907fbacb294ab6ba988f8bcc6bd5127f589966e5808fcb454de3e104983ae5b AS base # Configure local user ENV USER=root diff --git a/test/bicep/test.enc.json b/test/bicep/test.enc.json index f99f714d..2fa5c70d 100644 --- a/test/bicep/test.enc.json +++ b/test/bicep/test.enc.json @@ -3,13 +3,13 @@ "contentVersion": "1.0.0.0", "parameters": { "pipelinesOrganizationURL": { - "value": "ENC[AES256_GCM,data:QI3JdwY82KQxIXIqVhv/330RfV8ZMN9F1SYUkJxJc14=,iv:1BBEqxR5US7syAn0Z1WC6jl0oAWD1HsaEG8IjAG9rPs=,tag:43th94I80/1HdAFiiQiIEw==,type:str]" + "value": "ENC[AES256_GCM,data:cjSb1+3g5oi/nlJEbZrgZMoJD008TOofV3b+/aGRmNU=,iv:KV8Yq35lYpTOOtjtr7RiiHcWIS3n+BwCx8CjpHJSdU8=,tag:Ljje738IoCSTggu7a+WzpQ==,type:str]" }, "pipelinesPersonalAccessToken": { - "value": "ENC[AES256_GCM,data:7B2BUaGpjMl4UiDNcZogtm1Dn8oLXRAOFFsB4fN5tGSWAplrGHYJTtuoLoFAR5jJQCFbIA==,iv:NzD30LhgHa1yBh0YF5VFjY7beB46qdzmnoyDmdlYDak=,tag:n9M8mFf0ayYHAKHFG7vJ4g==,type:str]" + "value": "ENC[AES256_GCM,data:8gFUCkfroAcFZxaUbCcsn2rjKEiEQqoOcD1D7EeuxiJTFqRDKX+6FMPhaYxqf/dFMK8giDzX+2IlSTs+ciO99WDVtvQWO98YMb3GC8649HRCT65v,iv:ZA3OYIGemJkZUvdBybGPrDO48OLTHDt8kKytFpNQTvI=,tag:+rRCUx8mvJ6uujB2yEwg6w==,type:str]" }, "pipelinesPoolName": { - "value": "ENC[AES256_GCM,data:7m8j9lsHP8xW8cQ3xBc=,iv:miZI4cKiz0t1BYH+uyhuGW926AMeEKEoyxOoQyctutU=,tag:wv5aNZ9/ZI4TuwfThXwM/Q==,type:str]" + "value": "ENC[AES256_GCM,data:d5QEx20f77YDidlwNCk=,iv:UK4Wl+B9JMzjxhBWc9BXyTsWS6a4TI5mHscIToIDCyQ=,tag:dvPlKLMGA1rGYxmJyNcEow==,type:str]" } }, "sops": { @@ -19,14 +19,14 @@ "hc_vault": null, "age": [ { - "recipient": "age1up54yhdjs672usk4etmy8naa5uh0qamy5tn3nmkwua5vp6fn7v7qz80945", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2Tnl1QWp6SWZFTkdtTkVv\ncG5pVVdJZnpNanZtOE9lZ2RpSXFXdGQzZUUwClVkejc3cWlGVk9HRTJPSXJMbjVx\nZDQwSXRDTlJneXQ1T1BsNFFuUlFvWDgKLS0tIFRleS9yd2JXblFlV2VhQ1lXRjZP\nQlF5MHlXTEJoWWZsaDRLRXZ4N0pUOW8KQraADNqYDYTtnSxMfqQ3FWqVOueiOlIo\nkzyTQgQhgd9c7og0aN7eaoDhbvZzdu4NFuY4zVUWLaNJLxhUFkyU1w==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fxq8nhldys0d49jhw474zzk305qytqnasjerrcysja8zu08zcyjqs7ck5g", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjMTc5QkZ3ZjZhNXkyK2Fs\nRFliOGsyM3VWL09iU3F2OTNFNFY1R2U3UnlVClRtL2tUVDA1OHR0VDFKME1uZita\nYnNvSzQ3T0VkRnZyT1dEVFZYK3NHQTAKLS0tIGJmYzNwOE8xU3hOMEZIVnhlR2x1\nZ01ZTkMyQUpkcWJ1aHlGYjRXclc0ajAKgL8SqUUTyvEU4FzCMJIxndZ6ibHiC8b5\nn988u97NjoNsQVY9heyddWbUVBx3EoRSu+Pi+qSToq00h/X3k1cb7A==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2024-04-19T10:18:30Z", - "mac": "ENC[AES256_GCM,data:wmbOlQRkarMqPbuvvOJksDjmLxCcm1lxMFO0d3kvBGu/hG5FsN9vd2X9uC6NllSGaI0YXIK9PqA2/PNYl+liNnV5QGnfoTwlUhqqkXM8PBvo9R3o2rtJbFLaJ1hMoXjKDx74NwMOnOs2M5lwaWxkXOcquMBN93JqWKIvtwnZxRA=,iv:WqEHtJY3kT6hKYi+e1p2b8r/r/P7eKfuERR2Yzq0HXc=,tag:RgEnvXJl8ZQqpNGKAuWrIw==,type:str]", + "lastmodified": "2025-01-08T10:38:36Z", + "mac": "ENC[AES256_GCM,data:t4uNVeuNb7jW5xiwrapmn5mmGVjfqGDL8nOukBeRuvAU5TUa14MGdPDE1D7VTpLLdDuZSy+0S3RB4xDMJ/Uc3dsx/txLPbHO0hryyz1eToaJ112k0D4UpzMfRnMeN03ki5UllrjbxC3rc8QTrZHrhLKdu6NwByhACMakqB4DKuk=,iv:S/TjRVPCqxGQZP/mMk6H8rVYa7jf4gxnmg+/qG7qyXU=,tag:QwOdt0TrCvgTyndrxiX4HQ==,type:str]", "pgp": null, "encrypted_regex": "value", - "version": "3.8.1" + "version": "3.9.3" } } \ No newline at end of file diff --git a/test/integration-run.sh b/test/integration-run.sh index af5ac2ab..60950244 100644 --- a/test/integration-run.sh +++ b/test/integration-run.sh @@ -16,8 +16,8 @@ fi echo "➡️ Running integration tests for agent ${agent} with prefix ${prefix}, flavor ${flavor} and version ${version}" -echo "Configuring Azure DevOps organization ${org_url}" org_url="https://dev.azure.com/blue-agent" +echo "Configuring Azure DevOps organization ${org_url}" az devops configure --defaults organization=${org_url} # Get the pool id diff --git a/test/pipeline/root.yaml b/test/pipeline/root.yaml index a4f7490d..d0260aa0 100644 --- a/test/pipeline/root.yaml +++ b/test/pipeline/root.yaml @@ -20,10 +20,16 @@ jobs: - bash: | if command -v apt-get &> /dev/null; then + echo "Using apt-get" sudo apt-get update - sudo apt-get install -y python3-pip + sudo apt-get install -y wget elif command -v microdnf &> /dev/null; then - sudo microdnf install -y python3.11-pip + echo "Using microdnf" + sudo microdnf install -y wget + elif command -v tdnf &> /dev/null; then + echo "Using tdnf" + sudo tdnf update -y + sudo tdnf install -y wget else echo "No suported package manager" exit 1