Skip to content

Commit

Permalink
Merge branch 'develop'
Browse files Browse the repository at this point in the history
  • Loading branch information
clemlesne committed Jan 8, 2025
2 parents d7762e0 + a5b6bb9 commit ef9e199
Show file tree
Hide file tree
Showing 19 changed files with 110 additions and 389 deletions.
63 changes: 32 additions & 31 deletions .github/workflows/pipeline.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,53 +25,53 @@ env:
# https://npmjs.com/package/@microsoft/sarif-multitool?activeTab=versions
SARIF_MULTITOOL_VERSION: 4.5.4
# https://npmjs.com/package/snyk?activeTab=versions
SNYK_VERSION: 1.1293.1
SNYK_VERSION: 1.1294.3
# https://github.com/microsoft/azure-pipelines-agent/releases
AZP_AGENT_VERSION: 3.244.1
AZP_AGENT_VERSION: 4.248.0
# https://github.com/PowerShell/PowerShell/releases
POWERSHELL_VERSION: 7.2.23
POWERSHELL_VERSION: 7.2.24
# https://github.com/krallin/tini/releases
TINI_VERSION: 0.19.0
# https://github.com/mikefarah/yq/releases
YQ_VERSION: 4.44.3
YQ_VERSION: 4.44.6
# https://go.dev/dl
GO_VERSION: 1.23.2
GO_VERSION: 1.23.4
# https://github.com/rootless-containers/rootlesskit/releases
ROOTLESSKIT_VERSION: 2.3.1
# https://github.com/moby/buildkit/releases
BUILDKIT_VERSION: 0.16.0
BUILDKIT_VERSION: 0.18.2
# https://github.com/Azure/azure-cli/releases
AZURE_CLI_VERSION: 2.65.0
AZURE_CLI_VERSION: 2.67.0
# https://github.com/stedolan/jq/releases
JQ_WIN_VERSION: 1.7.1
# https://github.com/aws/aws-cli/tags
AWS_CLI_VERSION: 2.18.4
AWS_CLI_VERSION: 2.22.29
# https://console.cloud.google.com/artifacts/docker/google.com:cloudsdktool/us/gcr.io/google-cloud-cli
# Note: To get thhe version number, spot the version tag on the latest pushed container
GCLOUD_CLI_VERSION: 490.0.0
GCLOUD_CLI_VERSION: 497.0.0
# https://github.com/git-for-windows/git/releases
GIT_WIN_VERSION: 2.47.0
GIT_WIN_VERSION: 2.47.1
# https://github.com/facebook/zstd/releases
ZSTD_WIN_VERSION: 1.5.6
# https://www.python.org/downloads
PYTHON_VERSION_MAJOR_MINOR: 3.12
PYTHON_VERSION_PATCH: 7
PYTHON_VERSION_PATCH: 8
# https://nodejs.org/en/download/releases
NODE_VERSION: 20.18.0
NODE_VERSION: 22.12.0
# https://github.com/helm/helm/releases
HELM_VERSION: 3.16.2
HELM_VERSION: 3.16.4
# https://github.com/oras-project/oras/releases
ORAS_VERSION: 1.2.0
ORAS_VERSION: 1.2.1
# https://github.com/docker/buildx/releases
BUILDX_VERSION: 0.17.1
BUILDX_VERSION: 0.19.3
# https://github.com/hadolint/hadolint/releases
HADOLINT_VERSION: 2.12.0
# https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-history#fixed-version-bootstrappers
VS_BUILDTOOLS_WIN_VERSION: 80c57218-b55f-4260-af46-a64ffd76e7a6/7fee719abc3ba9eced84ea258ccae39a7b0cc953b539c2ea3a98c3ff588b7870
VS_BUILDTOOLS_WIN_VERSION: f2819554-a618-400d-bced-774bb5379965/cc7231dc668ec1fb92f694c66b5d67cba1a9e21127a6e0b31c190f772bd442f2
# https://github.com/gohugoio/hugo/releases
HUGO_VERSION: 0.135.0
HUGO_VERSION: 0.140.2
# See: https://github.com/getsops/sops/releases
SOPS_VERSION: 3.9.1
SOPS_VERSION: 3.9.3

jobs:
init:
Expand Down Expand Up @@ -148,7 +148,7 @@ jobs:
- name: Setup Cosign
# Only sign builds on main branch
if: github.ref == 'refs/heads/main'
uses: sigstore/cosign-installer@v3.6.0
uses: sigstore/cosign-installer@v3.7.0
with:
cosign-release: v${{ env.COSIGN_VERSION }}

Expand Down Expand Up @@ -183,7 +183,7 @@ jobs:
.cr-release-packages/blue-agent-${{ needs.init.outputs.VERSION }}.tgz
- name: Upload Helm chart
uses: actions/[email protected].0
uses: actions/[email protected].3
with:
if-no-files-found: error # Fail if no files are uploaded
include-hidden-files: true # Folder begins with a dot, if not checked the whole folder is ignored
Expand Down Expand Up @@ -308,11 +308,9 @@ jobs:
fail-fast: false
matrix:
include:
- os: bookworm
arch: linux/amd64,linux/arm64
- os: bullseye
- os: azurelinux3
arch: linux/amd64,linux/arm64
- os: focal
- os: bookworm
arch: linux/amd64,linux/arm64
- os: jammy
arch: linux/amd64,linux/arm64
Expand Down Expand Up @@ -341,7 +339,7 @@ jobs:

# Required for "docker build" command
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3.6.1
uses: docker/setup-buildx-action@v3.7.1
with:
version: v${{ env.BUILDX_VERSION }}
driver-opts: |
Expand All @@ -357,7 +355,7 @@ jobs:
- name: Setup Cosign
# Only sign builds on main branch
if: github.ref == 'refs/heads/main'
uses: sigstore/cosign-installer@v3.6.0
uses: sigstore/cosign-installer@v3.7.0
with:
cosign-release: v${{ env.COSIGN_VERSION }}

Expand Down Expand Up @@ -421,7 +419,7 @@ jobs:
echo "tag=$tag" >> $GITHUB_OUTPUT
- name: Build & push container
uses: docker/build-push-action@v6.7.0
uses: docker/build-push-action@v6.10.0
with:
build-args: |
AWS_CLI_VERSION=${{ env.AWS_CLI_VERSION }}
Expand Down Expand Up @@ -546,7 +544,7 @@ jobs:
- name: Setup Cosign
# Only sign builds on main branch
if: github.ref == 'refs/heads/main'
uses: sigstore/cosign-installer@v3.6.0
uses: sigstore/cosign-installer@v3.7.0
with:
cosign-release: v${{ env.COSIGN_VERSION }}

Expand Down Expand Up @@ -749,7 +747,7 @@ jobs:

# Required for running "oras" CLI
- name: Setup ORAS
uses: oras-project/[email protected].0
uses: oras-project/[email protected].1
with:
version: ${{ env.ORAS_VERSION }}

Expand Down Expand Up @@ -841,7 +839,7 @@ jobs:
--baseURL "${{ steps.pages.outputs.base_url }}/"
- name: Upload build artifact
uses: actions/[email protected].0
uses: actions/[email protected].3
with:
if-no-files-found: error # Fail if no files are uploaded
name: hugo
Expand Down Expand Up @@ -903,7 +901,7 @@ jobs:
# Rate limiting on Azure DevOps SaaS APIs is triggered quickly by integration tests, so we need to limit the number of parallel jobs
max-parallel: 3
matrix:
os: [bookworm, bullseye, focal, jammy, noble, ubi8, ubi9]
os: [azurelinux3, bookworm, jammy, noble, ubi8, ubi9]
steps:
- name: Checkout
uses: actions/[email protected]
Expand Down Expand Up @@ -938,9 +936,11 @@ jobs:
- name: Integration
env:
# See: https://learn.microsoft.com/en-us/azure/devops/cli/log-in-via-pat?view=azure-devops&tabs=windows#use-the-azure_devops_ext_pat-environment-variable
# Permissions: agent pools (read & manage); build (read & execute); pipeline resources (use & manage); project and team (read, write, & manage); service connections (read, query, & manage)
# Recommended group membership: Project Collection Build Service Accounts
AZURE_DEVOPS_EXT_PAT: ${{ secrets.AZURE_DEVOPS_PAT }}
# See: https://learn.microsoft.com/en-us/cli/azure/devops/service-endpoint/github?view=azure-cli-latest#az-devops-service-endpoint-github-create
# Scope: clemlesne/blue-agent
# Permissions: contents (read-only); metadata (read-only); webhooks (read & write)
AZURE_DEVOPS_EXT_GITHUB_PAT: ${{ secrets.AZURE_DEVOPS_GITHUB_PAT }}
Expand All @@ -955,6 +955,7 @@ jobs:
- name: Cleanup
if: always()
env:
# See: https://learn.microsoft.com/en-us/azure/devops/cli/log-in-via-pat?view=azure-devops&tabs=windows#use-the-azure_devops_ext_pat-environment-variable
# Permissions: agent pools (read & manage); build (read & execute); pipeline resources (use & manage); project and team (read, write, & manage); service connections (read, query, & manage)
# Recommended group membership: Project Collection Build Service Accounts
AZURE_DEVOPS_EXT_PAT: ${{ secrets.AZURE_DEVOPS_PAT }}
Expand Down
2 changes: 1 addition & 1 deletion .sops.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
creation_rules:
- age: age1up54yhdjs672usk4etmy8naa5uh0qamy5tn3nmkwua5vp6fn7v7qz80945
- age: age1fxq8nhldys0d49jhw474zzk305qytqnasjerrcysja8zu08zcyjqs7ck5g
encrypted_regex: value
2 changes: 1 addition & 1 deletion docs/content/docs/advanced-topics/bicep-deployment.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Bicep is a deployment language for Azure, allowing to easily deploy resources on
| `autoscalingMinReplicas` | Minimum number of replicas the agent should have | `0` |
| `autoscalingPollingInterval` | Minimum number of replicas the agent should have; Warning, a low value will cause rate limiting or throttling, and can cause high load on the Azure DevOps API | `10` |
| `extraEnv` | Extra environment variables to pass to the agent | `[]` |
| `imageFlavor` | Flavor of the container image, represents the Linux distribution. Allowed values: `bookworm`, `bullseye`, `focal`, `jammy`, `noble`, `ubi8`, `ubi9` | `bookworm` |
| `imageFlavor` | Flavor of the container image, represents the Linux distribution. Allowed values: `azurelinux3`, `bookworm`, `jammy`, `noble`, `ubi8`, `ubi9` | `bookworm` |
| `imageName` | Name of the container image | `clemlesne/blue-agent` |
| `imageRegistry` | Registry of the container image. Allowed values: `docker.io`, `ghcr.io` | `ghcr.io` |
| `imageVersion` | Version of the container image, it is recommended to use a specific version like "1.0.0" instead of "latest" | `main` |
Expand Down
5 changes: 1 addition & 4 deletions docs/content/docs/advanced-topics/build-aspnet.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,7 @@ It was chosen arbitrarily to install the LTS non SDK version of ASNP.NET. Becaus
- LTS is better supported by Microsoft than STS
- The non-SDK is lighter when included in a container, knowing that not everyone will use it for building purposes

Bundled versions installed depends on the image used:

- Debian Bullseye (11) and Ubuntu Focal (20.04) use the `6.x` version (Microsoft doesn't support any LTS upgrades for these versions)
- Other images use the `8.x` version
All images are bundled with the `8.x` version.

It is recommended that development teams to hard-code the framework version you want to use, in your pipeline. With this setup, the developer controls its environment, not the platform. If they decide to upgrade, they update the pipeline, if not, not. This is under the responsibility of the developer.

Expand Down
3 changes: 1 addition & 2 deletions docs/content/docs/advanced-topics/docker-in-docker.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,8 @@ Linux systems are supported, but not Windows:

| `Ref` | Container build inside of the agent with BuildKit |
| ------------------------------------------------ | ------------------------------------------------- |
| `ghcr.io/clemlesne/blue-agent:azurelinux3-main` ||
| `ghcr.io/clemlesne/blue-agent:bookworm-main` ||
| `ghcr.io/clemlesne/blue-agent:bullseye-main` ||
| `ghcr.io/clemlesne/blue-agent:focal-main` ||
| `ghcr.io/clemlesne/blue-agent:jammy-main` ||
| `ghcr.io/clemlesne/blue-agent:noble-main` ||
| `ghcr.io/clemlesne/blue-agent:ubi8-main` ||
Expand Down
4 changes: 2 additions & 2 deletions docs/content/docs/advanced-topics/helm-deployment.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,10 @@ Helm is a package manager for Kubernetes, allowing to easily deploy applications
| `extraVolumeMounts` | Additional volume mounts for the agent container | `[]` |
| `extraVolumes` | Additional volumes for the agent pod | `[]` |
| `fullnameOverride` | Overrides release fullname | `""` |
| `image.flavor` | Container image tag, can be `bookworm`, `bullseye`, `focal`, `jammy`, `noble`, `ubi8`, `ubi9`, `win-ltsc2019`, or `win-ltsc2022` | `bookworm` |
| `image.flavor` | Container image tag, can be `bookworm`, `jammy`, `noble`, `ubi8`, `ubi9`, `win-ltsc2019`, or `win-ltsc2022` | `bookworm` |
| `image.isWindows` | Turn on is the agent is a Windows-based system | `false` |
| `image.pullPolicy` | Container image pull policy | `IfNotPresent` |
| `image.repository` | Container image repository | `ghcr.io/clemlesne/blue-agent:bullseye` |
| `image.repository` | Container image repository | `ghcr.io/clemlesne/blue-agent` |
| `image.version` | Container image tag | _Version_ |
| `imagePullSecrets` | Use secrets to pull the container image | `[]` |
| `initContainers` | Init containers for the agent pod | `[]` |
Expand Down
Loading

0 comments on commit ef9e199

Please sign in to comment.