Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Longw/signing payload drop #1246

Merged
merged 8 commits into from
May 15, 2024
Merged

Longw/signing payload drop #1246

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
3591c8b
update release ev2 script to use oras copy
wanlonghenry May 7, 2024
224986f
updagte triv ignore
wanlonghenry May 8, 2024
5d29e67
update script
wanlonghenry May 8, 2024
8efb1c8
remove oras install as oras comes with default
wanlonghenry May 9, 2024
59d9a0e
add az acr login to prod acr
wanlonghenry May 9, 2024
ca09e88
use token so that no docker running is required
wanlonghenry May 9, 2024
73c5e65
address comment to use password-stdin for security
wanlonghenry May 10, 2024
feae651
Merge branch 'ci_prod' into longw/signing-payload-drop
wanlonghenry May 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion .trivyignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,4 +49,4 @@ CVE-2023-45289
CVE-2023-45290
CVE-2024-24783
CVE-2024-24784
CVE-2024-24785
CVE-2024-24785
34 changes: 25 additions & 9 deletions deployment/mergebranch-multiarch-agent-deployment/ServiceGroupRoot/Scripts/pushAgentToAcr.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ if [ $? -ne 0 ]; then
fi

TAG_EXISTS_STATUS=0 #Default value for the condition when the echo fails below
AZ_ACR_IMPORT_FORCE=""

if [[ "$AGENT_IMAGE_FULL_PATH" == *"win-"* ]]; then
echo "checking windows tags"
Expand All @@ -35,7 +34,6 @@ echo "TAG_EXISTS_STATUS = $TAG_EXISTS_STATUS; OVERRIDE_TAG = $OVERRIDE_TAG"

if [[ "$OVERRIDE_TAG" == "true" ]]; then
echo "OverrideTag set to true. Will override ${AGENT_IMAGE_TAG_SUFFIX} image"
AZ_ACR_IMPORT_FORCE="--force"
wanlonghenry marked this conversation as resolved.
Show resolved Hide resolved
elif [ "$TAG_EXISTS_STATUS" -eq 0 ]; then
echo "-e error ${AGENT_IMAGE_TAG_SUFFIX} already exists in mcr. make sure the image tag is unique"
exit 1
Expand Down Expand Up @@ -66,17 +64,35 @@ fi
echo "Login cli using managed identity"
az login --identity
if [ $? -eq 0 ]; then
echo "Logged in successfully"
echo "az logged in successfully"
else
echo "-e error failed to login to az with managed identity credentials"
exit 1
fi
fi

echo "Pushing ${AGENT_IMAGE_FULL_PATH} to ${ACR_NAME} with force option set to ${AZ_ACR_IMPORT_FORCE}"
az acr import --name $ACR_NAME --source $SOURCE_IMAGE_FULL_PATH --image $AGENT_IMAGE_FULL_PATH $AZ_ACR_IMPORT_FORCE
TOKEN=$(az acr login --name $ACR_NAME --expose-token --output tsv --query accessToken)
if [ $? -eq 0 ]; then
echo "Retagged and pushed image successfully"
echo "az acr logged in successfully with token"
else
echo "-e error failed to retag and push image to destination ACR"
echo "-e error failed to login to az acr with managed identity credentials for containerinsights"
exit 1
fi
fi

if [ "$OVERRIDE_TAG" == "true" ] || [ "$TAG_EXISTS_STATUS" -ne 0 ]; then
echo $TOKEN | oras login --password-stdin $ACR_NAME
if [ $? -eq 0 ]; then
echo "oras logged in successfully"
else
echo "-e error failed to login to oras with managed identity credentials for containerinsights"
exit 1
fi

echo "Copying ${SOURCE_IMAGE_FULL_PATH} to ${ACR_NAME}/${AGENT_IMAGE_FULL_PATH}"
oras copy -r $SOURCE_IMAGE_FULL_PATH $ACR_NAME/$AGENT_IMAGE_FULL_PATH
if [ $? -eq 0 ]; then
echo "Retagged and pushed image and artifact successfully"
else
echo "-e error failed to retag and push image to destination ACR"
exit 1
fi
fi