Merge branch 'main' into matmerr/windowsdropreason

microsoft · Jun 17, 2024 · 0aa7c22 · 0aa7c22
2 parents 975e051 + 33482d6
commit 0aa7c22
Show file tree

Hide file tree

Showing 92 changed files with 2,893 additions and 743 deletions.
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
@@ -9,17 +9,14 @@ on:
 
 permissions:
  contents: read
+ id-token: write
 
 jobs:
  e2e:
  if: ${{ github.event_name == 'merge_group' }}
  name: E2E
  runs-on: ubuntu-latest
 
- permissions:
- id-token: write
- contents: read
-
  steps:
  - name: Checkout code
  uses: actions/checkout@v4
@@ -34,7 +31,9 @@ jobs:
  uses: azure/login@v2
  if: ${{ github.event_name == 'merge_group' }}
  with:
- creds: ${{ secrets.AZURE_CREDENTIALS }}
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }}
 
  - name: Run E2E
  env:
@@ -43,4 +42,4 @@ jobs:
  shell: bash
  run: |
  set -euo pipefail
- go test -v ./test/e2e/scenarios/retina/*.go -timeout 30m -tags=e2e -count=1 -args -image-tag=$(make version) -image-registry=${{ vars.ACR_NAME }}  -image-namespace=${{ github.repository}}
+ go test -v ./test/e2e/*.go -timeout 30m -tags=e2e -count=1 -args -image-tag=$(make version) -image-registry=${{vars.ACR_NAME}} -image-namespace=${{github.repository}}
diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml
@@ -22,7 +22,7 @@ jobs:
  with:
  go-version-file: go.mod
  - name: Run GoReleaser build
- uses: goreleaser/goreleaser-action@v5
+ uses: goreleaser/goreleaser-action@v6
  with:
  distribution: goreleaser
  version: latest
@@ -41,7 +41,7 @@ jobs:
  with:
  go-version-file: go.mod
  - name: Run GoReleaser release
- uses: goreleaser/goreleaser-action@v5
+ uses: goreleaser/goreleaser-action@v6
  with:
  distribution: goreleaser
  version: latest

diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml
@@ -9,6 +9,7 @@ on:
 
 permissions:
  contents: read
+ id-token: write
 
 jobs:
  retina-images:
@@ -36,7 +37,9 @@ jobs:
  uses: azure/login@v2
  if: ${{ github.event_name == 'merge_group' }}
  with:
- creds: ${{ secrets.AZURE_CREDENTIALS }}
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }}
 
  - name: Build Images
  shell: bash
@@ -66,6 +69,7 @@ jobs:
  matrix:
  platform: ["windows"]
  arch: ["amd64"]
+ year: ["2019", "2022"]
 
  steps:
  - name: Checkout code
@@ -83,7 +87,9 @@ jobs:
  uses: azure/login@v2
  if: ${{ github.event_name == 'merge_group' }}
  with:
- creds: ${{ secrets.AZURE_CREDENTIALS }}
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }}
 
  - name: Build Images
  shell: bash
@@ -96,11 +102,13 @@ jobs:
  IMAGE_NAMESPACE=${{ github.repository }} \
  PLATFORM=${{ matrix.platform }}/${{ matrix.arch }} \
  IMAGE_REGISTRY=${{ vars.ACR_NAME }} \
+ WINDOWS_YEARS=${{ matrix.year }} \
  BUILDX_ACTION=--push
  else
  make retina-image-win \
  IMAGE_NAMESPACE=${{ github.repository }} \
- PLATFORM=${{ matrix.platform }}/${{ matrix.arch }}
+ PLATFORM=${{ matrix.platform }}/${{ matrix.arch }} \
+ WINDOWS_YEARS=${{ matrix.year }} 
  fi
  env:
  IS_MERGE_GROUP: ${{ github.event_name == 'merge_group' }}
@@ -130,7 +138,9 @@ jobs:
  uses: azure/login@v2
  if: ${{ github.event_name == 'merge_group' }}
  with:
- creds: ${{ secrets.AZURE_CREDENTIALS }}
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }}
 
  - name: Build Images
  shell: bash
@@ -153,7 +163,7 @@ jobs:
  IS_MERGE_GROUP: ${{ github.event_name == 'merge_group' }}
 
  manifests:
- if: ${{ github.event_name == 'merge_group' }}
+ if: ${{ github.event_name == 'merge_group' && success('retina-images') && success('retina-win-images') && success('operator-images')}} 
  name: Generate Manifests
  runs-on: ubuntu-latest
  needs: [retina-images, retina-win-images, operator-images]
@@ -172,7 +182,9 @@ jobs:
  - name: Azure CLI login
  uses: azure/login@v2
  with:
- creds: ${{ secrets.AZURE_CREDENTIALS }}
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }}
 
  - name: Generate Manifests
  shell: bash
@@ -183,15 +195,11 @@ jobs:
  IMAGE_REGISTRY=${{ vars.ACR_NAME }} \
 
  e2e:
- if: ${{ github.event_name == 'merge_group' }}
+ if: ${{ github.event_name == 'merge_group' && success('manifests')}}
  name: Run E2E Tests
  runs-on: ubuntu-latest
  needs: [manifests]
 
- permissions:
- id-token: write
- contents: read
-
  steps:
  - name: Checkout code
  uses: actions/checkout@v4
@@ -206,7 +214,9 @@ jobs:
  uses: azure/login@v2
  if: ${{ github.event_name == 'merge_group' }}
  with:
- creds: ${{ secrets.AZURE_CREDENTIALS }}
+ client-id: ${{ secrets.AZURE_CLIENT_ID }}
+ tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+ subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }}
 
  - name: Run E2E Tests
  env:
@@ -215,4 +225,4 @@ jobs:
  shell: bash
  run: |
  set -euo pipefail
- go test -v ./test/e2e/scenarios/retina/*.go -timeout 30m -tags=e2e -count=1 -args -image-tag=$(make version) -image-registry=${{ vars.ACR_NAME }} -image-namespace=${{ github.repository}}
+ go test -v ./test/e2e/*.go -timeout 30m -tags=e2e -count=1 -args -image-tag=$(make version) -image-registry=${{ vars.ACR_NAME }} -image-namespace=${{ github.repository}}
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -30,7 +30,7 @@ jobs:
  echo "TAG=$(make version)" >> $GITHUB_ENV
 
  - name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2
+ uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d
  with:
  image-ref: "ghcr.io/${{ github.repository }}/${{ matrix.image }}:${{ env.TAG }}"
  format: "template"

diff --git a/.pipelines/cg-pipeline.yaml b/.pipelines/cg-pipeline.yaml
@@ -2,16 +2,14 @@ pr: none
 trigger: none
 
 schedules:
-- cron: '0 0 * * *'
- displayName: Daily midnight Retina OSS CG pipeline
- branches:
- include:
- - main
- - vakr/newadocg
-
+ - cron: "0 0 * * *"
+ displayName: Daily midnight Retina OSS CG pipeline
+ branches:
+ include:
+ - main
 stages:
  - stage: setup
- displayName: Retina Setup
+ displayName: Linux Buildx
  jobs:
  - job: env
  displayName: Setup
@@ -43,4 +41,159 @@ stages:
  fi
  name: "EnvironmentalVariables"
  displayName: "Set environmental variables"
- condition: always()
+ condition: always()
+
+ - job: retinaagentimages
+ displayName: Build Retina Agent Images
+ pool:
+ name: "$(BUILD_POOL_NAME_DEFAULT)"
+ strategy:
+ matrix:
+ agent-linux-arm:
+ platform: "linux"
+ arch: "arm64"
+ target: "agent"
+
+ agent-linux-amd64:
+ platform: "linux"
+ arch: "amd64"
+ target: "agent"
+
+ init-linux-arm:
+ platform: "linux"
+ arch: "arm64"
+ target: "init"
+
+ init-linux-amd64:
+ platform: "linux"
+ arch: "amd64"
+ target: "init"
+
+ steps:
+ - checkout: self
+ fetchTags: true
+ - script: |
+ set -euo pipefail
+ echo "VERSION=$(make version)"
+ export VERSION=$(make version)
+ mkdir -p ./output/images/$(platform)/$(arch)/$(year)
+ make retina-image \
+ AGENT_TARGETS=$(target) \
+ TAG=$(make version) \
+ IMAGE_NAMESPACE=retina \
+ PLATFORM=$(platform)/$(arch) \
+ IMAGE_REGISTRY=ghcr.io/microsoft \
+ BUILDX_ACTION="-o type=docker,dest=./output/images/$(platform)/$(arch)/retina-$(target)-$VERSION-$(platform)-$(arch).tar"
+ # make manifest-skopeo-archive IMAGE_ARCHIVE_DIR=$(Build.ArtifactStagingDirectory)/images
+ displayName: "Build Retina Linux Images"
+
+ - bash: |
+ mkdir -p $(Build.ArtifactStagingDirectory)
+ cp -r output/* $(Build.ArtifactStagingDirectory)
+ displayName: "Copy binaries to the binaries artifact folder"
+
+ - task: PublishBuildArtifacts@1
+ inputs:
+ artifactName: output
+ pathtoPublish: "$(Build.ArtifactStagingDirectory)"
+ condition: succeeded()
+
+ - job: retinaoperatorimages
+ displayName: Build Retina Operator Images
+ pool:
+ name: "$(BUILD_POOL_NAME_DEFAULT)"
+ strategy:
+ matrix:
+ operator-linux-amd64:
+ platform: "linux"
+ arch: "amd64"
+
+ steps:
+ - checkout: self
+ fetchTags: true
+ - script: |
+ set -euo pipefail
+ echo "VERSION=$(make version)"
+ export VERSION=$(make version)
+ mkdir -p ./output/images/$(platform)/$(arch)/$(year)
+ make retina-operator-image \
+ TAG=$(make version) \
+ IMAGE_NAMESPACE=retina \
+ PLATFORM=$(platform)/$(arch) \
+ IMAGE_REGISTRY=ghcr.io/microsoft \
+ BUILDX_ACTION="-o type=docker,dest=./output/images/$(platform)/$(arch)/retina-operator-$VERSION-$(platform)-$(arch).tar"
+ displayName: "Build Retina Operator Linux Images"
+
+ - bash: |
+ mkdir -p $(Build.ArtifactStagingDirectory)
+ cp -r output/* $(Build.ArtifactStagingDirectory)
+ displayName: "Copy binaries to the binaries artifact folder"
+
+ - task: PublishBuildArtifacts@1
+ inputs:
+ artifactName: output
+ pathtoPublish: "$(Build.ArtifactStagingDirectory)"
+ condition: succeeded()
+
+ # windows 2019 only in buildx, windows server 2022 requires native windows container build because of cgo
+ - job: retinaagentimageswin2019
+ displayName: Build Retina Windows Images (buildx)
+ pool:
+ name: "$(BUILD_POOL_NAME_DEFAULT)"
+ strategy:
+ matrix:
+ windows-ltsc2019:
+ platform: "windows"
+ arch: "amd64"
+ year: "2019"
+
+ steps:
+ - checkout: self
+ fetchTags: true
+ - script: |
+ set -euo pipefail
+ echo "VERSION=$(make version)"
+ export VERSION=$(make version)
+ mkdir -p ./output/images/$(platform)/$(arch)/$(year)
+ make retina-image-win \
+ TARGET=final \
+ WINDOWS_YEARS=$(year) \
+ TAG=$(make version) \
+ BUILDX_ACTION="-o type=docker,dest=./output/images/$(platform)/$(arch)/$(year)/retina-agent-$VERSION-windows-ltsc$(year)-$(arch).tar"
+ displayName: "Build Retina Windows Image"
+
+ - task: PublishBuildArtifacts@1
+ inputs:
+ artifactName: output
+ pathtoPublish: ./output
+ condition: succeeded()
+
+ - job: windowsnative
+ displayName: Build Retina Windows Images (native)
+ pool:
+ name: "$(BUILD_POOL_NAME_WINDOWS_DEFAULT)"
+ steps:
+ - checkout: self
+ fetchTags: true
+
+ - task: Docker@2
+ displayName: Docker Login
+ inputs:
+ containerRegistry: $(WINDOWS_BUILDER_REGISTRY)
+ command: "login"
+ addPipelineData: false
+
+ - task: PowerShell@2
+ displayName: "Build Retina Windows Image (LTSC2022)"
+ inputs:
+ targetType: "inline"
+ script: |
+ Import-Module -Name "$(Build.SourcesDirectory)\windows\docker\DockerBuildModule.psm1" -Force
+ Build-RetinaAgentImage -fullBuilderImageName $(WINDOWS_BUILDER_IMAGE) -registry $(BUILD_REGISTRY)
+ Save-Image -imageName retina-agent -registry $(BUILD_REGISTRY)
+
+ - task: PublishBuildArtifacts@1
+ inputs:
+ artifactName: output
+ pathtoPublish: ./output
+ condition: succeeded()