Update common Docker engineering infrastructure with latest

eng/common/templates/1es-official.yml

@@ -0,0 +1,48 @@
+# When extending this template, pipelines using a repository resource containing versions files for image caching must
+# do the following:
+#
+# - Do not rely on any source code from the versions repo so as to not circumvent SDL and CG guidelines
+# - The versions repo resource must be named `InternalVersionsRepo` or `PublicVersionsRepo` to avoid SDL scans
+# - The versions repo must be checked out to `$(Build.SourcesDirectory)/versions` to avoid CG scans
+#
+# If the pipeline is not using a separate repository resource, ensure that there is no source code checked out in
+# `$(Build.SourcesDirectory)/versions`, as it will not be scanned.
+#
+# The `cgDryRun` parameter will run CG but not submit the results, for testing purposes.
+
+parameters:
+- name: cgDryRun
+  type: boolean
+  default: false
+- name: stages
+  type: stageList
+  default: []
+  # 1ES Pipeline Template parameters
+- name: pool
+  type: object
+  default:
+    name: NetCore1ESPool-Internal
+    image: 1es-windows-2022
+    os: windows
+
+resources:
+  repositories:
+  - repository: 1ESPipelineTemplates
+    type: git
+    name: 1ESPipelineTemplates/1ESPipelineTemplates
+    ref: refs/tags/release
+
+extends:
+  template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
+  parameters:
+    pool: ${{ parameters.pool }}
+    sdl:
+      componentgovernance:
+        ignoreDirectories: $(Build.SourcesDirectory)/versions
+        whatIf: ${{ parameters.cgDryRun }}
+        showAlertLink: true
+      sourceRepositoriesToScan:
+        exclude:
+        - repository: InternalVersionsRepo
+        - repository: PublicVersionsRepo
+    stages: ${{ parameters.stages }}

eng/common/templates/1es-unofficial.yml

@@ -0,0 +1,51 @@
+# This unofficial template will always run CG in "what if" mode, which will not submit results to the CG. SDL tools may
+# also be disabled for testing purposes.
+#
+# When extending this template, pipelines using a repository resource containing versions files for image caching must
+# do the following:
+#
+# - Do not rely on any source code from the versions repo so as to not circumvent SDL and CG guidelines
+# - The versions repo resource must be named `InternalVersionsRepo` or `PublicVersionsRepo` to avoid SDL scans
+# - The versions repo must be checked out to `$(Build.SourcesDirectory)/versions` to avoid CG scans
+#
+# If the pipeline is not using a separate repository resource, ensure that there is no source code checked out in
+# `$(Build.SourcesDirectory)/versions`, as it will not be scanned.
+
+parameters:
+- name: disableSDL
+  type: boolean
+  default: false
+  displayName: Disable SDL
+- name: stages
+  type: stageList
+  default: []
+  # 1ES Pipeline Template parameters
+- name: pool
+  type: object
+  default:
+    name: NetCore1ESPool-Internal
+    image: 1es-windows-2022
+    os: windows
+
+resources:
+  repositories:
+  - repository: 1ESPipelineTemplates
+    type: git
+    name: 1ESPipelineTemplates/1ESPipelineTemplates
+    ref: refs/tags/release
+
+extends:
+  template: v1/1ES.Unofficial.PipelineTemplate.yml@1ESPipelineTemplates
+  parameters:
+    pool: ${{ parameters.pool }}
+    sdl:
+      enableAllTools: ${{ not(parameters.disableSDL) }}
+      componentgovernance:
+        ignoreDirectories: $(Build.SourcesDirectory)/versions
+        whatIf: true
+        showAlertLink: true
+      sourceRepositoriesToScan:
+        exclude:
+        - repository: InternalVersionsRepo
+        - repository: PublicVersionsRepo
+    stages: ${{ parameters.stages }}

eng/common/templates/variables/docker-images.yml

@@ -1,5 +1,5 @@
 variables:
-  imageNames.imageBuilderName: mcr.microsoft.com/dotnet-buildtools/image-builder:2426412
+  imageNames.imageBuilderName: mcr.microsoft.com/dotnet-buildtools/image-builder:2429492
   imageNames.imageBuilder: $(imageNames.imageBuilderName)
   imageNames.imageBuilder.withrepo: imagebuilder-withrepo:$(Build.BuildId)-$(System.JobId)
   imageNames.testRunner: mcr.microsoft.com/dotnet-buildtools/prereqs:cbl-mariner2.0-docker-testrunner