microsoft
/
openjdk-docker
зеркало из https://github.com/microsoft/openjdk-docker.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Annotate openjdk images with EOL date (#94) 

* fix path

* fix path

* parameterize

* pr feedback

* reset acr

* change parameter name
This commit is contained in:
Joe Braley 2024-04-29 20:18:10 -07:00 коммит произвёл GitHub
Родитель bee6493215
Коммит 12d76c266e
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
10 изменённых файлов: 204 добавлений и 36 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

120
.devops/build.yml
Просмотреть файл

@ -1,4 +1,4 @@
# build.yml Build pipeline to build JDK docker images. When running the pipeline
# build.yml Build pipeline to build Microsoft's build of OpenJDK docker images. When running the pipeline
# replace "image-repository" value with the location of your docker images (e.g. hub.docker.io/...)
# replace the image tags as needed.
@ -16,16 +16,24 @@ trigger:
pr: none
parameters:
- name: organization
type: string
- name: feed
type: string
- name: package
type: string
- name: jobs
type: object
default:
mariner_8:
new_LTS_image: false
distro: mariner
version: 8
package: temurin-8
image: "image-repository"
tag: "2.0"
distroless_8:
new_LTS_image: false
distro: distroless
version: 8
package: temurin-8
@ -34,18 +42,21 @@ parameters:
base_image: "image-repository"
base_tag: "2.0"
ubuntu_11:
new_LTS_image: false
distro: ubuntu
version: 11
package: msopenjdk-11
image: "image-repository"
tag: "image-tag"
mariner_11:
new_LTS_image: false
distro: mariner
version: 11
package: msopenjdk-11
image: "image-repository"
tag: "2.0"
distroless_11:
new_LTS_image: false
distro: distroless
version: 11
package: msopenjdk-11
@ -54,18 +65,21 @@ parameters:
base_image: "image-repository"
base_tag: "2.0"
ubuntu_17:
new_LTS_image: false
distro: ubuntu
version: 17
package: msopenjdk-17
image: "image-repository"
tag: "image-tag"
mariner_17:
new_LTS_image: false
distro: mariner
version: 17
package: msopenjdk-17
image: "image-repository"
tag: "2.0"
distroless_17:
new_LTS_image: false
distro: distroless
version: 17
package: msopenjdk-17
@ -74,18 +88,21 @@ parameters:
base_image: "image-repository"
base_tag: "2.0"
ubuntu_21:
new_LTS_image: false
distro: ubuntu
version: 21
package: msopenjdk-21
image: "image-repository"
tag: "image-tag"
mariner_21:
new_LTS_image: false
distro: mariner
version: 21
package: msopenjdk-21
image: "image-repository"
tag: "2.0"
distroless_21:
new_LTS_image: false
distro: distroless
version: 21
package: msopenjdk-21
@ -115,26 +132,54 @@ extends:
- job: build_internal
displayName: "build internal"
pool:
name: JEG-mariner2.0-x64-github
name: JEG-mariner2.0-x64-release
os: linux
strategy:
matrix: ${{ parameters.jobs }}
steps:
- task: AzureCLI@2
displayName: "Download ORAS"
condition: ne( variables['new_LTS_image'], true)
inputs:
azureSubscription: "JEG-Infrastructure"
scriptType: "bash"
scriptLocation: "inlineScript"
inlineScript: |
az acr login -n msopenjdk
docker buildx create --name mybuilder --platform linux/amd64,linux/arm64 --use
if [[ '$(distro)' != 'distroless' ]]; then
BUILD_ARGS="--build-arg IMAGE=$(image) --build-arg TAG=$(tag) --build-arg package=$(package)"
else
BUILD_ARGS="--build-arg INSTALLER_IMAGE=$(installer_image) --build-arg INSTALLER_TAG=$(installer_tag) --build-arg BASE_IMAGE=$(base_image) --build-arg BASE_TAG=$(base_tag) --build-arg package=$(package)"
fi
docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} -t msopenjdk.azurecr.io/internal/private/openjdk/jdk:$(version)-$(distro) -f docker/$(distro)/Dockerfile.$(package)-jdk . --push
scriptLocation: "scriptPath"
scriptPath: $(Build.SourcesDirectory)/scripts/install-oras.sh
env:
AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
ORAS_VERSION: 1.1.0
ORGANIZATION: ${{ parameters.organization }}
FEED: ${{ parameters.feed }}
NAME: ${{ parameters.package }}
- task: AzureCLI@2
displayName: Annotate previous image
condition: ne( variables['new_LTS_image'], true)
inputs:
azureSubscription: "JEG-Infrastructure"
scriptType: "bash"
scriptLocation: "scriptPath"
scriptPath: $(Build.SourcesDirectory)/scripts/image-annotation.sh
env:
ACR_NAME: msopenjdk
REGISTRY: msopenjdk.azurecr.io/internal/private/openjdk/jdk:$(version)-$(distro)
USER_NAME: "00000000-0000-0000-0000-000000000000"
- task: AzureCLI@2
inputs:
azureSubscription: "JEG-Infrastructure"
scriptType: "bash"
scriptLocation: "scriptPath"
scriptPath: $(Build.SourcesDirectory)/scripts/build-image.sh
displayName: build image
env:
REGISTRY_TAG: msopenjdk.azurecr.io/internal/private/openjdk/jdk:$(version)-$(distro)
IMAGE: $(image)
TAG: $(tag)
PACKAGE: $(package)
DISTRIBUTION: $(distro)
INSTALLER_IMAGE: $(installer_image)
INSTALLER_TAG: $(installer_tag)
- stage: validate_and_publish
displayName: "Validate & Publish"
@ -155,23 +200,52 @@ extends:
displayName: "build public "
dependsOn: wait_for_validation
pool:
name: JEG-mariner2.0-x64-github
name: JEG-mariner2.0-x64-release
os: linux
strategy:
matrix: ${{ parameters.jobs }}
steps:
- task: AzureCLI@2
displayName: "Download ORAS"
condition: ne( variables['new_LTS_image'], true)
inputs:
azureSubscription: "JEG-Infrastructure"
scriptType: "bash"
scriptLocation: "scriptPath"
scriptPath: $(Build.SourcesDirectory)/scripts/install-oras.sh
env:
AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
ORAS_VERSION: 1.1.0
ORGANIZATION: ${{ parameters.organization }}
FEED: ${{ parameters.feed }}
NAME: ${{ parameters.package }}
- task: AzureCLI@2
displayName: Annotate previous image
condition: ne( variables['new_LTS_image'], true)
inputs:
azureSubscription: "JEG-Infrastructure"
scriptType: "bash"
scriptLocation: "scriptPath"
scriptPath: $(Build.SourcesDirectory)/scripts/image-annotation.sh
env:
ACR_NAME: msopenjdk
REGISTRY: msopenjdk.azurecr.io/public/openjdk/jdk:$(version)-$(distro)
USER_NAME: "00000000-0000-0000-0000-000000000000"
- task: AzureCLI@2
inputs:
azureSubscription: "JEG-Infrastructure"
scriptType: "bash"
scriptLocation: "inlineScript"
inlineScript: |
az acr login -n msopenjdk
docker buildx create --name mybuilder --platform linux/amd64,linux/arm64 --use
if [[ '$(distro)' != 'distroless' ]]; then
BUILD_ARGS="--build-arg IMAGE=$(image) --build-arg TAG=$(tag) --build-arg package=$(package)"
else
BUILD_ARGS="--build-arg INSTALLER_IMAGE=$(installer_image) --build-arg INSTALLER_TAG=$(installer_tag) --build-arg BASE_IMAGE=$(base_image) --build-arg BASE_TAG=$(base_tag) --build-arg package=$(package)"
fi
docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} -t msopenjdk.azurecr.io/public/openjdk/jdk:$(version)-$(distro) -f docker/$(distro)/Dockerfile.$(package)-jdk . --push
scriptLocation: "scriptPath"
scriptPath: scripts/build-image.sh
displayName: build image
env:
REGISTRY_TAG: msopenjdk.azurecr.io/public/openjdk/jdk:$(version)-$(distro)
IMAGE: $(image)
TAG: $(tag)
PACKAGE: $(package)
DISTRIBUTION: $(distro)
INSTALLER_IMAGE: $(installer_image)
INSTALLER_TAG: $(installer_tag)

14
.github/workflows/build-images.yml поставляемый
Просмотреть файл

@ -23,10 +23,13 @@ jobs:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Build the image
run: |
docker build -t mcr.microsoft.com/openjdk/jdk:8-${{ matrix.baseimage }} -f ./docker/${{ matrix.baseimage }}/Dockerfile.temurin-8-jdk ./docker/${{ matrix.baseimage }}/
docker build \
-t mcr.microsoft.com/openjdk/jdk:8-${{ matrix.baseimage }} \
-f ./docker/${{ matrix.baseimage }}/Dockerfile.temurin-8-jdk \
./docker/${{ matrix.baseimage }}/
- name: Test the image
run: |
bash validate-image.sh -s ${{ matrix.baseimage }} temurin 8
bash ./scripts/validate-image.sh -s ${{ matrix.baseimage }} temurin 8
build_msopenjdk:
runs-on: ubuntu-latest
@ -40,7 +43,10 @@ jobs:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Build the image
run: |
docker build -t mcr.microsoft.com/openjdk/jdk:${{ matrix.jdkversion }}-${{ matrix.baseimage }} -f ./docker/${{ matrix.baseimage }}/Dockerfile.msopenjdk-${{ matrix.jdkversion }}-jdk ./docker/${{ matrix.baseimage }}/
docker build \
-t mcr.microsoft.com/openjdk/jdk:${{ matrix.jdkversion }}-${{ matrix.baseimage }} \
-f ./docker/${{ matrix.baseimage }}/Dockerfile.msopenjdk-${{ matrix.jdkversion }}-jdk \
./docker/${{ matrix.baseimage }}/
- name: Test the image
run: |
bash validate-image.sh -s ${{ matrix.baseimage }} msopenjdk ${{ matrix.jdkversion }}
bash ./scripts/validate-image.sh -s ${{ matrix.baseimage }} msopenjdk ${{ matrix.jdkversion }}

22
.github/workflows/check-versions.yml поставляемый
Просмотреть файл

@ -20,11 +20,18 @@ jobs:
- name: Build image locally
run: |
docker build -t mcr.microsoft.com/openjdk/jdk:${{ matrix.jdkversion.major }}-${{ matrix.distros }} -f ./docker/${{ matrix.distros }}/Dockerfile.${{ matrix.jdkvendor }}-${{ matrix.jdkversion.major }}-jdk ./docker
docker build \
-t mcr.microsoft.com/openjdk/jdk:${{ matrix.jdkversion.major }}-${{ matrix.distros }} \
-f ./docker/${{ matrix.distros }}/Dockerfile.${{ matrix.jdkvendor }}-${{ matrix.jdkversion.major }}-jdk \
./docker
- name: Validate container image
run: |
./validate-image.sh -s ${{ matrix.distros }} ${{ matrix.jdkvendor }} ${{ matrix.jdkversion.major }} ${{ matrix.jdkversion.expected }}
./scripts/validate-image.sh \
-s ${{ matrix.distros }} \
${{ matrix.jdkvendor }} \
${{ matrix.jdkversion.major }} \
${{ matrix.jdkversion.expected }}
validate_msopenjdk:
runs-on: ubuntu-latest
@ -39,8 +46,15 @@ jobs:
- name: Build image locally
run: |
docker build -t mcr.microsoft.com/openjdk/jdk:${{ matrix.jdkversion.major }}-${{ matrix.distros }} -f ./docker/${{ matrix.distros }}/Dockerfile.${{ matrix.jdkvendor }}-${{ matrix.jdkversion.major }}-jdk ./docker
docker build \
-t mcr.microsoft.com/openjdk/jdk:${{ matrix.jdkversion.major }}-${{ matrix.distros }} \
-f ./docker/${{ matrix.distros }}/Dockerfile.${{ matrix.jdkvendor }}-${{ matrix.jdkversion.major }}-jdk \
./docker
- name: Validate container image
run: |
./validate-image.sh -s ${{ matrix.distros }} ${{ matrix.jdkvendor }} ${{ matrix.jdkversion.major }} ${{ matrix.jdkversion.expected }}
./scripts/validate-image.sh \
-s ${{ matrix.distros }} \
${{ matrix.jdkvendor }} \
${{ matrix.jdkversion.major }} \
${{ matrix.jdkversion.expected }}

18
.github/workflows/validate-published-images.yml поставляемый
Просмотреть файл

@ -21,7 +21,11 @@ jobs:
- name: Validate container images
run: |
./validate-image.sh ${{ matrix.distros }} ${{ matrix.jdkvendor }} ${{ matrix.jdkversion.major }} ${{ matrix.jdkversion.expected }}
./scripts/validate-image.sh \
${{ matrix.distros }} \
${{ matrix.jdkvendor }} \
${{ matrix.jdkversion.major }} \
${{ matrix.jdkversion.expected }}
validate_msopenjdk:
runs-on: ubuntu-latest
@ -36,7 +40,11 @@ jobs:
- name: Validate container images
run: |
./validate-image.sh ${{ matrix.distros }} ${{ matrix.jdkvendor }} ${{ matrix.jdkversion.major }} ${{ matrix.jdkversion.expected }}
./scripts/validate-image.sh \
${{ matrix.distros }} \
${{ matrix.jdkvendor }} \
${{ matrix.jdkversion.major }} \
${{ matrix.jdkversion.expected }}
validate_msopenjdk_aarch64:
runs-on: ['self-hosted', '1ES.Pool=JEG-linux-arm64-openjdk-docker']
@ -51,4 +59,8 @@ jobs:
- name: Validate container images
run: |
./validate-image.sh ${{ matrix.distros }} ${{ matrix.jdkvendor }} ${{ matrix.jdkversion.major }} ${{ matrix.jdkversion.expected }}
./scripts/validate-image.sh \
${{ matrix.distros }} \
${{ matrix.jdkvendor }} \
${{ matrix.jdkversion.major }} \
${{ matrix.jdkversion.expected }}

2
build-all-images.sh → scripts/build-all-images.sh Executable file → Normal file
Просмотреть файл

@ -58,6 +58,6 @@ for d in $(ls -d $basepath/*); do
fi
# Run tests
bash test-image.sh $distro $jdkversion
bash ./scripts/test-image.sh $distro $jdkversion
done
done

11
scripts/build-image.sh Normal file
Просмотреть файл

@ -0,0 +1,11 @@
#!/bin/bash
az acr login -n msopenjdk
docker buildx create --name mybuilder --platform linux/amd64,linux/arm64 --use
if [[ '$DISTRIBUTION' != 'distroless' ]]; then
BUILD_ARGS="--build-arg IMAGE=$IMAGE --build-arg TAG=$TAG --build-arg package=$PACKAGE"
else
BUILD_ARGS="--build-arg INSTALLER_IMAGE=$INSTALLER_IMAGE --build-arg INSTALLER_TAG=$INSTALLER_TAG --build-arg BASE_IMAGE=$(base_image) --build-arg BASE_TAG=$(base_tag) --build-arg package=$PACKAGE"
fi
docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} -t $REGISTRY_TAG -f docker/$DISTRIBUTION/Dockerfile.$PACKAGE-jdk . --push

39
scripts/image-annotation.sh Normal file
Просмотреть файл

@ -0,0 +1,39 @@
#!/bin/bash
az acr login -n msopenjdk
if [[ $? -ne 0 ]]; then
echo "Failed to login to ACR"
exit 1
fi
echo "Pulling... $REGISTRY"
docker pull "$REGISTRY"
if [[ $? -ne 0 ]]; then
echo "Failed to pull image $REGISTRY"
exit 1
fi
manifest=$(docker image inspect "$REGISTRY" | jq)
digest=$(echo $manifest | jq '.[0].RepoDigests[0]')
digest=${digest//\"/}
endOfLifeDate=$(date "+%Y-%m-%d")
password=$(az acr login --name "$ACR_NAME" --expose-token --output tsv --query accessToken)
echo "Oras login to $ACR_NAME.azurecr.io"
oras login $ACR_NAME.azurecr.io --username "$USER_NAME" --password $password
if [[ $? -ne 0 ]]; then
echo "Failed to login to container registry"
exit 1
fi
echo "Annotating image $digest with end-of-life date $endOfLifeDate"
oras attach \
--artifact-type "application/vnd.microsoft.artifact.lifecycle" \
--annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=${endOfLifeDate}T00:00:00Z" \
$digest --verbose
if [[ $? -ne 0 ]]; then
echo "Failed to annotate image!"
exit 1
fi

12
scripts/install-oras.sh Normal file
Просмотреть файл

@ -0,0 +1,12 @@
#!/bin/bash
az artifacts universal download --organization $ORGANIZATION --feed $FEED --name $NAME --version "${ORAS_VERSION}" --path .
if [[ $? -ne 0 ]]; then
echo "Failed to download oras_${ORAS_VERSION}_*.tar.gz"
exit 1
fi
mkdir -p oras-install/
tar -zxf oras_${ORAS_VERSION}_*.tar.gz -C oras-install/
sudo mv oras-install/oras /usr/local/bin/
rm -rf oras_${ORAS_VERSION}_*.tar.gz oras-install/

0
test-image.sh → scripts/test-image.sh Executable file → Normal file
Просмотреть файл

2
validate-image.sh → scripts/validate-image.sh Executable file → Normal file
Просмотреть файл

@ -75,4 +75,4 @@ else
fi
# Run tests
bash test-image.sh $distro $jdkversion
bash ./scripts/test-image.sh $distro $jdkversion