From 90542a476c8ef3288039e2443a775e48db279173 Mon Sep 17 00:00:00 2001 From: Billy O'Neal Date: Tue, 5 Mar 2024 12:35:00 -0800 Subject: [PATCH] Change Android docker hosts to CBL-Mariner (#37130) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CBL-Mariner ( https://github.com/micro…soft/azurelinux ) This resolves a Service360 alert caused by Ubuntu refusing to make a security patch publicly available for Ubuntu 22.04 LTS, see https://ubuntu.com/security/notices/USN-6472-1 . It seems likely that we will need to reconsider Ubuntu being our 'default' test environment following this type of behavior, since it's likely vcpkg customers will be similarly affected. --- .../android/azure-pipelines.yml | 25 +++++++++---------- ...n-image.sh => example-ubuntu-provision.sh} | 4 +++ scripts/azure-pipelines/azure-pipelines.yml | 4 --- 3 files changed, 16 insertions(+), 17 deletions(-) rename scripts/azure-pipelines/android/{provision-image.sh => example-ubuntu-provision.sh} (71%) diff --git a/scripts/azure-pipelines/android/azure-pipelines.yml b/scripts/azure-pipelines/android/azure-pipelines.yml index 71a5c4fe79..28b7e6d426 100644 --- a/scripts/azure-pipelines/android/azure-pipelines.yml +++ b/scripts/azure-pipelines/android/azure-pipelines.yml @@ -11,8 +11,6 @@ parameters: type: string - name: jobName type: string - - name: poolName - type: string - name: dockerImage type: string - name: tripletPattern @@ -24,7 +22,9 @@ jobs: - job: ${{ parameters.jobName }} condition: and(succeeded(), contains('^${{ parameters.triplet }}$', '${{ parameters.tripletPattern }}')) pool: - name: ${{ parameters.poolName }} + name: 'PrAnd-1ES-Pool' + demands: + - ImageOverride -equals vcpkg-mariner-docker-gen1 workspace: clean: resources timeoutInMinutes: 1440 # 1 day @@ -44,7 +44,6 @@ jobs: steps: # Note: /mnt is the Azure machines' temporary disk. - bash: | - curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash az login --identity az acr login --name vcpkgandroidwus3 displayName: 'Set up managed identity' @@ -57,6 +56,15 @@ jobs: sudo mkdir ${{ variables.VCPKG_DOWNLOADS }} -m=777 exit 0 displayName: 'Create working directories' + - bash: | + CONTAINERS=$(docker ps -a -q) + if [ -n "$CONTAINERS" ]; then + docker rm -f $CONTAINERS + fi + displayName: 'Stop and remove all docker containers' + - bash: | + docker pull ${{ parameters.dockerImage }} + displayName: 'Pull Docker Container' - bash: | docker run --rm \ --mount type=bind,source=$(Build.Repository.LocalPath),target=/vcpkg \ @@ -71,15 +79,6 @@ jobs: ./scripts/azure-pipelines/bootstrap-from-source.sh ${{ parameters.vcpkgToolSha }} displayName: "Build vcpkg with CMake" condition: ne('use default', '${{ parameters.vcpkgToolSha }}') - - bash: | - CONTAINERS=$(docker ps -a -q) - if [ -n "$CONTAINERS" ]; then - docker rm -f $CONTAINERS - fi - displayName: 'Stop and remove all docker containers' - - bash: | - docker pull ${{ parameters.dockerImage }} - displayName: 'Pull Docker Container' - task: Bash@3 inputs: targetType: inline diff --git a/scripts/azure-pipelines/android/provision-image.sh b/scripts/azure-pipelines/android/example-ubuntu-provision.sh similarity index 71% rename from scripts/azure-pipelines/android/provision-image.sh rename to scripts/azure-pipelines/android/example-ubuntu-provision.sh index 350493821a..ada5445ea0 100644 --- a/scripts/azure-pipelines/android/provision-image.sh +++ b/scripts/azure-pipelines/android/example-ubuntu-provision.sh @@ -4,6 +4,10 @@ # # This script is to set up the machine for the Docker host. +# This script is no longer used by official vcpkg testing due to an internal compliance effort +# requiring use of CBL-Mariner. It's still intended to be more or less identical to how the lab +# actually works though; everything meaningful is inside the Docker image; see Dockerfile + export DEBIAN_FRONTEND=noninteractive ## Docker diff --git a/scripts/azure-pipelines/azure-pipelines.yml b/scripts/azure-pipelines/azure-pipelines.yml index f5118c5f1a..4290e6e422 100644 --- a/scripts/azure-pipelines/azure-pipelines.yml +++ b/scripts/azure-pipelines/azure-pipelines.yml @@ -2,7 +2,6 @@ # SPDX-License-Identifier: MIT # variables: - android-pool: 'PrAnd-1ES-Pool' linux-pool: 'PrLin-1ES-Pool' windows-pool: 'PrWin-2024-02-16' osx-pool: 'PrOsx-2024-01-18' @@ -102,7 +101,6 @@ jobs: parameters: triplet: arm-neon-android jobName: arm_neon_android - poolName: $(android-pool) dockerImage: $(linux-docker-image) vcpkgToolSha: ${{ parameters.vcpkgToolSha }} tripletPattern: ${{ parameters.tripletPattern }} @@ -111,7 +109,6 @@ jobs: parameters: triplet: x64-android jobName: x64_android - poolName: $(android-pool) dockerImage: $(linux-docker-image) vcpkgToolSha: ${{ parameters.vcpkgToolSha }} tripletPattern: ${{ parameters.tripletPattern }} @@ -120,7 +117,6 @@ jobs: parameters: triplet: arm64-android jobName: arm64_android - poolName: $(android-pool) dockerImage: $(linux-docker-image) vcpkgToolSha: ${{ parameters.vcpkgToolSha }} tripletPattern: ${{ parameters.tripletPattern }}