Skip to content

Update ImageBuilder and update pipelines to use appsettings.json for configuration #1900

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lbussell wants to merge 14 commits into
base: main
Choose a base branch
from
Open

Update ImageBuilder and update pipelines to use appsettings.json for configuration #1900

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
1e8a0f8
Update Image Builder tag reference
dotnet-docker-bot Dec 19, 2025
9412990
Remove "acr" service connection for build command
lbussell Dec 2, 2025
5f5472f
Remove some service connection arguments
lbussell Dec 5, 2025
efdc1d3
Output appsettings.json during ImageBuilder setup
lbussell Dec 2, 2025
c6d87fd
Convert to long form template parameters
lbussell Dec 2, 2025
50cbf1a
Remove default service connection arg
lbussell Dec 5, 2025
5b86d60
Pass publishConfig to init template in publish job
lbussell Dec 5, 2025
00c9607
Update publishConfig parameters to match new names
lbussell Dec 19, 2025
11ccf3c
Add publish configuration to windows
lbussell Dec 19, 2025
1a43727
Put appsettings.json in the default working directory
lbussell Dec 19, 2025
d85e914
Place appsettings.json in repo root/working directory
lbussell Dec 22, 2025
bf102ff
Merge branch 'main' into update-imagebuilder
lbussell Dec 22, 2025
eab57b0
Change condition type to string instead of boolean
lbussell Dec 22, 2025
82872ad
Condition output publish configuration step on not being a pull request
Copilot Dec 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion eng/docker-tools/DEV-GUIDE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ Build Stage
└── Apply EOL annotations
```
- Full pipeline with all stages
- Images flow: `buildAcr` → `publishAcr` → MAR (see [`publish-config-prod.yml`](templates/stages/dotnet/publish-config-prod.yml) for ACR definitions)
- Images flow: `BuildRegistry` → `PublishRegistry` → MAR (see [`publish-config-prod.yml`](templates/stages/dotnet/publish-config-prod.yml) for ACR definitions)
- Tests run against staged images
- Only successful builds get published

Expand Down
21 changes: 8 additions & 13 deletions eng/docker-tools/templates/jobs/build-images.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ jobs:
- ${{ parameters.commonInitStepsForMatrixAndBuild }}
- template: /eng/docker-tools/templates/jobs/${{ format('../steps/init-docker-{0}.yml', parameters.dockerClientOS) }}@self
parameters:
publishConfig: ${{ parameters.publishConfig }}
cleanupDocker: true
- ${{ parameters.customInitSteps }}
- template: /eng/docker-tools/templates/steps/set-image-info-path-var.yml@self
Expand All @@ -51,7 +52,7 @@ jobs:
# the environment variable for us.
$imageBuilderBuildArgs = "$env:IMAGEBUILDERBUILDARGS $env:IMAGEBUILDER_QUEUEARGS --image-info-output-path $(imageInfoContainerDir)/$(legName)-image-info.json $(commonMatrixAndBuildOptions)"
if ($env:SYSTEM_TEAMPROJECT -eq "${{ parameters.internalProjectName }}" -and $env:BUILD_REASON -ne "PullRequest") {
$imageBuilderBuildArgs = "$imageBuilderBuildArgs --repo-prefix ${{ parameters.publishConfig.buildAcr.repoPrefix }} --push"
$imageBuilderBuildArgs = "$imageBuilderBuildArgs --repo-prefix ${{ parameters.publishConfig.BuildRegistry.repoPrefix }} --push"
}

# If the pipeline isn't configured to disable the cache and a build variable hasn't been set to disable the cache
Expand All @@ -66,14 +67,8 @@ jobs:
parameters:
name: BuildImages
displayName: Build Images
serviceConnections:
# "name" here refers to the argument name, not the service connection name.
# It should probably be changed to "argName".
- name: acr
id: ${{ parameters.publishConfig.buildAcr.serviceConnection.id }}
tenantId: ${{ parameters.publishConfig.buildAcr.serviceConnection.tenantId }}
clientId: ${{ parameters.publishConfig.buildAcr.serviceConnection.clientId }}
- ${{ if parameters.storageAccountServiceConnection }}:
${{ if parameters.storageAccountServiceConnection }}:
serviceConnections:
- name: storage
id: ${{ parameters.storageAccountServiceConnection.id }}
tenantId: ${{ parameters.storageAccountServiceConnection.tenantId }}
Expand All @@ -89,8 +84,8 @@ jobs:
--architecture $(architecture)
--retry
--digests-out-var 'builtImages'
--acr-subscription '${{ parameters.publishConfig.buildAcr.subscription }}'
--acr-resource-group '${{ parameters.publishConfig.buildAcr.resourceGroup }}'
--acr-subscription '${{ parameters.publishConfig.BuildRegistry.subscription }}'
--acr-resource-group '${{ parameters.publishConfig.BuildRegistry.resourceGroup }}'
$(manifestVariables)
$(imageBuilderBuildArgs)
- template: /eng/docker-tools/templates/steps/publish-artifact.yml@self
Expand All @@ -104,12 +99,12 @@ jobs:
- powershell: |
$images = "$(BuildImages.builtImages)"
if (-not $images) { return 0 }
$syftImageName = "${{ parameters.publishConfig.publicMirrorAcr.server }}/$(imageNames.syft)"
$syftImageName = "${{ parameters.publishConfig.PublicMirrorRegistry.server }}/$(imageNames.syft)"
& $(engDockerToolsPath)/Pull-Image.ps1 $syftImageName
$images -Split ',' | ForEach-Object {
echo "Generating SBOM for $_";
$targetImageName = "$_";
$formattedImageName = $targetImageName.Replace('${{ parameters.publishConfig.buildAcr.server }}/${{ parameters.publishConfig.buildAcr.repoPrefix }}', "").Replace('/', '_').Replace(':', '_');
$formattedImageName = $targetImageName.Replace('${{ parameters.publishConfig.BuildRegistry.server }}/${{ parameters.publishConfig.BuildRegistry.repoPrefix }}', "").Replace('/', '_').Replace(':', '_');
$sbomChildDir = "$(sbomDirectory)/$formattedImageName";
New-Item -Type Directory -Path $sbomChildDir > $null;
docker build --output=$sbomChildDir -f $(engDockerToolsPath)/Dockerfile.syft --build-arg SYFT_IMAGE_NAME=$syftImageName --build-arg TARGET_IMAGE_NAME=$targetImageName -t syft-sbom $(engDockerToolsPath);
Expand Down
4 changes: 2 additions & 2 deletions eng/docker-tools/templates/jobs/copy-base-images-staging.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,5 +25,5 @@ jobs:
pool: ${{ parameters.pool }}
customInitSteps: ${{ parameters.customInitSteps }}
additionalOptions: ${{ parameters.additionalOptions }}
acr: ${{ parameters.publishConfig.internalMirrorAcr }}
repoPrefix: ${{ parameters.publishConfig.internalMirrorAcr.repoPrefix }}
acr: ${{ parameters.publishConfig.InternalMirrorRegistry }}
repoPrefix: ${{ parameters.publishConfig.InternalMirrorRegistry.repoPrefix }}
5 changes: 0 additions & 5 deletions eng/docker-tools/templates/jobs/generate-matrix.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,10 +63,5 @@ jobs:
parameters:
name: matrix
displayName: Generate ${{ parameters.matrixType }} Matrix
serviceConnections:
- name: acr
tenantId: $(build.serviceConnection.tenantId)
clientId: $(build.serviceConnection.clientId)
id: $(build.serviceConnection.id)
internalProjectName: internal
args: $(generateBuildMatrixCommand)
43 changes: 15 additions & 28 deletions eng/docker-tools/templates/jobs/publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
- name: imageBuilder.commonCmdArgs
value: >-
--manifest '$(manifest)'
--registry-override '${{ parameters.publishConfig.publishAcr.server }}'
--registry-override '${{ parameters.publishConfig.PublishRegistry.server }}'
$(manifestVariables)
$(imageBuilder.queueArgs)
- name: publishNotificationRepoName
Expand Down Expand Up @@ -53,6 +53,8 @@ jobs:
- template: /eng/docker-tools/templates/steps/retain-build.yml@self

- template: /eng/docker-tools/templates/steps/init-docker-linux.yml@self
parameters:
publishConfig: ${{ parameters.publishConfig }}

- pwsh: |
$azdoOrgName = Split-Path -Leaf $Env:SYSTEM_COLLECTIONURI
Expand Down Expand Up @@ -95,21 +97,16 @@ jobs:
- template: /eng/docker-tools/templates/steps/run-imagebuilder.yml@self
parameters:
displayName: Copy Images
serviceConnections:
- name: acr
id: ${{ parameters.publishConfig.publishAcr.serviceConnection.id }}
tenantId: ${{ parameters.publishConfig.publishAcr.serviceConnection.tenantId }}
clientId: ${{ parameters.publishConfig.publishAcr.serviceConnection.clientId }}
internalProjectName: ${{ parameters.internalProjectName }}
args: >-
copyAcrImages
'${{ parameters.publishConfig.buildAcr.subscription }}'
'${{ parameters.publishConfig.buildAcr.resourceGroup }}'
'${{ parameters.publishConfig.buildAcr.repoPrefix }}'
'${{ parameters.publishConfig.buildAcr.server }}'
'${{ parameters.publishConfig.BuildRegistry.subscription }}'
'${{ parameters.publishConfig.BuildRegistry.resourceGroup }}'
'${{ parameters.publishConfig.BuildRegistry.repoPrefix }}'
'${{ parameters.publishConfig.BuildRegistry.server }}'
--os-type '*'
--architecture '*'
--repo-prefix '${{ parameters.publishConfig.publishAcr.repoPrefix }}'
--repo-prefix '${{ parameters.publishConfig.PublishRegistry.repoPrefix }}'
--image-info '$(imageInfoContainerDir)/image-info.json'
$(dryRunArg)
$(imageBuilder.pathArgs)
Expand All @@ -118,17 +115,12 @@ jobs:
- template: /eng/docker-tools/templates/steps/run-imagebuilder.yml@self
parameters:
displayName: Publish Manifest
serviceConnections:
- name: acr
id: ${{ parameters.publishConfig.publishAcr.serviceConnection.id }}
tenantId: ${{ parameters.publishConfig.publishAcr.serviceConnection.tenantId }}
clientId: ${{ parameters.publishConfig.publishAcr.serviceConnection.clientId }}
internalProjectName: ${{ parameters.internalProjectName }}
dockerClientOS: ${{ parameters.dockerClientOS }}
args: >-
publishManifest
'$(imageInfoContainerDir)/image-info.json'
--repo-prefix '${{ parameters.publishConfig.publishAcr.repoPrefix }}'
--repo-prefix '${{ parameters.publishConfig.PublishRegistry.repoPrefix }}'
--os-type '*'
--architecture '*'
$(dryRunArg)
Expand Down Expand Up @@ -208,17 +200,12 @@ jobs:
- template: /eng/docker-tools/templates/steps/run-imagebuilder.yml@self
parameters:
displayName: Generate EOL Annotation Data
serviceConnections:
- name: acr
id: ${{ parameters.publishConfig.publishAcr.serviceConnection.id }}
tenantId: ${{ parameters.publishConfig.publishAcr.serviceConnection.tenantId }}
clientId: ${{ parameters.publishConfig.publishAcr.serviceConnection.clientId }}
internalProjectName: internal
condition: and(succeeded(), eq(variables['publishEolAnnotations'], 'true'))
args: >-
generateEolAnnotationDataForPublish
'${{ parameters.publishConfig.publishAcr.server }}'
'${{ parameters.publishConfig.publishAcr.repoPrefix }}'
'${{ parameters.publishConfig.PublishRegistry.server }}'
'${{ parameters.publishConfig.PublishRegistry.repoPrefix }}'
'$(artifactsPath)/eol-annotation-data/eol-annotation-data.json'
'$(imageInfoContainerDir)/full-image-info-orig.json'
'$(imageInfoContainerDir)/full-image-info-new.json'
Expand All @@ -236,7 +223,7 @@ jobs:

- template: /eng/docker-tools/templates/steps/annotate-eol-digests.yml@self
parameters:
acr: ${{ parameters.publishConfig.publishAcr }}
acr: ${{ parameters.publishConfig.PublishRegistry }}
dataFile: $(artifactsPath)/eol-annotation-data/eol-annotation-data.json

- script: >
Expand Down Expand Up @@ -275,7 +262,7 @@ jobs:
$(gitHubNotificationsRepoInfo.authArgs)
'$(gitHubNotificationsRepoInfo.org)'
'$(gitHubNotificationsRepoInfo.repo)'
--repo-prefix '${{ parameters.publishConfig.publishAcr.repoPrefix }}'
--repo-prefix '${{ parameters.publishConfig.PublishRegistry.repoPrefix }}'
--task "🟪 Copy Images"
--task "🟪 Publish Manifest"
--task "🟪 Wait for Image Ingestion"
Expand All @@ -284,8 +271,8 @@ jobs:
--task "🟪 Publish Image Info"
--task "🟪 Ingest Kusto Image Info"
--task "🟪 Generate EOL Annotation Data"
--task "🟪 Annotate EOL Images (${{ parameters.publishConfig.publishAcr.server }})"
--task "🟪 Wait for Annotation Ingestion (${{ parameters.publishConfig.publishAcr.server }})"
--task "🟪 Annotate EOL Images (${{ parameters.publishConfig.PublishRegistry.server }})"
--task "🟪 Wait for Annotation Ingestion (${{ parameters.publishConfig.PublishRegistry.server }})"
$(dryRunArg)
$(imageBuilder.commonCmdArgs)
displayName: Post Publish Notification
Expand Down
8 changes: 4 additions & 4 deletions eng/docker-tools/templates/stages/dotnet/publish-config-nonprod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ stages:
# publishConfig schema is defined in src/ImageBuilder/Configuration/PublishConfiguration.cs.
# This will get converted to JSON and placed in appsettings.json to be loaded by ImageBuilder at runtime.
publishConfig:
internalMirrorAcr:
InternalMirrorRegistry:
server: $(acr-staging-test.server)
repoPrefix: $(mirrorRepoPrefix)
resourceGroup: $(testResourceGroup)
Expand All @@ -61,7 +61,7 @@ stages:
clientId: $(internal-mirror-test.serviceConnection.clientId)
tenantId: $(testTenant)

publicMirrorAcr:
PublicMirrorRegistry:
server: $(public-mirror.server)
resourceGroup: $(public-mirror.resourceGroup)
subscription: $(public-mirror.subscription)
Expand All @@ -71,7 +71,7 @@ stages:
tenantId: $(public-mirror.serviceConnection.tenantId)
clientId: $(public-mirror.serviceConnection.clientId)

buildAcr:
BuildRegistry:
server: $(acr-staging-test.server)
resourceGroup: $(testResourceGroup)
subscription: $(testSubscription)
Expand All @@ -94,7 +94,7 @@ stages:
clientId: $(test-nonprod.serviceConnection.clientId)
tenantId: $(testTenant)

publishAcr:
PublishRegistry:
server: $(acr-test.server)
resourceGroup: $(testResourceGroup)
subscription: $(testSubscription)
Expand Down
8 changes: 4 additions & 4 deletions eng/docker-tools/templates/stages/dotnet/publish-config-prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ stages:
# publishConfig schema is defined in src/ImageBuilder/Configuration/PublishConfiguration.cs.
# This will get converted to JSON and placed in appsettings.json to be loaded by ImageBuilder at runtime.
publishConfig:
internalMirrorAcr:
InternalMirrorRegistry:
server: $(acr-staging.server)
repoPrefix: $(mirrorRepoPrefix)
resourceGroup: $(acr-staging.resourceGroup)
Expand All @@ -61,7 +61,7 @@ stages:
clientId: $(internal-mirror.serviceConnection.clientId)
tenantId: $(internal-mirror.serviceConnection.tenantId)

publicMirrorAcr:
PublicMirrorRegistry:
server: $(public-mirror.server)
resourceGroup: $(public-mirror.resourceGroup)
subscription: $(public-mirror.subscription)
Expand All @@ -71,7 +71,7 @@ stages:
tenantId: $(public-mirror.serviceConnection.tenantId)
clientId: $(public-mirror.serviceConnection.clientId)

buildAcr:
BuildRegistry:
server: $(acr-staging.server)
resourceGroup: $(acr-staging.resourceGroup)
subscription: $(acr-staging.subscription)
Expand All @@ -94,7 +94,7 @@ stages:
clientId: $(test.serviceConnection.clientId)
tenantId: $(test.serviceConnection.tenantId)

publishAcr:
PublishRegistry:
server: $(acr.server)
resourceGroup: $(acr.resourceGroup)
subscription: $(acr.subscription)
Expand Down
5 changes: 0 additions & 5 deletions eng/docker-tools/templates/steps/annotate-eol-digests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,6 @@ steps:
- template: /eng/docker-tools/templates/steps/run-imagebuilder.yml@self
parameters:
displayName: Annotate EOL Images (${{ parameters.acr.server }})
serviceConnections:
- name: acr
id: ${{ parameters.acr.serviceConnection.id }}
tenantId: ${{ parameters.acr.serviceConnection.tenantId }}
clientId: ${{ parameters.acr.serviceConnection.clientId }}
internalProjectName: internal
condition: and(succeeded(), eq(variables['publishEolAnnotations'], 'true'))
args: >-
Expand Down
5 changes: 0 additions & 5 deletions eng/docker-tools/templates/steps/clean-acr-images.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,6 @@ steps:
displayName: "Clean ${{ parameters.repo }} (${{ parameters.action }} > ${{ parameters.age }}d)"
${{ else }}:
displayName: "Clean ${{ parameters.repo }} (${{ parameters.action }})"
serviceConnections:
- name: acr
id: ${{ parameters.publishConfig.cleanServiceConnection.id }}
tenantId: ${{ parameters.publishConfig.cleanServiceConnection.tenantId }}
clientId: ${{ parameters.publishConfig.cleanServiceConnection.clientId }}
internalProjectName: ${{ parameters.internalProjectName }}
args: >-
cleanAcrImages
Expand Down
5 changes: 0 additions & 5 deletions eng/docker-tools/templates/steps/copy-base-images.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,6 @@ steps:
- template: /eng/docker-tools/templates/steps/run-imagebuilder.yml@self
parameters:
displayName: Copy Base Images
serviceConnections:
- name: "acr"
tenantId: ${{ parameters.acr.serviceConnection.tenantId }}
clientId: ${{ parameters.acr.serviceConnection.clientId }}
id: ${{ parameters.acr.serviceConnection.id }}
continueOnError: ${{ parameters.continueOnError }}
internalProjectName: 'internal'
# Use environment variable to reference $(dryRunArg). Since $(dryRunArg) might be undefined,
Expand Down
36 changes: 32 additions & 4 deletions eng/docker-tools/templates/steps/init-docker-linux.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,21 @@
parameters:
setupImageBuilder: true
setupTestRunner: false
cleanupDocker: false
condition: true
- name: setupImageBuilder
type: boolean
default: true
- name: setupTestRunner
type: boolean
default: false
# Whether existing Docker images will be deleted
- name: cleanupDocker
type: boolean
default: false
# Whether or not to run the steps in this template
- name: condition
type: string
default: "true"
- name: publishConfig
type: object
default: null

steps:
- template: /eng/docker-tools/templates/steps/init-common.yml@self
Expand All @@ -29,6 +42,21 @@ steps:
displayName: Pull Image Builder
condition: and(succeeded(), ${{ parameters.condition }})

- ${{ if and(parameters.publishConfig, ne(variables['Build.Reason'], 'PullRequest')) }}:
# .NET Microsoft.Extensions.Configuration reads appsettings.json from the working directory when
# ImageBuilder is run. By putting the publish configuration in the root of the repo, it will be
# copied into the ImageBuilder container and read from there.
- powershell: |-
$appsettingsJsonContent = @"
{
"PublishConfiguration": ${{ convertToJson(parameters.publishConfig) }}
}
"@
Set-Content -Path "appsettings.json" -Value $appsettingsJsonContent
Get-Content -Path "appsettings.json"
displayName: Output publish configuration
condition: and(succeeded(), ${{ parameters.condition }})

- script: >-
docker build
-t $(imageNames.imageBuilder.withrepo)
Expand Down
18 changes: 17 additions & 1 deletion eng/docker-tools/templates/steps/init-docker-windows.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
parameters:
setupImageBuilder: true
condition: true
condition: "true"
publishConfig: null

steps:
- template: /eng/docker-tools/templates/steps/init-common.yml@self
Expand Down Expand Up @@ -37,6 +38,21 @@ steps:
displayName: Cleanup Setup Container
condition: and(always(), ${{ parameters.condition }})
continueOnError: true

- ${{ if and(parameters.publishConfig, ne(variables['Build.Reason'], 'PullRequest')) }}:
# .NET Microsoft.Extensions.Configuration reads appsettings.json from the working directory
# where ImageBuilder is run, not from the executable's directory. Place it in the repo root.
- powershell: |-
$appsettingsJsonContent = @"
{
"PublishConfiguration": ${{ convertToJson(parameters.publishConfig) }}
}
"@
Set-Content -Path "appsettings.json" -Value $appsettingsJsonContent
Get-Content -Path "appsettings.json"
displayName: Output publish configuration
condition: and(succeeded(), ${{ parameters.condition }})

- task: PowerShell@2
displayName: Define runImageBuilderCmd Variables
condition: and(succeeded(), ${{ parameters.condition }})
Expand Down
2 changes: 1 addition & 1 deletion eng/docker-tools/templates/steps/init-matrix-build-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ steps:
- powershell: |
$commonMatrixAndBuildOptions = "--source-repo $(publicGitRepoUri)"
if ("$(System.TeamProject)" -eq "internal" -and "$(Build.Reason)" -ne "PullRequest") {
$commonMatrixAndBuildOptions = "$commonMatrixAndBuildOptions --source-repo-prefix ${{ parameters.publishConfig.internalMirrorAcr.repoPrefix }} --registry-override ${{ parameters.publishConfig.buildAcr.server }}"
$commonMatrixAndBuildOptions = "$commonMatrixAndBuildOptions --source-repo-prefix ${{ parameters.publishConfig.InternalMirrorRegistry.repoPrefix }} --registry-override ${{ parameters.publishConfig.BuildRegistry.server }}"
}

if ("$(System.TeamProject)" -eq "public" -and "$(public-mirror.server)" -ne "") {
Expand Down
Loading
Loading