[nightly] Update common Docker engineering infrastructure with latest

eng/docker-tools/templates/1es.yml

@@ -39,6 +39,15 @@ parameters:
 - name: enableSbom
   type: boolean
   default: false
+# Network isolation policy that will be enabled for jobs. The default policy
+# allows all outbound connections except for public package feeds and known
+# malicious endpoints. If this policy breaks the build, then it can be set to
+# "Permissive" temporarily until external dependencies are resolved.
+# See the network isolation documentation for more details:
+# https://eng.ms/docs/coreai/devdiv/one-engineering-system-1es/1es-build/cloudbuild/security/1espt-network-isolation
+- name: networkIsolationPolicy
+  type: string
+  default: Permissive,CFSClean
 
 resources:
   repositories:
@@ -53,6 +62,8 @@ extends:
     baseTemplate: v1/1ES.${{ iif(contains(variables['Build.DefinitionName'], '-official'), 'Official', 'Unofficial') }}.PipelineTemplate.yml@1ESPipelineTemplates
     templateParameters:
       pool: ${{ parameters.pool }}
+      settings:
+        networkIsolationPolicy: ${{ parameters.networkIsolationPolicy }}
       sdl:
         sbom:
           enabled: ${{ parameters.enableSbom }}

eng/docker-tools/templates/stages/dotnet/publish-config-nonprod.yml

@@ -47,6 +47,8 @@ stages:
     internalProjectName: "internal"
     publicProjectName: "public"
 
+    # publishConfig schema is defined in src/ImageBuilder/Configuration/PublishConfiguration.cs.
+    # This will get converted to JSON and placed in appsettings.json to be loaded by ImageBuilder at runtime.
     publishConfig:
       internalMirrorAcr:
         server: $(acr-staging-test.server)

eng/docker-tools/templates/stages/dotnet/publish-config-prod.yml

@@ -47,6 +47,8 @@ stages:
     internalProjectName: "internal"
     publicProjectName: "public"
 
+    # publishConfig schema is defined in src/ImageBuilder/Configuration/PublishConfiguration.cs.
+    # This will get converted to JSON and placed in appsettings.json to be loaded by ImageBuilder at runtime.
     publishConfig:
       internalMirrorAcr:
         server: $(acr-staging.server)

eng/docker-tools/templates/variables/common.yml

@@ -66,7 +66,7 @@ variables:
 - name: default1ESInternalPoolName
   value: NetCore1ESPool-Internal
 - name: default1ESInternalPoolImage
-  value: 1es-ubuntu-2204
+  value: Azure-Linux-3-Amd64
 
 - template: /eng/docker-tools/templates/variables/sdl-pool.yml@self
 

eng/docker-tools/templates/variables/docker-images.yml

@@ -1,5 +1,5 @@
 variables:
-  imageNames.imageBuilderName: mcr.microsoft.com/dotnet-buildtools/image-builder:2858448
+  imageNames.imageBuilderName: mcr.microsoft.com/dotnet-buildtools/image-builder:2862284
   imageNames.imageBuilder: $(imageNames.imageBuilderName)
   imageNames.imageBuilder.withrepo: imagebuilder-withrepo:$(Build.BuildId)-$(System.JobId)
   imageNames.testRunner: mcr.microsoft.com/dotnet-buildtools/prereqs:azurelinux3.0-docker-testrunner