Update node

Author: daniv-msft

vsts/pipelines/baseImages/dotnetcore.yml

@@ -8,47 +8,60 @@ variables:
   value: true
 - name: Packaging.EnableSBOMSigning
   value: true
-
-jobs:
-- template: ../templates/_buildimageBasesJobTemplate.yml
+resources:
+  repositories:
+  - repository: 1ESPipelineTemplates
+    type: git
+    name: 1ESPipelineTemplates/1ESPipelineTemplates
+    ref: refs/tags/release
+extends:
+  template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
   parameters:
-    displayName: Build DotNetCore runtime buster base images
-    scriptPath: ./build/buildRunTimeImageBases.sh
-    imageDir: dotnetcore
-    imageDebianFlavor: buster
-    artifactsFileName: dotnetcore-runtimeimage-bases-buster.txt
-    jobName: Build_DotNetCore_BaseImage_Buster
-
-- template: ../templates/_buildimageBasesJobTemplate.yml
-  parameters:
-    displayName: Build DotNetCore runtime bullseye base images
-    scriptPath: ./build/buildRunTimeImageBases.sh
-    imageDir: dotnetcore
-    imageDebianFlavor: bullseye
-    artifactsFileName: dotnetcore-runtimeimage-bases-bullseye.txt
-    jobName: Build_DotNetCore_BaseImage_Bullseye
-
-- template: ../templates/_buildimageBasesJobTemplate.yml
-  parameters:
-    displayName: Build DotNetCore runtime bookworm base images
-    scriptPath: ./build/buildRunTimeImageBases.sh
-    imageDir: dotnetcore
-    imageDebianFlavor: bookworm
-    artifactsFileName: dotnetcore-runtimeimage-bases-bookworm.txt
-    jobName: Build_DotNetCore_BaseImage_Bookworm
-
-- job: Release_DotNetCoreRuntimeBaseImage
-  dependsOn: 
-    - Build_DotNetCore_BaseImage_Buster
-    - Build_DotNetCore_BaseImage_Bullseye
-    - Build_DotNetCore_BaseImage_Bookworm
-  displayName: Push images to MCR
-  timeoutInMinutes: 250
-  pool:
-    name: AzurePipelines-EO
-    demands:
-      - ImageOverride -equals AzurePipelinesUbuntu20.04compliant
-  steps:
-    - template: ../templates/_releaseBaseImagesStepTemplate.yml
-      parameters:
-        baseImageName: 'dotnetcore'
+    pool:
+      name: AzurePipelines-EO
+      image: AzurePipelinesUbuntu20.04compliant
+      os: linux
+    sdl:
+      sourceAnalysisPool:
+        name: AzurePipelines-EO
+        os: windows
+    customBuildTags:
+    - ES365AIMigrationTooling-BulkMigrated
+    stages:
+    - stage: stage
+      jobs:
+      - template: /vsts/pipelines/templates/_buildimageBasesJobTemplate.yml@self
+        parameters:
+          displayName: Build DotNetCore runtime buster base images
+          scriptPath: ./build/buildRunTimeImageBases.sh
+          imageDir: dotnetcore
+          imageDebianFlavor: buster
+          artifactsFileName: dotnetcore-runtimeimage-bases-buster.txt
+          jobName: Build_DotNetCore_BaseImage_Buster
+      - template: /vsts/pipelines/templates/_buildimageBasesJobTemplate.yml@self
+        parameters:
+          displayName: Build DotNetCore runtime bullseye base images
+          scriptPath: ./build/buildRunTimeImageBases.sh
+          imageDir: dotnetcore
+          imageDebianFlavor: bullseye
+          artifactsFileName: dotnetcore-runtimeimage-bases-bullseye.txt
+          jobName: Build_DotNetCore_BaseImage_Bullseye
+      - template: /vsts/pipelines/templates/_buildimageBasesJobTemplate.yml@self
+        parameters:
+          displayName: Build DotNetCore runtime bookworm base images
+          scriptPath: ./build/buildRunTimeImageBases.sh
+          imageDir: dotnetcore
+          imageDebianFlavor: bookworm
+          artifactsFileName: dotnetcore-runtimeimage-bases-bookworm.txt
+          jobName: Build_DotNetCore_BaseImage_Bookworm
+      - job: Release_DotNetCoreRuntimeBaseImage
+        dependsOn:
+        - Build_DotNetCore_BaseImage_Buster
+        - Build_DotNetCore_BaseImage_Bullseye
+        - Build_DotNetCore_BaseImage_Bookworm
+        displayName: Push images to MCR
+        timeoutInMinutes: 250
+        steps:
+        - template: /vsts/pipelines/templates/_releaseBaseImagesStepTemplate.yml@self
+          parameters:
+            baseImageName: 'dotnetcore'

vsts/pipelines/baseImages/node.yml

@@ -8,45 +8,58 @@ variables:
   value: true
 - name: Packaging.EnableSBOMSigning
   value: true
-
-jobs:
-- template: ../templates/_buildimageBasesJobTemplate.yml
+resources:
+  repositories:
+  - repository: 1ESPipelineTemplates
+    type: git
+    name: 1ESPipelineTemplates/1ESPipelineTemplates
+    ref: refs/tags/release
+extends:
+  template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
   parameters:
-    displayName: Build Node runtime buster based images
-    scriptPath: ./build/buildRunTimeImageBases.sh
-    imageDir: node
-    imageDebianFlavor: buster
-    artifactsFileName: node-runtimeimage-bases-buster.txt
-    jobName: Build_Buster_BaseImages
-
-- template: ../templates/_buildimageBasesJobTemplate.yml
-  parameters:
-    displayName: Build Node runtime bullseye base images
-    scriptPath: ./build/buildRunTimeImageBases.sh
-    imageDir: node
-    imageDebianFlavor: bullseye
-    artifactsFileName: node-runtimeimage-bases-bullseye.txt
-    jobName: Build_Bullseye_BaseImages
-
-- template: ../templates/_buildimageBasesJobTemplate.yml
-  parameters:
-    displayName: Build Node runtime bookworm base images
-    scriptPath: ./build/buildRunTimeImageBases.sh
-    imageDir: node
-    imageDebianFlavor: bookworm
-    artifactsFileName: node-runtimeimage-bases-bookworm.txt
-    jobName: Build_Bookworm_BaseImages
-
-- job: Release_NodeRuntimeBaseImage
-  dependsOn: 
-    - Build_Buster_BaseImages
-  displayName: Push images to MCR
-  timeoutInMinutes: 250
-  pool:
-    name: AzurePipelines-EO
-    demands:
-      - ImageOverride -equals AzurePipelinesUbuntu20.04compliant
-  steps:
-    - template: ../templates/_releaseBaseImagesStepTemplate.yml
-      parameters:
-        baseImageName: 'node'
+    pool:
+      name: AzurePipelines-EO
+      image: AzurePipelinesUbuntu20.04compliant
+      os: linux
+    sdl:
+      sourceAnalysisPool:
+        name: AzurePipelines-EO
+        os: windows
+    customBuildTags:
+    - ES365AIMigrationTooling-BulkMigrated
+    stages:
+    - stage: stage
+      jobs:
+      - template: /vsts/pipelines/templates/_buildimageBasesJobTemplate.yml@self
+        parameters:
+          displayName: Build Node runtime buster based images
+          scriptPath: ./build/buildRunTimeImageBases.sh
+          imageDir: node
+          imageDebianFlavor: buster
+          artifactsFileName: node-runtimeimage-bases-buster.txt
+          jobName: Build_Buster_BaseImages
+      - template: /vsts/pipelines/templates/_buildimageBasesJobTemplate.yml@self
+        parameters:
+          displayName: Build Node runtime bullseye base images
+          scriptPath: ./build/buildRunTimeImageBases.sh
+          imageDir: node
+          imageDebianFlavor: bullseye
+          artifactsFileName: node-runtimeimage-bases-bullseye.txt
+          jobName: Build_Bullseye_BaseImages
+      - template: /vsts/pipelines/templates/_buildimageBasesJobTemplate.yml@self
+        parameters:
+          displayName: Build Node runtime bookworm base images
+          scriptPath: ./build/buildRunTimeImageBases.sh
+          imageDir: node
+          imageDebianFlavor: bookworm
+          artifactsFileName: node-runtimeimage-bases-bookworm.txt
+          jobName: Build_Bookworm_BaseImages
+      - job: Release_NodeRuntimeBaseImage
+        dependsOn:
+        - Build_Buster_BaseImages
+        displayName: Push images to MCR
+        timeoutInMinutes: 250
+        steps:
+        - template: /vsts/pipelines/templates/_releaseBaseImagesStepTemplate.yml@self
+          parameters:
+            baseImageName: 'node'

vsts/pipelines/templates/_buildimageBasesJobTemplate.yml

@@ -1,91 +1,40 @@
-# trigger: none
-
-# The `resources` specify the location and version of the 1ES PT.
-resources:
-  repositories:
-  - repository: 1esPipelines
-    type: git
-    name: 1ESPipelineTemplates/1ESPipelineTemplates
-    ref: refs/tags/release
-
-extends:
-  # The pipeline extends the 1ES PT which will inject different SDL and compliance tasks.
-  # For non-production pipelines, use "Unofficial" as defined below.
-  # For productions pipelines, use "Official".
-  template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
-  parameters:
-    # Update the pool with your team's 1ES hosted pool.
-    pool:
-      name: AzurePipelines-EO
-      image: AzurePipelinesUbuntu20.04compliant  # Name of the image in your pool. If not specified, first image of the pool is used
-      os: linux  # OS of the image. Allowed values: windows, linux, macOS
-
-    stages:
-    - stage: Stage
-      jobs:
-      - job: HostJob
-        timeoutInMinutes: 250
-        # If the pipeline publishes artifacts, use `templateContext` to define the artifacts.
-        # This will enable 1ES PT to run SDL analysis tools on the artifacts and then upload them.
-        templateContext:
-          outputs:
-          - output: pipelineArtifact
-            targetPath: $(Build.ArtifactStagingDirectory)
-            artifactName: buildImageBasesJobArtifact
-        # Define the steps that the pipeline will run.
-        # In most cases, copy and paste the steps from the original pipeline.
-        steps:  
-        - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
-          displayName: 'Component Detection - OSS Compliance'
-          inputs:
-            ignoreDirectories: '$(Build.SourcesDirectory)/tests'
-
-        - task: ShellScript@2
-          displayName: Build images
-          inputs:
-            scriptPath: ${{ parameters.scriptPath }}
-            args: ${{ parameters.imageDir }} ${{ parameters.imageDebianFlavor }}
-          env:
-            ORYX_SDK_STORAGE_ACCOUNT_ACCESS_TOKEN: $(ORYX-SDK-STAGING-PRIVATE-SAS-TOKEN)
-            DOTNET_PRIVATE_STORAGE_ACCOUNT_ACCESS_TOKEN: $(DotnetPrivateStorageAccountAccessToken)
-
-        - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
-          displayName: Generate Software Bill of Materials (SBOM)
-          inputs:
-            BuildDropPath: '$(Build.ArtifactStagingDirectory)'
-            AdditionalComponentDetectorArgs: '--DirectoryExclusionList **/SampleApps/**'
-
-        - task: CopyFiles@2
-          displayName: Copy artifacts to staging directory
-          inputs:
-            sourceFolder: '$(Build.SourcesDirectory)/artifacts'
-            contents: '**/*.*'
-            targetFolder: $(Build.ArtifactStagingDirectory)
-            overWrite: true
-          condition: true
-
-        - task: Docker@1
-          displayName: Push built base images to dev ACR
-          inputs:
-            command: push
-            azureSubscriptionEndpoint: $(ascName)
-            azureContainerRegistry: $(acrName)
-            pushMultipleImages: true
-            imageNamesPath: '$(Build.ArtifactStagingDirectory)/images/${{ parameters.artifactsFileName }}'
-            enforceDockerNamingConvention: false
-
-        - task: ShellScript@2
-          displayName: 'Clean up Docker containers and images'
-          inputs:
-            scriptPath: ./vsts/scripts/cleanDocker.sh
-
-        - task: PublishBuildArtifacts@1
-          displayName: Publish build artifacts
-          inputs:
-            pathtoPublish: $(Build.ArtifactStagingDirectory)
-
-        - task: ShellScript@2
-          displayName: 'Clean up Docker containers and images'
-          inputs:
-            scriptPath: ./vsts/scripts/cleanDocker.sh
-          condition: true
+jobs:
+- job: ${{ parameters.jobName }}
+  displayName: ${{ parameters.displayName }}
+  timeoutInMinutes: 250
+  templateContext:
+    outputs:
+    - output: pipelineArtifact
+      displayName: 'Publish build artifacts'
+      targetPath: $(Build.ArtifactStagingDirectory)
+  steps:
+  - task: ShellScript@2
+    displayName: Build images
+    inputs:
+      scriptPath: ${{ parameters.scriptPath }}
+      args: ${{ parameters.imageDir }} ${{ parameters.imageDebianFlavor }}
+    env:
+      ORYX_SDK_STORAGE_ACCOUNT_ACCESS_TOKEN: $(ORYX-SDK-STAGING-PRIVATE-SAS-TOKEN)
+      DOTNET_PRIVATE_STORAGE_ACCOUNT_ACCESS_TOKEN: $(DotnetPrivateStorageAccountAccessToken)
+  - task: CopyFiles@2
+    displayName: Copy artifacts to staging directory
+    inputs:
+      sourceFolder: '$(Build.SourcesDirectory)/artifacts'
+      contents: '**/*.*'
+      targetFolder: $(Build.ArtifactStagingDirectory)
+      overWrite: true
+    condition: true
+  - task: 1ES.PushContainerImage@1
+    displayName: Push built base images to dev ACR
+    inputs:
+      image: '$(Build.ArtifactStagingDirectory)/images/${{ parameters.artifactsFileName }}'
+      remoteImage: $(acrname)/$(Build.ArtifactStagingDirectory)/images/${{ parameters.artifactsFileName }}
+  - task: ShellScript@2
+    displayName: 'Clean up Docker containers and images'
+    inputs:
+      scriptPath: ./vsts/scripts/cleanDocker.sh
+  - task: ShellScript@2
+    displayName: 'Clean up Docker containers and images'
+    inputs:
+      scriptPath: ./vsts/scripts/cleanDocker.sh
+    condition: true