1.5 Update

.github/workflows/pr-lint.yaml

@@ -8,6 +8,7 @@ on:
     types:
       - opened
       - edited
+      - synchronize
 
 jobs:
   lint-pr-title:

.pipelines/.vsts-garabge-collection.yaml

@@ -23,9 +23,14 @@ jobs:
       fetchTags: false
       fetchDepth: 1
 
-    - bash: |
-        chmod +x ./vhdbuilder/scripts/gc.sh
-        ./vhdbuilder/scripts/gc.sh
+    - task: AzureCLI@2
+      inputs:
+        azureSubscription: $(ARM_SERVICE_CONNECTION)
+        scriptType: bash
+        scriptLocation: inlineScript
+        inlineScript: |
+          chmod +x ./vhdbuilder/scripts/gc.sh
+          ./vhdbuilder/scripts/gc.sh
       env:
         SUBSCRIPTION_ID: $(SUBSCRIPTION_ID)
         DRY_RUN: ${{ parameters.DRY_RUN }}

.pipelines/.vsts-vhd-builder-pr-windows.yaml

@@ -82,14 +82,21 @@ stages:
       # 2025 gen2 is the default, so build that for PRs
       build2025: False
       build2025gen2: True
+
   - stage: delete_old_windows_vhds
     dependsOn: [ ]
     condition: always()
     jobs:
       - job: build
         timeoutInMinutes: 180
         steps:
-          - bash: bash ./.pipelines/scripts/windows-sub-cleanup.sh
+          - task: AzureCLI@2
+            inputs:
+              azureSubscription: $(VHD_ARM_SERVICE_CONNECTION)
+              scriptType: bash
+              scriptLocation: inlineScript
+              inlineScript: |
+                bash ./.pipelines/scripts/windows-sub-cleanup.sh
             enabled: true
             displayName: Old Windows VHD Cleanup
             env:

.pipelines/.vsts-vhd-builder-release-windows.yaml

@@ -116,4 +116,4 @@ stages:
       skipExtensionCheck: ${{ variables.skipExtensionCheck }}
       installOpenSshServer: ${{ parameters.installOpenSshServer }}
       overrideBranch: ${{ parameters.overrideBranch }}
-      useOverrides: ${{ parameters.useOverrides }}
+      useOverrides: ${{ parameters.useOverrides }}

.pipelines/.vsts-vhd-builder-release.yaml

@@ -16,47 +16,47 @@ parameters:
   - name: buildMarinerV2gen1
     displayName: Build MarinerV2 Gen1
     type: boolean
-    default: true
+    default: false
   - name: buildAzureLinuxV2gen1
     displayName: Build AzureLinuxV2 Gen1
     type: boolean
-    default: true
+    default: false
   - name: buildAzureLinuxV3gen1
     displayName: Build AzureLinuxV3 Gen1
     type: boolean
     default: true
   - name: buildMarinerV2gen2
     displayName: Build MarinerV2 Gen2
     type: boolean
-    default: true
+    default: false
   - name: buildAzureLinuxV2gen2
     displayName: Build AzureLinuxV2 Gen2
     type: boolean
-    default: true
+    default: false
   - name: buildAzureLinuxV3gen2
     displayName: Build AzureLinuxV3 Gen2
     type: boolean
     default: true
   - name: buildMarinerV2gen1fips
     displayName: Build MarinerV2 Gen1 FIPS
     type: boolean
-    default: true
+    default: false
   - name: buildAzureLinuxV2gen1fips
     displayName: Build AzureLinuxV2 Gen1 FIPS
     type: boolean
-    default: true
+    default: false
   - name: buildAzureLinuxV3gen1fips
     displayName: Build AzureLinuxV3 Gen1 FIPS
     type: boolean
     default: true
   - name: buildMarinerV2gen2fips
     displayName: Build MarinerV2 Gen2 FIPS
     type: boolean
-    default: true
+    default: false
   - name: buildAzureLinuxV2gen2fips
     displayName: Build AzureLinuxV2 Gen2 FIPS
     type: boolean
-    default: true
+    default: false
   - name: buildAzureLinuxV3gen2fips
     displayName: Build AzureLinuxV3 Gen2 FIPS
     type: boolean
@@ -76,11 +76,11 @@ parameters:
   - name: buildMarinerV2ARM64
     displayName: Build MarinerV2 Gen2 - ARM64
     type: boolean
-    default: true
+    default: false
   - name: buildAzureLinuxV2ARM64
     displayName: Build AzureLinuxV2 Gen2 - ARM64
     type: boolean
-    default: true
+    default: false
   - name: buildAzureLinuxV3ARM64
     displayName: Build AzureLinuxV3 Gen2 - ARM64
     type: boolean
@@ -92,11 +92,11 @@ parameters:
   - name: buildMarinerV2gen2TrustedLaunch
     displayName: Build MarinerV2 Gen2 - Trusted Launch
     type: boolean
-    default: true
+    default: false
   - name: buildAzureLinuxV2gen2TrustedLaunch
     displayName: Build AzureLinuxV2 Gen2 - Trusted Launch
     type: boolean
-    default: true
+    default: false
   - name: buildAzureLinuxV3gen2TrustedLaunch
     displayName: Build AzureLinuxV3 Gen2 - Trusted Launch
     type: boolean

.pipelines/scripts/e2e_run.sh

@@ -4,7 +4,6 @@
 set -euo pipefail
 
 # This script runs the AgentBaker e2e tests for a VHD. It uses the following environment variables:
-# * E2E_AGENT_IDENTITY_ID: this variable contains the managed identity ID to log into azure with
 # * E2E_SUBSCRIPTION_ID: this variable contains the subscription to run the e2e tests in
 # * DefaultWorkingDirectory: this variable contains the default working directory. Likely "." is sufficient
 # * VHD_BUILD_ID - the build identifier for the pipeline. This is optional and if it is missing then the latest build from
@@ -15,8 +14,6 @@ set -euo pipefail
 # In addition, the e2e test framework reads a whole lot of environment variables.
 # These are defined in: e2e/config/config.go
 
-# First, login.
-az login --identity --resource-id "${E2E_AGENT_IDENTITY_ID}"
 az account set -s "${E2E_SUBSCRIPTION_ID}"
 echo "Using subscription ${E2E_SUBSCRIPTION_ID} for e2e tests"
 

.pipelines/scripts/windows-sub-cleanup.sh

@@ -6,8 +6,6 @@ if [ ${SUBSCRIPTION_ID} = ${PROD_SUBSCRIPTION_ID} ]; then
   exit 1
 fi
 
-make -f packer.mk az-login
-
 EXPIRATION_IN_HOURS=168
 # convert to seconds so we can compare it against the "tags.now" property in the resource group metadata
 (( expirationInSecs = ${EXPIRATION_IN_HOURS} * 60 * 60 ))
@@ -89,7 +87,7 @@ if [ -n "${AZURE_RESOURCE_GROUP_NAME}" ]; then
       if [ -n "$image_defs" ]; then
         echo "$image_defs"
       fi
-      
+
       echo "Deleting gallery ${gallery}"
       az sig delete --gallery-name ${gallery} --resource-group ${AZURE_RESOURCE_GROUP_NAME}
     fi
@@ -133,7 +131,7 @@ if [ -n "${AZURE_RESOURCE_GROUP_NAME}" ]; then
   pkr_groups=$(az group list | jq --arg dl $deadline -r '.[] | select(.name | test("pkr-Resource-Group*")) | select(.tags.now < $dl).name')
   for pkr_group in $pkr_groups; do
       echo "Deleting packer resource group $pkr_group"
-      az group delete --name ${pkr_group} --yes 
+      az group delete --name ${pkr_group} --yes
       echo "Deleted packer resource group $pkr_group"
   done
 fi

.pipelines/scripts/windows_build_vhd.sh

@@ -110,7 +110,6 @@ echo "Set build date to $BUILD_DATE"
 echo "Use CSE pacakge at URI: ${WINDOWS_CSE_PACKAGE_URI}"
 
 # Finally, we invoke packer to build the VHD.
-make -f packer.mk az-login
 packer init ./vhdbuilder/packer/packer-plugin.pkr.hcl
 packer version
 ./vhdbuilder/packer/produce-packer-settings.sh

.pipelines/templates/.build-and-test-windows-vhds-template.yaml

@@ -249,7 +249,13 @@ stages:
       - job: build
         timeoutInMinutes: 180
         steps:
-          - bash: bash ./vhdbuilder/packer/cleanup.sh
+          - task: AzureCLI@2
+            inputs:
+              azureSubscription: $(VHD_ARM_SERVICE_CONNECTION)
+              scriptType: bash
+              scriptLocation: inlineScript
+              inlineScript: |
+                bash ./vhdbuilder/packer/cleanup.sh
             enabled: true
             displayName: Cleanup
             condition: eq(  ${{ parameters.enableBackfillCleanup }} , 'True')

.pipelines/templates/.builder-release-template-windows.yaml

@@ -78,7 +78,13 @@ steps:
       itemPattern: '${{ parameters.csePackageFileName }}'
       targetPath: ${{ parameters.csePackageDir }}
 
-  - bash: bash ./.pipelines/scripts/windows_build_vhd.sh
+  - task: AzureCLI@2
+    inputs:
+      azureSubscription: $(VHD_ARM_SERVICE_CONNECTION)
+      scriptType: bash
+      scriptLocation: inlineScript
+      inlineScript: |
+        bash ./.pipelines/scripts/windows_build_vhd.sh
     displayName: Build and save VHD
     env:
       WINDOWS_SKU: ${{ parameters.windowsSku }}
@@ -115,23 +121,28 @@ steps:
 
 
   # Note: use -a to grep MANAGED_SIG_ID (packer-output should be read as a binary file in Linux)
-  - script: |
-      export TEST_VM_RESOURCE_GROUP_NAME="vhd-test-$(date +%s)-$RANDOM"
-      echo "ARCHITECTURE: ${{ parameters.architecture }}"
-      echo "##vso[task.setvariable variable=TEST_VM_RESOURCE_GROUP_NAME]$TEST_VM_RESOURCE_GROUP_NAME"
+  - task: AzureCLI@2
+    inputs:
+      azureSubscription: $(VHD_ARM_SERVICE_CONNECTION)
+      scriptType: bash
+      scriptLocation: inlineScript
+      inlineScript: |
+        export TEST_VM_RESOURCE_GROUP_NAME="vhd-test-$(date +%s)-$RANDOM"
+        echo "ARCHITECTURE: ${{ parameters.architecture }}"
+        echo "##vso[task.setvariable variable=TEST_VM_RESOURCE_GROUP_NAME]$TEST_VM_RESOURCE_GROUP_NAME"
 
-      # For pipelines where the container base images are provided via storage URLs (e.g., the test pipeline),
-      # the base image tag will be 'ltscxxx', which differs from the values specified in parts/common/component.json.
-      # As a result, cache validation behaves differently. To address this, we check if the container base image URL is set,
-      # and use this environment variable to control the cache validation logic in run-test.sh.
-      if [[ -n "${{ parameters.windowsNanoImageUrl }}" || -n "${{ parameters.windowsCoreImageUrl }}" || -n "${{ parameters.windowsContainerImageJsonUrl }}" ]]; then
-        export CONTAINTER_BASE_URLS_EXISTING=true
-      else
-        export CONTAINTER_BASE_URLS_EXISTING=false
-      fi
-      echo "CONTAINTER_BASE_URLS_EXISTING is $CONTAINTER_BASE_URLS_EXISTING"
+        # For pipelines where the container base images are provided via storage URLs (e.g., the test pipeline),
+        # the base image tag will be 'ltscxxx', which differs from the values specified in parts/common/component.json.
+        # As a result, cache validation behaves differently. To address this, we check if the container base image URL is set,
+        # and use this environment variable to control the cache validation logic in run-test.sh.
+        if [[ -n "${{ parameters.windowsNanoImageUrl }}" || -n "${{ parameters.windowsCoreImageUrl }}" || -n "${{ parameters.windowsContainerImageJsonUrl }}" ]]; then
+          export CONTAINTER_BASE_URLS_EXISTING=true
+        else
+          export CONTAINTER_BASE_URLS_EXISTING=false
+        fi
+        echo "CONTAINTER_BASE_URLS_EXISTING is $CONTAINTER_BASE_URLS_EXISTING"
 
-      ./vhdbuilder/packer/test/run-test.sh
+        ./vhdbuilder/packer/test/run-test.sh
     displayName: Run VHD cache test
     # I've seen some transient failures which seem timeing related so let's retry for now
     retryCountOnTaskFailure: 1
@@ -183,17 +194,22 @@ steps:
   # Moved conversion to VHD before cleanup.
   # Gen 2 packer outputs a sig in destination. This step: dest sig=>disk=>VHD in classic SA for publishing.
   # Credentials and resource group name come from the BUILD_**** pipeline variables because source sig is in the build subscription.
-  - bash: |
-      set -e
-      # because SUBSCRIPTION_ID and LOCATION are defined as a pipeline variable, setting this in the "env" section below doesn't work.
-      export LOCATION=$(AZURE_BUILD_LOCATION)
+  - task: AzureCLI@2
+    inputs:
+      azureSubscription: $(VHD_ARM_SERVICE_CONNECTION)
+      scriptType: bash
+      scriptLocation: inlineScript
+      inlineScript: |
+        set -e
+        # because SUBSCRIPTION_ID and LOCATION are defined as a pipeline variable, setting this in the "env" section below doesn't work.
+        export LOCATION=$(AZURE_BUILD_LOCATION)
 
-      export SIG_IMAGE_NAME="$(cat vhdbuilder/packer/settings.json | grep "sig_image_name" | awk -F':' '{print $2}' | awk -F'"' '{print $2}')"
-      export CAPTURED_SIG_VERSION="$(cat vhdbuilder/packer/settings.json | grep "captured_sig_version" | awk -F':' '{print $2}' | awk -F'"' '{print $2}')"
+        export SIG_IMAGE_NAME="$(cat vhdbuilder/packer/settings.json | grep "sig_image_name" | awk -F':' '{print $2}' | awk -F'"' '{print $2}')"
+        export CAPTURED_SIG_VERSION="$(cat vhdbuilder/packer/settings.json | grep "captured_sig_version" | awk -F':' '{print $2}' | awk -F'"' '{print $2}')"
 
-      make -f packer.mk convert-sig-to-classic-storage-account-blob
+        make -f packer.mk convert-sig-to-classic-storage-account-blob
     displayName: Convert Shared Image Gallery To VHD Blob In Classic Storage Account
-    condition: and(eq('$( DRY_RUN )', 'False'), eq(variables.SIG_FOR_PRODUCTION, 'True'), succeeded())
+    condition: and(succeeded(), eq(variables.DRY_RUN, 'False'), eq(variables.SIG_FOR_PRODUCTION, 'True'))
     env:
       LOCATION: $(AZURE_BUILD_LOCATION)
       RESOURCE_GROUP_NAME: $(AZURE_RESOURCE_GROUP_NAME)
@@ -212,16 +228,21 @@ steps:
   #                      Used to define the IMAGE_NAME below.
   # IMAGE_NAME:          Managed image created by packer: ManagedImageName in log. No longer used.
   #                      Can be cleaned up in this step.
-  - bash: |
-      set -e
+  - task: AzureCLI@2
+    inputs:
+      azureSubscription: $(VHD_ARM_SERVICE_CONNECTION)
+      scriptType: bash
+      scriptLocation: inlineScript
+      inlineScript: |
+        set -e
 
-      export PKR_RG_NAME="$(cat packer-output | grep -a "ResourceGroupName" | cut -d "'" -f 2 | head -1)"
-      export SA_NAME="$(cat packer-output | grep -a "storage name:" | cut -d " " -f 3)"
-      export IMPORTED_IMAGE_NAME="$(cat vhdbuilder/packer/settings.json | grep "imported_image_name" | awk -F':' '{print $2}' | awk -F'"' '{print $2}')"
-      export SIG_IMAGE_NAME="$(cat vhdbuilder/packer/settings.json | grep "sig_image_name" | awk -F':' '{print $2}' | awk -F'"' '{print $2}')"
-      export IMAGE_NAME="$(cat packer-output | grep -a "ManagedImageName:" | cut -d " " -f 2)"
+        export PKR_RG_NAME="$(cat packer-output | grep -a "ResourceGroupName" | cut -d "'" -f 2 | head -1)"
+        export SA_NAME="$(cat packer-output | grep -a "storage name:" | cut -d " " -f 3)"
+        export IMPORTED_IMAGE_NAME="$(cat vhdbuilder/packer/settings.json | grep "imported_image_name" | awk -F':' '{print $2}' | awk -F'"' '{print $2}')"
+        export SIG_IMAGE_NAME="$(cat vhdbuilder/packer/settings.json | grep "sig_image_name" | awk -F':' '{print $2}' | awk -F'"' '{print $2}')"
+        export IMAGE_NAME="$(cat packer-output | grep -a "ManagedImageName:" | cut -d " " -f 2)"
 
-      ./vhdbuilder/packer/cleanup.sh
+        ./vhdbuilder/packer/cleanup.sh
     displayName: Clean Up Packer Generated Resources
     condition: always()
     env:
@@ -239,21 +260,26 @@ steps:
   # Set VHD_NAME and SKU_NAME which will be published.
   # Note: use -a to grep OS_DISK_SAS (packer-output should be read as a binary file in Linux)
   # Perform this step only if we want to publish the VHD: Gen 1 or Gen 2 and the built sig is for production.
-  - bash: |
-      set -e
+  - task: AzureCLI@2
+    inputs:
+      azureSubscription: $(VHD_ARM_SERVICE_CONNECTION)
+      scriptType: bash
+      scriptLocation: inlineScript
+      inlineScript: |
+        set -e
 
-      if [[ "${SIG_FOR_PRODUCTION}" == "True" ]]; then
-        export captured_sig_version="$(cat vhdbuilder/packer/settings.json | grep "captured_sig_version" | awk -F':' '{print $2}' | awk -F'"' '{print $2}')"
-        [ -n "${captured_sig_version}" ] && export VHD_NAME="${captured_sig_version}.vhd";
-      else
-        export OS_DISK_SAS="$(cat packer-output | grep -a "OSDiskUriReadOnlySas:" | cut -d " " -f 2)";
-        export VHD_NAME="$(echo $OS_DISK_SAS | cut -d "/" -f 8 | cut -d "?" -f 1)";
-      fi
-      export SKU_NAME="windows-$WINDOWS_SKU";
+        if [[ "${SIG_FOR_PRODUCTION}" == "True" ]]; then
+          export captured_sig_version="$(cat vhdbuilder/packer/settings.json | grep "captured_sig_version" | awk -F':' '{print $2}' | awk -F'"' '{print $2}')"
+          [ -n "${captured_sig_version}" ] && export VHD_NAME="${captured_sig_version}.vhd";
+        else
+          export OS_DISK_SAS="$(cat packer-output | grep -a "OSDiskUriReadOnlySas:" | cut -d " " -f 2)";
+          export VHD_NAME="$(echo $OS_DISK_SAS | cut -d "/" -f 8 | cut -d "?" -f 1)";
+        fi
+        export SKU_NAME="windows-$WINDOWS_SKU";
 
-      make -f packer.mk generate-publishing-info
+        make -f packer.mk generate-publishing-info
     displayName: Getting Shared Access Signature URI
-    condition: and(succeeded(), eq('$( DRY_RUN )', 'False'), eq(variables.SIG_FOR_PRODUCTION, 'True'))
+    condition: and(succeeded(), eq(variables.DRY_RUN, 'False'), eq(variables.SIG_FOR_PRODUCTION, 'True'))
     env:
       SUBSCRIPTION_ID: $(AZURE_PROD_SUBSCRIPTION_ID)
       STORAGE_ACCT_BLOB_URL: $(STORAGE_ACCT_BLOB_URL)