From abc309c2928f018d2f81683a665aafb4a53054b4 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 25 Sep 2019 13:56:38 -0700 Subject: [PATCH 001/354] set the path as ContainerAdministration as a machine varibale (#273) Fixes #272 --- release/preview/nanoserver1809/docker/Dockerfile | 15 +++++++++++++-- release/stable/nanoserver1809/docker/Dockerfile | 15 +++++++++++++-- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/release/preview/nanoserver1809/docker/Dockerfile b/release/preview/nanoserver1809/docker/Dockerfile index 919fc5eee..4e77e8d35 100755 --- a/release/preview/nanoserver1809/docker/Dockerfile +++ b/release/preview/nanoserver1809/docker/Dockerfile @@ -72,8 +72,19 @@ ENV ProgramFiles="C:\Program Files" ` WindowsPATH="C:\Windows\system32;C:\Windows" ` POWERSHELL_DISTRIBUTION_CHANNEL="PSDocker-NanoServer-${fromTag}" - # Set the path -ENV PATH="$WindowsPATH;${ProgramFiles}\PowerShell;" +### Begin workaround ### +# Note that changing user on nanoserver is not recommended +# See, https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/container-base-images#base-image-differences +# But we are working around a bug introduced in the nanoserver image introduced in 1809 +# Without this, PowerShell Direct will fail +# this command sholud be like this: https://github.com/PowerShell/PowerShell-Docker/blob/f81009c42c96af46aef81eb1515efae0ef29ad5f/release/preview/nanoserver/docker/Dockerfile#L76 +USER ContainerAdministrator + +# This is basically the correct code except for the /M +RUN setx PATH "%PATH%;%ProgramFiles%\PowerShell;" /M + +USER ContainerUser +### End workaround ### COPY --from=installer-env ["\\PowerShell\\", "$ProgramFiles\\PowerShell"] diff --git a/release/stable/nanoserver1809/docker/Dockerfile b/release/stable/nanoserver1809/docker/Dockerfile index cb72f754c..d5fd31ed8 100755 --- a/release/stable/nanoserver1809/docker/Dockerfile +++ b/release/stable/nanoserver1809/docker/Dockerfile @@ -69,8 +69,19 @@ ENV ProgramFiles="C:\Program Files" ` # Set the default windows path so we can use it WindowsPATH="C:\Windows\system32;C:\Windows" - # Set the path -ENV PATH="$WindowsPATH;${ProgramFiles}\PowerShell;" +### Begin workaround ### +# Note that changing user on nanoserver is not recommended +# See, https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/container-base-images#base-image-differences +# But we are working around a bug introduced in the nanoserver image introduced in 1809 +# Without this, PowerShell Direct will fail +# this command sholud be like this: https://github.com/PowerShell/PowerShell-Docker/blob/f81009c42c96af46aef81eb1515efae0ef29ad5f/release/preview/nanoserver/docker/Dockerfile#L76 +USER ContainerAdministrator + +# This is basically the correct code except for the /M +RUN setx PATH "%PATH%;%ProgramFiles%\PowerShell;" /M + +USER ContainerUser +### End workaround ### COPY --from=installer-env ["\\PowerShell\\", "$ProgramFiles\\PowerShell"] From 1675dfe44a3df9bb4e71fd2464b9e86cf7ef9a90 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Sat, 5 Oct 2019 16:18:08 -0500 Subject: [PATCH 002/354] Add centos8 image (#277) * Add centos8 image * update dependabot config * Add centos8 to CI system * disable stable for centos8 --- .dependabot/config.yml | 2 +- .../dependabot/Dockerfile | 2 +- release/preview/centos8/docker/Dockerfile | 74 +++++++++++++++++++ release/preview/centos8/getLatestTag.ps1 | 14 ++++ release/preview/centos8/meta.json | 14 ++++ .../centos8/test-deps/docker/Dockerfile | 38 ++++++++++ release/preview/centos8/test-deps/meta.json | 15 ++++ vsts-ci.yml | 7 ++ 8 files changed, 164 insertions(+), 2 deletions(-) rename release/preview/{centos7 => centos8}/dependabot/Dockerfile (91%) create mode 100644 release/preview/centos8/docker/Dockerfile create mode 100644 release/preview/centos8/getLatestTag.ps1 create mode 100644 release/preview/centos8/meta.json create mode 100644 release/preview/centos8/test-deps/docker/Dockerfile create mode 100644 release/preview/centos8/test-deps/meta.json diff --git a/.dependabot/config.yml b/.dependabot/config.yml index 59116a1eb..fc8e973a2 100644 --- a/.dependabot/config.yml +++ b/.dependabot/config.yml @@ -8,7 +8,7 @@ update_configs: update_schedule: "daily" - package_manager: "docker" - directory: "/release/preview/centos7/dependabot" + directory: "/release/preview/centos8/dependabot" update_schedule: "daily" - package_manager: "docker" diff --git a/release/preview/centos7/dependabot/Dockerfile b/release/preview/centos8/dependabot/Dockerfile similarity index 91% rename from release/preview/centos7/dependabot/Dockerfile rename to release/preview/centos8/dependabot/Dockerfile index 719a84023..5bd787a7a 100644 --- a/release/preview/centos7/dependabot/Dockerfile +++ b/release/preview/centos8/dependabot/Dockerfile @@ -3,4 +3,4 @@ # Dummy docker image to trigger dependabot PRs -FROM centos:7 +FROM centos:8 diff --git a/release/preview/centos8/docker/Dockerfile b/release/preview/centos8/docker/Dockerfile new file mode 100644 index 000000000..a69eff4aa --- /dev/null +++ b/release/preview/centos8/docker/Dockerfile @@ -0,0 +1,74 @@ +# Docker image file that describes an CentOS7 image with PowerShell installed from Microsoft YUM Repo +ARG fromTag=8 +ARG imageRepo=centos + +FROM ${imageRepo}:${fromTag} AS installer-env + +ARG PS_VERSION=6.2.0-preview.2 +ARG PACKAGE_VERSION=6.2.0_preview.2 +ARG PS_PACKAGE=powershell-preview-${PACKAGE_VERSION}-1.rhel.7.x86_64.rpm +ARG PS_PACKAGE_URL=https://github.com/PowerShell/PowerShell/releases/download/v${PS_VERSION}/${PS_PACKAGE} + +ARG fromTag=7 +ARG imageRepo=centos + +# Define ENVs for Localization/Globalization +ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false \ + LC_ALL=en_US.UTF-8 \ + LANG=en_US.UTF-8 \ + # set a fixed location for the Module analysis cache + PSModuleAnalysisCachePath=/var/cache/microsoft/powershell/PSModuleAnalysisCache/ModuleAnalysisCache \ + POWERSHELL_DISTRIBUTION_CHANNEL=PSDocker-CentOS-${fromTag} + +# Install dependencies and clean up +RUN curl -sSL ${PS_PACKAGE_URL} -o /tmp/powershell.rpm \ + && yum install -y /tmp/powershell.rpm \ + # Required for gssntlmssp + && yum install -y epel-release \ + # Update now that we have epel-release + && yum update -y \ + # Install libraries for NTLM support + && yum install -y \ + gssntlmssp \ + # less is required for help in powershell + less \ + && yum upgrade-minimal -y --security \ + && yum clean all \ + # remove powershell package + && rm /tmp/powershell.rpm \ + && ln -sf /opt/microsoft/powershell/7-preview/pwsh /usr/bin/pwsh \ + # intialize powershell module cache + && pwsh \ + -NoLogo \ + -NoProfile \ + -Command " \ + \$ErrorActionPreference = 'Stop' ; \ + \$ProgressPreference = 'SilentlyContinue' ; \ + while(!(Test-Path -Path \$env:PSModuleAnalysisCachePath)) { \ + Write-Host "'Waiting for $env:PSModuleAnalysisCachePath'" ; \ + Start-Sleep -Seconds 6 ; \ + }" + +# Define args needed only for the labels +ARG VCS_REF="none" +ARG IMAGE_NAME=mcr.microsoft.com/powershell:centos-7 + +LABEL maintainer="PowerShell Team " \ + readme.md="https://github.com/PowerShell/PowerShell/blob/master/docker/README.md" \ + description="This Dockerfile will install the latest release of PowerShell." \ + org.label-schema.usage="https://github.com/PowerShell/PowerShell/tree/master/docker#run-the-docker-image-you-built" \ + org.label-schema.url="https://github.com/PowerShell/PowerShell/blob/master/docker/README.md" \ + org.label-schema.vcs-url="https://github.com/PowerShell/PowerShell-Docker" \ + org.label-schema.name="powershell" \ + org.label-schema.vendor="PowerShell" \ + org.label-schema.version=${PS_VERSION} \ + org.label-schema.schema-version="1.0" \ + org.label-schema.vcs-ref=${VCS_REF} \ + org.label-schema.docker.cmd="docker run ${IMAGE_NAME} pwsh -c '$psversiontable'" \ + org.label-schema.docker.cmd.devel="docker run ${IMAGE_NAME}" \ + org.label-schema.docker.cmd.test="docker run ${IMAGE_NAME} pwsh -c Invoke-Pester" \ + org.label-schema.docker.cmd.help="docker run ${IMAGE_NAME} pwsh -c Get-Help" + +# Use PowerShell as the default shell +# Use array to avoid Docker prepending /bin/sh -c +CMD [ "pwsh-preview" ] diff --git a/release/preview/centos8/getLatestTag.ps1 b/release/preview/centos8/getLatestTag.ps1 new file mode 100644 index 000000000..9f6c243eb --- /dev/null +++ b/release/preview/centos8/getLatestTag.ps1 @@ -0,0 +1,14 @@ +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. + +# return objects representing the tags we need to base the CentOS image on Docker + +# The versions of CentOS we care about +$shortTags = @('8') + +$parent = Join-Path -Path $PSScriptRoot -ChildPath '..' +$repoRoot = Join-Path -path (Join-Path -Path $parent -ChildPath '..') -ChildPath '..' +$modulePath = Join-Path -Path $repoRoot -ChildPath 'tools\getDockerTags' +Import-Module $modulePath + +Get-DockerTags -ShortTags $shortTags -Image "centos" -FullTagFilter '^8$' -OnlyShortTags diff --git a/release/preview/centos8/meta.json b/release/preview/centos8/meta.json new file mode 100644 index 000000000..01a1cf7dc --- /dev/null +++ b/release/preview/centos8/meta.json @@ -0,0 +1,14 @@ +{ + "IsLinux" : true, + "UseLinuxVersion": false, + "PackageFormat": "powershell${previewTag}-${PS_VERSION}-1.rhel.7.x86_64.rpm", + "osVersion": "CentOS 8", + "tagTemplates": [ + "#psversion#-centos-#tag#", + "preview-centos-#shorttag#" + ], + "SubImage": "test-deps", + "TestProperties": { + "size": 550 + } +} diff --git a/release/preview/centos8/test-deps/docker/Dockerfile b/release/preview/centos8/test-deps/docker/Dockerfile new file mode 100644 index 000000000..d343eca55 --- /dev/null +++ b/release/preview/centos8/test-deps/docker/Dockerfile @@ -0,0 +1,38 @@ +# Docker image file that describes an CentOS7 image with PowerShell installed from Microsoft YUM Repo +ARG BaseImage=mcr.microsoft.com/powershell:centos-7 + +FROM ${BaseImage} + +# Install dependencies and clean up +RUN yum install -y \ + sudo \ + wget \ + openssl \ + && yum clean all + +ENV POWERSHELL_DISTRIBUTION_CHANNEL=PSDocker-TestDeps-CentOS-7 + +# Define args needed only for the labels +ARG VCS_REF="none" +ARG IMAGE_NAME=mcr.microsoft.com/powershell/test-deps:centos-7 +ARG PS_VERSION=6.2.0 + +LABEL maintainer="PowerShell Team " \ + readme.md="https://github.com/PowerShell/PowerShell/blob/master/docker/README.md" \ + description="This Dockerfile will install the latest release of PowerShell and tools needed for runing CI/CD container jobs." \ + org.label-schema.usage="https://github.com/PowerShell/PowerShell/tree/master/docker#run-the-docker-image-you-built" \ + org.label-schema.url="https://github.com/PowerShell/PowerShell/blob/master/docker/README.md" \ + org.label-schema.vcs-url="https://github.com/PowerShell/PowerShell-Docker" \ + org.label-schema.name="powershell" \ + org.label-schema.vendor="PowerShell" \ + org.label-schema.version=${PS_VERSION} \ + org.label-schema.schema-version="1.0" \ + org.label-schema.vcs-ref=${VCS_REF} \ + org.label-schema.docker.cmd="docker run ${IMAGE_NAME} pwsh -c '$psversiontable'" \ + org.label-schema.docker.cmd.devel="docker run ${IMAGE_NAME}" \ + org.label-schema.docker.cmd.test="docker run ${IMAGE_NAME} pwsh -c Invoke-Pester" \ + org.label-schema.docker.cmd.help="docker run ${IMAGE_NAME} pwsh -c Get-Help" + +# Use PowerShell as the default shell +# Use array to avoid Docker prepending /bin/sh -c +CMD [ "pwsh" ] diff --git a/release/preview/centos8/test-deps/meta.json b/release/preview/centos8/test-deps/meta.json new file mode 100644 index 000000000..84f9bc64f --- /dev/null +++ b/release/preview/centos8/test-deps/meta.json @@ -0,0 +1,15 @@ +{ + "IsLinux" : true, + "UseLinuxVersion": false, + "osVersion": "CentOS 8", + "tagTemplates": [ + "preview-centos-#shorttag#" + ], + "SubRepository": "test-deps", + "OptionalTests": [ + "test-deps" + ], + "TestProperties": { + "size": 575 + } +} diff --git a/vsts-ci.yml b/vsts-ci.yml index 98ddeafd3..9042950ff 100644 --- a/vsts-ci.yml +++ b/vsts-ci.yml @@ -38,6 +38,13 @@ jobs: name: centos7 imagename: centos7 +- template: .vsts-ci/phase.yml + parameters: + name: centos8 + imagename: centos8 + stable: false + preview: true + - template: .vsts-ci/phase.yml parameters: name: fedora From ad9f3e049c499c1f30c955910e7f958fcba5de2f Mon Sep 17 00:00:00 2001 From: Ryen Tang Date: Fri, 11 Oct 2019 02:50:31 +0800 Subject: [PATCH 003/354] Update libicu package information for Kali (#279) * Fix Issue 254 * Fix yaml block issue * Fix POSIX compliance on Dockerfiles Co-Authored-By: Travis Plunk --- .../kali-rolling/docker/Dockerfile | 18 +++++++++--------- vsts-ci.yml | 17 ++++++++--------- 2 files changed, 17 insertions(+), 18 deletions(-) diff --git a/release/community-stable/kali-rolling/docker/Dockerfile b/release/community-stable/kali-rolling/docker/Dockerfile index 32d971ebf..b464c16d9 100644 --- a/release/community-stable/kali-rolling/docker/Dockerfile +++ b/release/community-stable/kali-rolling/docker/Dockerfile @@ -11,7 +11,7 @@ ARG imageRepo=kalilinux/kali-linux-docker FROM ${imageRepo}:${fromTag} AS installer-env # Define Args for the needed to add the package -ARG PS_VERSION=6.1.0 +ARG PS_VERSION=6.2.3 ARG PS_PACKAGE=powershell_${PS_VERSION}-1.debian.9_amd64.deb ARG PS_PACKAGE_URL=https://github.com/PowerShell/PowerShell/releases/download/v${PS_VERSION}/${PS_PACKAGE} ARG PS_INSTALL_VERSION=6 @@ -20,16 +20,16 @@ ARG PS_INSTALL_VERSION=6 ADD ${PS_PACKAGE_URL} /tmp/powershell.deb # Define Args for the needed to add the package -ARG KALI_REPO_KEY_PACKAGE_URL=https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2018.1_all.deb +ARG KALI_REPO_KEY_PACKAGE_URL=https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2018.2_all.deb # Download the Kali repository package and save it -ADD ${KALI_REPO_KEY_PACKAGE_URL} /tmp/kali-archive-keyring_2018.1_all.deb +ADD ${KALI_REPO_KEY_PACKAGE_URL} /tmp/kali-archive-keyring_2018.2_all.deb # Define Args for the needed to add the package -ARG DEBIAN_PACKAGE_URL=http://ftp.us.debian.org/debian/pool/main/i/icu/libicu57_57.1-6+deb9u2_amd64.deb +ARG DEBIAN_PACKAGE_URL=http://ftp.us.debian.org/debian/pool/main/i/icu/libicu57_57.1-6+deb9u3_amd64.deb # Download the libicu57 Debian package and save it -ADD ${DEBIAN_PACKAGE_URL} /tmp/libicu57_57.1-6+deb9u2_amd64.deb +ADD ${DEBIAN_PACKAGE_URL} /tmp/libicu57_57.1-6+deb9u3_amd64.deb # Define Args and Env needed to create links ENV PS_INSTALL_FOLDER=/opt/microsoft/powershell/$PS_INSTALL_VERSION \ @@ -50,13 +50,13 @@ ENV PS_INSTALL_FOLDER=/opt/microsoft/powershell/$PS_INSTALL_VERSION \ # Installation RUN \ # install kali package to renew kali repository expired certificate in container image - apt-get install /tmp/kali-archive-keyring_2018.1_all.deb \ + apt-get install /tmp/kali-archive-keyring_2018.2_all.deb \ # remove kali package - && rm -f /tmp/kali-archive-keyring_2018.1_all.deb \ + && rm -f /tmp/kali-archive-keyring_2018.2_all.deb \ # install required libicu57 package - && dpkg -i /tmp/libicu57_57.1-6+deb9u2_amd64.deb \ + && dpkg -i /tmp/libicu57_57.1-6+deb9u3_amd64.deb \ # remove libicu57 package - && rm -f /tmp/libicu57_57.1-6+deb9u2_amd64.deb \ + && rm -f /tmp/libicu57_57.1-6+deb9u3_amd64.deb \ # update package list && apt-get update \ # install dependencies diff --git a/vsts-ci.yml b/vsts-ci.yml index 9042950ff..6a68788c0 100644 --- a/vsts-ci.yml +++ b/vsts-ci.yml @@ -101,14 +101,14 @@ jobs: stable: false preview: true -#- template: .vsts-ci/phase.yml -# parameters: -# name: kaliRolling -# imagename: kali-rolling -# stable: false -# preview: false -# communityStable: true -# continueonerror: false +- template: .vsts-ci/phase.yml + parameters: + name: kaliRolling + imagename: kali-rolling + stable: false + preview: false + communityStable: true + continueonerror: false - template: .vsts-ci/phase.yml parameters: @@ -128,7 +128,6 @@ jobs: communityStable: true continueonerror: true - - template: .vsts-ci/phase.yml parameters: name: parrot From 69202697a32dda2eb3d51fbda6faf35929112170 Mon Sep 17 00:00:00 2001 From: Reece Dunham Date: Thu, 10 Oct 2019 17:47:17 -0400 Subject: [PATCH 004/354] Update poshchan config (#286) --- .poshchan/settings.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.poshchan/settings.json b/.poshchan/settings.json index d3a653228..82cb4ec5c 100644 --- a/.poshchan/settings.json +++ b/.poshchan/settings.json @@ -4,12 +4,14 @@ "organization": "powershell", "project": "docker", "build_targets": { - "CI": "Docker-PR" + "CI": "docker-PR", + "secretscan": "Docker-CI-Secret-Scan", }, "authorized_users": [ "SteveL-MSFT", "TravisEz13", - "anmenaga" + "anmenaga", + "RDIL" ], }, "failures": { From d41747a74f1592608373c526a53366aca6bcb90e Mon Sep 17 00:00:00 2001 From: Ryen Tang Date: Fri, 11 Oct 2019 10:56:06 +0800 Subject: [PATCH 005/354] Fix ArchLinux failing (#281) * Fix ArchLinux * Set continueonerror to false on ArchLinux --- release/community-stable/archlinux/docker/Dockerfile | 5 +---- vsts-ci.yml | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/release/community-stable/archlinux/docker/Dockerfile b/release/community-stable/archlinux/docker/Dockerfile index 08f7d3576..cb047cf45 100644 --- a/release/community-stable/archlinux/docker/Dockerfile +++ b/release/community-stable/archlinux/docker/Dockerfile @@ -11,7 +11,7 @@ ARG imageRepo=archlinux/base FROM ${imageRepo}:${fromTag} AS installer-env # Define Args for the needed to add the package -ARG PS_VERSION=6.1.0 +ARG PS_VERSION=6.2.3 ARG PS_PACKAGE=powershell-${PS_VERSION}-linux-x64.tar.gz ARG PS_PACKAGE_URL=https://github.com/PowerShell/PowerShell/releases/download/v${PS_VERSION}/${PS_PACKAGE} ARG PS_INSTALL_VERSION=6 @@ -77,9 +77,6 @@ RUN \ # upgrade distro && pacman -Syyu --noconfirm \ # clean downloaded packages - # create /var/cache/pacman/pkg directory to prevent pacman -Scc generating - # an error output about this missing directory - && mkdir /var/cache/pacman/pkg \ && yes | pacman -Scc # Define args needed only for the labels diff --git a/vsts-ci.yml b/vsts-ci.yml index 6a68788c0..0a809abd7 100644 --- a/vsts-ci.yml +++ b/vsts-ci.yml @@ -117,7 +117,7 @@ jobs: stable: false preview: false communityStable: true - continueonerror: true + continueonerror: false - template: .vsts-ci/phase.yml parameters: From 05727846728362541a520eac6b459f2b952afa56 Mon Sep 17 00:00:00 2001 From: Ryen Tang Date: Fri, 11 Oct 2019 23:56:28 +0800 Subject: [PATCH 006/354] Fix BlackArch failing (#283) * Fix 282 * Set continueonerror to false on yml --- release/community-stable/blackarch/docker/Dockerfile | 5 +---- vsts-ci.yml | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/release/community-stable/blackarch/docker/Dockerfile b/release/community-stable/blackarch/docker/Dockerfile index 922ccab7b..308e13405 100644 --- a/release/community-stable/blackarch/docker/Dockerfile +++ b/release/community-stable/blackarch/docker/Dockerfile @@ -18,7 +18,7 @@ ARG BlackArch_Strap_URL=https://blackarch.org/strap.sh ADD ${BlackArch_Strap_URL} /tmp/strap.sh # Define Args for the needed to add the package -ARG PS_VERSION=6.1.0 +ARG PS_VERSION=6.2.3 ARG PS_PACKAGE=powershell-${PS_VERSION}-linux-x64.tar.gz ARG PS_PACKAGE_URL=https://github.com/PowerShell/PowerShell/releases/download/v${PS_VERSION}/${PS_PACKAGE} ARG PS_INSTALL_VERSION=6 @@ -92,9 +92,6 @@ RUN \ # upgrade distro && pacman -Syyu --noconfirm \ # clean downloaded packages - # create /var/cache/pacman/pkg directory to prevent pacman -Scc generating - # an error output about this missing directory - && mkdir /var/cache/pacman/pkg \ && yes | pacman -Scc # Define args needed only for the labels diff --git a/vsts-ci.yml b/vsts-ci.yml index 0a809abd7..402492797 100644 --- a/vsts-ci.yml +++ b/vsts-ci.yml @@ -126,7 +126,7 @@ jobs: stable: false preview: false communityStable: true - continueonerror: true + continueonerror: false - template: .vsts-ci/phase.yml parameters: From 32e860cbfebadd86d9a44da7d27565faf87b281b Mon Sep 17 00:00:00 2001 From: Reece Dunham Date: Fri, 11 Oct 2019 12:24:10 -0400 Subject: [PATCH 007/354] Document image purpose (#285) * Document image purpose * Address feedback --- docs/index.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 docs/index.md diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 000000000..a9bbb944d --- /dev/null +++ b/docs/index.md @@ -0,0 +1,17 @@ +# PowerShell-Docker + +Hello! +This is the main documentation page for PowerShell-Docker, so here you can find some helpful details for different questions. + +## Image Purpose + +These images are built so that PowerShell users can run the program in a containerized environment - see [this article](https://opensource.com/resources/what-docker) for what Docker is, and some basic pros and cons. +Another reason Docker containers can be important is space. These images are purposefully small, and may require extra libraries to be installed for your use case. + +### `test-dep` Images + +Some images have a sub image (called `test-dep` images). These images are intended to allow running tests in [Azure DevOps](https://azure.microsoft.com/en-us/product-categories/devops/) for PowerShell. + +## Development + +See the [development docs](./development.md) From 8ebdc6c782a8bf65fed0d9ebae0415ee5c809923 Mon Sep 17 00:00:00 2001 From: Reece Dunham Date: Sat, 12 Oct 2019 18:45:09 -0400 Subject: [PATCH 008/354] ClearLinux: Set SkipWebCmdletTests to false - Mirror #177 (#287) --- release/community-stable/clearlinux/docker/Dockerfile | 8 ++++++-- release/community-stable/clearlinux/meta.json | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/release/community-stable/clearlinux/docker/Dockerfile b/release/community-stable/clearlinux/docker/Dockerfile index 98c677362..adc2f39e1 100644 --- a/release/community-stable/clearlinux/docker/Dockerfile +++ b/release/community-stable/clearlinux/docker/Dockerfile @@ -35,8 +35,10 @@ ENV PS_INSTALL_FOLDER=/opt/microsoft/powershell/$PS_INSTALL_VERSION \ # Installation RUN \ + # generate trust store + clrtrust generate -f \ # install dependencies - swupd bundle-add \ + && swupd bundle-add \ # required libstdc++.so.6 # required bundle to make less executable os-core-dev \ @@ -78,8 +80,10 @@ ENV PS_INSTALL_FOLDER=/opt/microsoft/powershell/$PS_INSTALL_VERSION \ POWERSHELL_DISTRIBUTION_CHANNEL=PSDocker-ClearLinux-${fromTag} RUN \ + # generate trust store + clrtrust generate -f \ # install dependencies - swupd bundle-add \ + && swupd bundle-add \ # required package for International Components for Unicode runtime-libs-boost \ # Create the pwsh symbolic link that points to powershell diff --git a/release/community-stable/clearlinux/meta.json b/release/community-stable/clearlinux/meta.json index 3fa7b861b..62ace397f 100644 --- a/release/community-stable/clearlinux/meta.json +++ b/release/community-stable/clearlinux/meta.json @@ -2,7 +2,7 @@ "IsLinux" : true, "PackageFormat": "powershell-${PS_VERSION}-linux-x64.tar.gz", "SkipGssNtlmSspTests": true, - "SkipWebCmdletTests": true, + "SkipWebCmdletTests": false, "tagTemplates": [ "#psversion#-clearlinux-#tag#", "clearlinux-#shorttag#" From 57246a6fc2f6ff7758157fdd68dbb1a129efe0f5 Mon Sep 17 00:00:00 2001 From: Reece Dunham Date: Thu, 17 Oct 2019 09:42:05 -0400 Subject: [PATCH 009/354] Minor tweaks and improvements to build.ps1 (#293) --- build.ps1 | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/build.ps1 b/build.ps1 index 11f0dbfd2..823ab25d5 100644 --- a/build.ps1 +++ b/build.ps1 @@ -177,10 +177,9 @@ Begin { if ($PSCmdlet.ParameterSetName -notin 'GenerateTagsYaml', 'DupeCheckAll' -and $Channel.Count -gt 1) { throw "Multiple Channels are not supported in this parameter set" - - # We are using the Channel parameter, so assign the variable to that } + # We are using the Channel parameter, so assign the variable to that $Channels = $Channel $sasData = $null @@ -244,15 +243,11 @@ End { $message = "Channel: $nameForMessage does not exist. Not every image exists in every channel. Skipping." if(!$allMeta) { + Write-Warning $message if($CI.IsPresent -and !$GetTags.IsPresent) { - Write-Warning $message throw $message } - else - { - Write-Warning $message - } } else { From 2c9ea90a8dea9361a1295e8e6ed9470f28950d30 Mon Sep 17 00:00:00 2001 From: Ryen Tang Date: Fri, 18 Oct 2019 03:11:28 +0800 Subject: [PATCH 010/354] Fix ParrotSec failing (#290) * Fix issue 289 * update yml to set continuronerror to false * Update tag from 4.4 to latest --- release/community-stable/parrot/docker/Dockerfile | 12 ++++++------ release/community-stable/parrot/getLatestTag.ps1 | 2 +- vsts-ci.yml | 5 ++++- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/release/community-stable/parrot/docker/Dockerfile b/release/community-stable/parrot/docker/Dockerfile index 51454819a..fd66439ce 100644 --- a/release/community-stable/parrot/docker/Dockerfile +++ b/release/community-stable/parrot/docker/Dockerfile @@ -5,7 +5,7 @@ # installed from Debian9 PowerShell package # Define arg(s) needed for the From statement -ARG fromTag=4.4 +ARG fromTag=latest ARG imageRepo=parrotsec/parrot-core FROM ${imageRepo}:${fromTag} AS installer-env @@ -14,7 +14,7 @@ FROM ${imageRepo}:${fromTag} AS installer-env ENTRYPOINT [ ] # Define Args for the needed to add the package -ARG PS_VERSION=6.1.0 +ARG PS_VERSION=6.2.3 ARG PS_PACKAGE=powershell_${PS_VERSION}-1.debian.9_amd64.deb ARG PS_PACKAGE_URL=https://github.com/PowerShell/PowerShell/releases/download/v${PS_VERSION}/${PS_PACKAGE} ARG PS_INSTALL_VERSION=6 @@ -23,10 +23,10 @@ ARG PS_INSTALL_VERSION=6 ADD ${PS_PACKAGE_URL} /tmp/powershell.deb # Define Args for the needed to add the package -ARG DEBIAN_PACKAGE_URL=http://ftp.us.debian.org/debian/pool/main/i/icu/libicu57_57.1-6+deb9u2_amd64.deb +ARG DEBIAN_PACKAGE_URL=http://ftp.us.debian.org/debian/pool/main/i/icu/libicu57_57.1-6+deb9u3_amd64.deb # Download the libicu57 Debian package and save it -ADD ${DEBIAN_PACKAGE_URL} /tmp/libicu57_57.1-6+deb9u2_amd64.deb +ADD ${DEBIAN_PACKAGE_URL} /tmp/libicu57_57.1-6+deb9u3_amd64.deb # Define Args and Env needed to create links ENV PS_INSTALL_FOLDER=/opt/microsoft/powershell/$PS_INSTALL_VERSION \ @@ -63,9 +63,9 @@ RUN \ # generate locale && locale-gen && update-locale \ # install required libicu57 package - && dpkg -i /tmp/libicu57_57.1-6+deb9u2_amd64.deb \ + && dpkg -i /tmp/libicu57_57.1-6+deb9u3_amd64.deb \ # remove libicu57 package - && rm -f /tmp/libicu57_57.1-6+deb9u2_amd64.deb \ + && rm -f /tmp/libicu57_57.1-6+deb9u3_amd64.deb \ # install powershell package && apt-get install -y /tmp/powershell.deb \ # remove powershell package diff --git a/release/community-stable/parrot/getLatestTag.ps1 b/release/community-stable/parrot/getLatestTag.ps1 index 169b91911..db4bd1568 100644 --- a/release/community-stable/parrot/getLatestTag.ps1 +++ b/release/community-stable/parrot/getLatestTag.ps1 @@ -4,7 +4,7 @@ # return objects representing the tags we need to base the parrot image on # The versions of parrot we care about -$shortTags = @('4.4') +$shortTags = @('latest') $parent = Join-Path -Path $PSScriptRoot -ChildPath '..' $repoRoot = Join-Path -path (Join-Path -Path $parent -ChildPath '..') -ChildPath '..' diff --git a/vsts-ci.yml b/vsts-ci.yml index 402492797..6766e31c6 100644 --- a/vsts-ci.yml +++ b/vsts-ci.yml @@ -135,7 +135,7 @@ jobs: stable: false preview: false communityStable: true - continueonerror: true + continueonerror: false - template: .vsts-ci/phase.yml parameters: @@ -144,6 +144,7 @@ jobs: stable: false preview: false communityStable: true + continueonerror: false - template: .vsts-ci/phase.yml parameters: @@ -152,6 +153,7 @@ jobs: stable: false preview: false communityStable: true + continueonerror: false - template: .vsts-ci/phase.yml parameters: @@ -169,6 +171,7 @@ jobs: stable: false preview: false communityStable: true + continueonerror: false # The -CI filters to LTSC-2016 for nanoserver by default, which is the only thing that works on Hosted VS2017 From dcaeef9bb4f4c872be51cd086965c46c8097c6f7 Mon Sep 17 00:00:00 2001 From: Ryen Tang Date: Fri, 18 Oct 2019 03:12:08 +0800 Subject: [PATCH 011/354] Add NTLM remoting to BlackArch using multi-stage builds (#294) * add multi-stage builds to build gss-ntlmssp pkg * set SkipGssNtlmSspTests to false --- .../blackarch/docker/Dockerfile | 41 +++++++++++++++++++ release/community-stable/blackarch/meta.json | 2 +- 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/release/community-stable/blackarch/docker/Dockerfile b/release/community-stable/blackarch/docker/Dockerfile index 308e13405..7765ef5e2 100644 --- a/release/community-stable/blackarch/docker/Dockerfile +++ b/release/community-stable/blackarch/docker/Dockerfile @@ -11,6 +11,45 @@ ARG imageRepo=archlinux/base FROM ${imageRepo}:${fromTag} AS installer-env +RUN \ + # create a builduser + useradd builduser -m \ + # delete the builduser password + && passwd -d builduser \ + # enable builduser to sudo without password + && printf 'root ALL=(ALL) ALL\n' | tee -a /etc/sudoers \ + # update package database + && pacman -Syy \ + # install dependencies + && pacman -S --noconfirm \ + # required sudo + sudo \ + # required for uncompressing tar files + tar \ + # required to clone gss-ntlmssp git repository + git \ + # required to make gss-ntlmssp binary package + base-devel \ + libwbclient \ + docbook-xsl \ + doxygen \ + # change current root path to tmp directory path + && cd /tmp \ + # clone the gss-ntlmssp package repository + && git clone https://aur.archlinux.org/gss-ntlmssp.git \ + # change the cloned gss-ntlmssp package repository directory permission + && chmod 777 /tmp/gss-ntlmssp/ \ + # change current path to gss-ntlmssp package repository folder path + && cd gss-ntlmssp \ + # utilise sudo to builduser in order to make the gss-ntlmssp package + && sudo -u builduser bash -c makepkg -s --noconfirm + +# Start a new stage so we lose all the tar.gz layers from the final image +FROM ${imageRepo}:${fromTag} + +# Copy only the files we need from the previous stage +COPY --from=installer-env ["/tmp/gss-ntlmssp/gss-ntlmssp-0.8.0.r3.g2251a72-1-x86_64.pkg.tar.xz", "/tmp/gss-ntlmssp-0.8.0.r3.g2251a72-1-x86_64.pkg.tar.xz"] + # Define Args for the needed for BlackArch Linux ARG BlackArch_Strap_URL=https://blackarch.org/strap.sh @@ -68,6 +107,8 @@ RUN \ openssl-1.0 \ # required for uncompressing tar files tar \ + # install gss-ntlmssp package from the previous stage + && pacman -U --noconfirm /tmp/gss-ntlmssp-0.8.0.r3.g2251a72-1-x86_64.pkg.tar.xz \ # create powershell folder && mkdir -p ${PS_INSTALL_FOLDER} \ # uncompress powershell linux tar file diff --git a/release/community-stable/blackarch/meta.json b/release/community-stable/blackarch/meta.json index 3bdf67df3..7bec3b377 100644 --- a/release/community-stable/blackarch/meta.json +++ b/release/community-stable/blackarch/meta.json @@ -1,7 +1,7 @@ { "IsLinux" : true, "PackageFormat": "powershell-${PS_VERSION}-linux-x64.tar.gz", - "SkipGssNtlmSspTests": true, + "SkipGssNtlmSspTests": false, "tagTemplates": [ "#psversion#-blackarch-#tag#", "blackarch-#shorttag#" From 9cda37cec4d45ea1e36c7bffc327c0d1ba54ddd8 Mon Sep 17 00:00:00 2001 From: Trevor Sullivan Date: Thu, 17 Oct 2019 12:12:38 -0700 Subject: [PATCH 012/354] Update Dockerfile for ARM to PowerShell Core 6.2.3 (#295) --- release/stable/arm32v7/docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release/stable/arm32v7/docker/Dockerfile b/release/stable/arm32v7/docker/Dockerfile index 93ebac99b..7e6b6e8f3 100644 --- a/release/stable/arm32v7/docker/Dockerfile +++ b/release/stable/arm32v7/docker/Dockerfile @@ -3,7 +3,7 @@ FROM arm32v7/ubuntu:bionic -ENV PS_VERSION=6.2.0 +ENV PS_VERSION=6.2.3 ENV PS_PACKAGE=powershell-${PS_VERSION}-linux-arm32.tar.gz ENV PS_PACKAGE_URL=https://github.com/PowerShell/PowerShell/releases/download/v${PS_VERSION}/${PS_PACKAGE} From 1e3bf276976666a41497b4ad9b7df9559e4b5055 Mon Sep 17 00:00:00 2001 From: Ryen Tang Date: Wed, 23 Oct 2019 15:20:07 +0800 Subject: [PATCH 013/354] Update OracleLinux (#299) * update oraclelinux dockerfile * set SkipGssNtlmSspTests from true to false --- .../community-stable/oraclelinux/docker/Dockerfile | 13 ++++++++----- .../community-stable/oraclelinux/getLatestTag.ps1 | 4 ++-- release/community-stable/oraclelinux/meta.json | 2 +- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/release/community-stable/oraclelinux/docker/Dockerfile b/release/community-stable/oraclelinux/docker/Dockerfile index c82842c90..609af9fea 100644 --- a/release/community-stable/oraclelinux/docker/Dockerfile +++ b/release/community-stable/oraclelinux/docker/Dockerfile @@ -5,13 +5,13 @@ # installed from RHEL7 PowerShell package # Define arg(s) needed for the From statement -ARG fromTag=7.5 +ARG fromTag=latest ARG imageRepo=oraclelinux FROM ${imageRepo}:${fromTag} AS installer-env # Define Args for the needed to add the package -ARG PS_VERSION=6.1.0 +ARG PS_VERSION=6.2.3 ARG PS_PACKAGE=powershell-${PS_VERSION}-1.rhel.7.x86_64.rpm ARG PS_PACKAGE_URL=https://github.com/PowerShell/PowerShell/releases/download/v${PS_VERSION}/${PS_PACKAGE} ARG PS_INSTALL_VERSION=6 @@ -31,12 +31,16 @@ ENV PS_INSTALL_FOLDER=/opt/microsoft/powershell/$PS_INSTALL_VERSION \ POWERSHELL_DISTRIBUTION_CHANNEL=PSDocker-OracleLinux-${fromTag} # Installation -RUN curl -sSL ${PS_PACKAGE_URL} -o /tmp/powershell-linux.rpm \ +RUN \ + # download PowerShell rpm package + curl -sSL ${PS_PACKAGE_URL} -o /tmp/powershell-linux.rpm \ # install dependencies && yum install -y \ # required for help in powershell less \ + # install EPEL repository epel-release \ + # install gssntlmssp package from EPEL repository gssntlmssp \ # install powershell package && yum install -y /tmp/powershell-linux.rpm \ @@ -58,8 +62,7 @@ RUN curl -sSL ${PS_PACKAGE_URL} -o /tmp/powershell-linux.rpm \ # clean cached data && yum clean all \ # remove cache folders and files - && rm -rf /var/cache/yum \ - && find /. -name 'gssntlmssp.so' -exec echo {} \; + && rm -rf /var/cache/yum # Define args needed only for the labels ARG IMAGE_NAME=pshorg/powershellcommunity:oraclelinux-7.5 diff --git a/release/community-stable/oraclelinux/getLatestTag.ps1 b/release/community-stable/oraclelinux/getLatestTag.ps1 index f4f21feb2..0416f52fa 100644 --- a/release/community-stable/oraclelinux/getLatestTag.ps1 +++ b/release/community-stable/oraclelinux/getLatestTag.ps1 @@ -4,11 +4,11 @@ # return objects representing the tags we need to base the oracle linux image on # The versions of oracle linux we care about -$shortTags = @('7.5') +$shortTags = @('latest') $parent = Join-Path -Path $PSScriptRoot -ChildPath '..' $repoRoot = Join-Path -path (Join-Path -Path $parent -ChildPath '..') -ChildPath '..' $modulePath = Join-Path -Path $repoRoot -ChildPath 'tools\getDockerTags' Import-Module $modulePath -Get-DockerTags -ShortTags $shortTags -Image "oraclelinux" -FullTagFilter '^7.5$' -OnlyShortTags +Get-DockerTags -ShortTags $shortTags -Image "oraclelinux" -FullTagFilter '^latest$' -OnlyShortTags diff --git a/release/community-stable/oraclelinux/meta.json b/release/community-stable/oraclelinux/meta.json index a3b6afc86..66b311784 100644 --- a/release/community-stable/oraclelinux/meta.json +++ b/release/community-stable/oraclelinux/meta.json @@ -1,7 +1,7 @@ { "IsLinux" : true, "PackageFormat": "powershell-${PS_VERSION}-1.rhel.7.x86_64.rpm", - "SkipGssNtlmSspTests": true, + "SkipGssNtlmSspTests": false, "tagTemplates": [ "#psversion#-oraclelinux-#tag#", "oraclelinux-#shorttag#" From f4a7ca871a5ff4f32780ae719037da4088bbeeb1 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Thu, 24 Oct 2019 14:31:16 -0700 Subject: [PATCH 014/354] Fix kali tag selection (#302) --- .vsts-ci/phase.yml | 9 +++++++++ release/community-stable/kali-rolling/getLatestTag.ps1 | 4 ++-- release/community-stable/parrot/docker/Dockerfile | 6 ++++-- release/community-stable/parrot/getLatestTag.ps1 | 4 ++-- vsts-ci.yml | 2 +- 5 files changed, 18 insertions(+), 7 deletions(-) diff --git a/.vsts-ci/phase.yml b/.vsts-ci/phase.yml index bae46f0ab..3020940fd 100644 --- a/.vsts-ci/phase.yml +++ b/.vsts-ci/phase.yml @@ -60,6 +60,15 @@ jobs: condition: succeededOrFailed() continueOnError: ${{ parameters.continueonerror }} + - powershell: | + $files = @(Get-ChildItem -Recurse test*.xml) + if($files.count -eq 0) { + throw 'no test results found' + } + displayName: Make sure we got test results + condition: succeededOrFailed() + continueOnError: ${{ parameters.continueonerror }} + - task: PublishTestResults@2 condition: succeededOrFailed() displayName: Publish $(ImageName) Test Results **\test*.xml diff --git a/release/community-stable/kali-rolling/getLatestTag.ps1 b/release/community-stable/kali-rolling/getLatestTag.ps1 index 5ffafe0c3..266872373 100644 --- a/release/community-stable/kali-rolling/getLatestTag.ps1 +++ b/release/community-stable/kali-rolling/getLatestTag.ps1 @@ -4,11 +4,11 @@ # return objects representing the tags we need to base the kali image on # The versions of kali we care about -$shortTags = @('kali-rolling') +$shortTags = @('latest') $parent = Join-Path -Path $PSScriptRoot -ChildPath '..' $repoRoot = Join-Path -path (Join-Path -Path $parent -ChildPath '..') -ChildPath '..' $modulePath = Join-Path -Path $repoRoot -ChildPath 'tools\getDockerTags' Import-Module $modulePath -Get-DockerTags -ShortTags $shortTags -Image "kalilinux/kali-linux-docker" -FullTagFilter '^kali-rolling$' -OnlyShortTags +Get-DockerTags -ShortTags $shortTags -Image "kalilinux/kali-rolling" -FullTagFilter '^latest$' -OnlyShortTags diff --git a/release/community-stable/parrot/docker/Dockerfile b/release/community-stable/parrot/docker/Dockerfile index fd66439ce..954a2dfc0 100644 --- a/release/community-stable/parrot/docker/Dockerfile +++ b/release/community-stable/parrot/docker/Dockerfile @@ -58,6 +58,8 @@ RUN \ locales \ # required to support NTLM for PSRemoting gss-ntlmssp \ + # required for dist-upgrade + resolvconf \ # enable en_US.UTF-8 locale && echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen \ # generate locale @@ -66,6 +68,8 @@ RUN \ && dpkg -i /tmp/libicu57_57.1-6+deb9u3_amd64.deb \ # remove libicu57 package && rm -f /tmp/libicu57_57.1-6+deb9u3_amd64.deb \ + # upgrade distro + && apt-get dist-upgrade -y \ # install powershell package && apt-get install -y /tmp/powershell.deb \ # remove powershell package @@ -83,8 +87,6 @@ RUN \ Write-Host "'Waiting for $env:PSModuleAnalysisCachePath'" ; \ Start-Sleep -Seconds 6 ; \ }" \ - # upgrade distro - && apt-get dist-upgrade -y \ # clean downloaded packages && apt-get clean \ # remove package list diff --git a/release/community-stable/parrot/getLatestTag.ps1 b/release/community-stable/parrot/getLatestTag.ps1 index db4bd1568..19d233df0 100644 --- a/release/community-stable/parrot/getLatestTag.ps1 +++ b/release/community-stable/parrot/getLatestTag.ps1 @@ -4,11 +4,11 @@ # return objects representing the tags we need to base the parrot image on # The versions of parrot we care about -$shortTags = @('latest') +$shortTags = @('4') $parent = Join-Path -Path $PSScriptRoot -ChildPath '..' $repoRoot = Join-Path -path (Join-Path -Path $parent -ChildPath '..') -ChildPath '..' $modulePath = Join-Path -Path $repoRoot -ChildPath 'tools\getDockerTags' Import-Module $modulePath -Get-DockerTags -ShortTags $shortTags -Image "parrotsec/parrot-core" -FullTagFilter '^4\..*$' -OnlyShortTags +Get-DockerTags -ShortTags $shortTags -Image "parrotsec/parrot-core" -FullTagFilter '^4\..*$' diff --git a/vsts-ci.yml b/vsts-ci.yml index 6766e31c6..96c9ee25e 100644 --- a/vsts-ci.yml +++ b/vsts-ci.yml @@ -135,7 +135,7 @@ jobs: stable: false preview: false communityStable: true - continueonerror: false + continueonerror: true - template: .vsts-ci/phase.yml parameters: From 0e87dd5dd5632b2f4ef76f844319a140dd670882 Mon Sep 17 00:00:00 2001 From: Ted B Date: Fri, 25 Oct 2019 16:29:24 +1100 Subject: [PATCH 015/354] MCR is the defacto source for images (#303) * MCR is the defacto source As seen on the docker hub Powershell page and as per https://techcommunity.microsoft.com/t5/Containers/Windows-Server-2019-Now-Available/ba-p/382430 Otherwise this doesn't align with all the other doco. * Updated Dockerhub readme examples link --- README.md | 8 ++++---- assets/README.powershell.md | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 73c6f705a..3607aa3af 100644 --- a/README.md +++ b/README.md @@ -32,9 +32,9 @@ The Dockerfiles in the community folder were contributed by the community and ar To run PowerShell from using a container: ```sh -$ docker run -it microsoft/powershell -Unable to find image 'microsoft/powershell:latest' locally -latest: Pulling from microsoft/powershell +$ docker run -it mcr.microsoft.com/powershell +Unable to find image 'mcr.microsoft.com/powershell:latest' locally +latest: Pulling from mcr.microsoft.com/powershell cad964aed91d: Already exists 3a80a22fea63: Already exists 50de990d7957: Already exists @@ -44,7 +44,7 @@ adf6ad28fa0e: Pull complete 10db13a8ca02: Pull complete 75bdb54ff5ae: Pull complete Digest: sha256:92c79c5fcdaf3027626643aef556344b8b4cbdaccf8443f543303319949c7f3a -Status: Downloaded newer image for microsoft/powershell:latest +Status: Downloaded newer image for mcr.microsoft.com/powershell:latest PowerShell Copyright (c) Microsoft Corporation. All rights reserved. diff --git a/assets/README.powershell.md b/assets/README.powershell.md index 099faa4ed..c4b533ec6 100644 --- a/assets/README.powershell.md +++ b/assets/README.powershell.md @@ -27,11 +27,11 @@ If you are new to PowerShell and want to learn more, see the [getting started][] ## How to Use This Image -See our [Docker examples](https://github.com/PowerShell/PowerShell/tree/master/docker#examples). +See our [Docker examples](https://github.com/PowerShell/PowerShell-Docker#examples). ## Configuration -See our [Docker examples](https://github.com/PowerShell/PowerShell/tree/master/docker#examples). +See our [Docker examples](https://github.com/PowerShell/PowerShell-Docker#examples). ## Full Tag Listing From f77cf5c11e44b2ee5490d67fde376520df99d646 Mon Sep 17 00:00:00 2001 From: Ryen Tang Date: Tue, 29 Oct 2019 02:32:37 +0800 Subject: [PATCH 016/354] Add NTLM remoting to ArchLinux using multi-stage builds (#291) --- .../archlinux/docker/Dockerfile | 41 +++++++++++++++++++ release/community-stable/archlinux/meta.json | 2 +- 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/release/community-stable/archlinux/docker/Dockerfile b/release/community-stable/archlinux/docker/Dockerfile index cb047cf45..636d5162d 100644 --- a/release/community-stable/archlinux/docker/Dockerfile +++ b/release/community-stable/archlinux/docker/Dockerfile @@ -10,6 +10,45 @@ ARG imageRepo=archlinux/base FROM ${imageRepo}:${fromTag} AS installer-env +RUN \ + # create a builduser + useradd builduser -m \ + # delete the builduser password + && passwd -d builduser \ + # enable builduser to sudo without password + && printf 'root ALL=(ALL) ALL\n' | tee -a /etc/sudoers \ + # update package database + && pacman -Syy \ + # install dependencies + && pacman -S --noconfirm \ + # required sudo + sudo \ + # required for uncompressing tar files + tar \ + # required to clone gss-ntlmssp git repository + git \ + # required to make gss-ntlmssp binary package + base-devel \ + libwbclient \ + docbook-xsl \ + doxygen \ + # change current root path to tmp directory path + && cd /tmp \ + # clone the gss-ntlmssp package repository + && git clone https://aur.archlinux.org/gss-ntlmssp.git \ + # change the cloned gss-ntlmssp package repository directory permission + && chmod 777 /tmp/gss-ntlmssp/ \ + # change current path to gss-ntlmssp package repository folder path + && cd gss-ntlmssp \ + # utilise sudo to builduser in order to make the gss-ntlmssp package + && sudo -u builduser bash -c makepkg -s --noconfirm + +# Start a new stage so we lose all the tar.gz layers from the final image +FROM ${imageRepo}:${fromTag} + +# Copy only the files we need from the previous stage +COPY --from=installer-env ["/tmp/gss-ntlmssp/gss-ntlmssp-0.8.0.r3.g2251a72-1-x86_64.pkg.tar.xz", "/tmp/gss-ntlmssp-0.8.0.r3.g2251a72-1-x86_64.pkg.tar.xz"] + # Define Args for the needed to add the package ARG PS_VERSION=6.2.3 ARG PS_PACKAGE=powershell-${PS_VERSION}-linux-x64.tar.gz @@ -53,6 +92,8 @@ RUN \ openssl-1.0 \ # required for uncompressing tar files tar \ + # install gss-ntlmssp package from the previous stage + && pacman -U --noconfirm /tmp/gss-ntlmssp-0.8.0.r3.g2251a72-1-x86_64.pkg.tar.xz \ # create powershell folder && mkdir -p ${PS_INSTALL_FOLDER} \ # uncompress powershell linux tar file diff --git a/release/community-stable/archlinux/meta.json b/release/community-stable/archlinux/meta.json index 8c0f59deb..8e834dff2 100644 --- a/release/community-stable/archlinux/meta.json +++ b/release/community-stable/archlinux/meta.json @@ -1,7 +1,7 @@ { "IsLinux" : true, "PackageFormat": "powershell-${PS_VERSION}-linux-x64.tar.gz", - "SkipGssNtlmSspTests": true, + "SkipGssNtlmSspTests": false, "tagTemplates": [ "#psversion#-archlinux-#tag#", "archlinux-#shorttag#" From 5baeb1a8ce8c57c833df5b5cbebc8588788efe41 Mon Sep 17 00:00:00 2001 From: Ryen Tang Date: Tue, 29 Oct 2019 02:47:36 +0800 Subject: [PATCH 017/354] Add NTLM remoting to AmazonLinux (#298) * Update to latest and Fix epel-release and gssntlmssp installation * set gssntlmssptest from true to false * Update to use latest image tag * fix whitespace issue * fix more invisible whitespace issue --- .../amazonlinux/docker/Dockerfile | 15 +++++++++------ .../community-stable/amazonlinux/getLatestTag.ps1 | 4 ++-- release/community-stable/amazonlinux/meta.json | 2 +- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/release/community-stable/amazonlinux/docker/Dockerfile b/release/community-stable/amazonlinux/docker/Dockerfile index 5677a61da..2d3320f8f 100644 --- a/release/community-stable/amazonlinux/docker/Dockerfile +++ b/release/community-stable/amazonlinux/docker/Dockerfile @@ -5,13 +5,13 @@ # installed from RHEL7 PowerShell package # Define arg(s) needed for the From statement -ARG fromTag=2.0.20181010 +ARG fromTag=latest ARG imageRepo=amazonlinux FROM ${imageRepo}:${fromTag} AS installer-env # Define Args for the needed to add the package -ARG PS_VERSION=6.1.0 +ARG PS_VERSION=6.2.3 ARG PS_PACKAGE=powershell-${PS_VERSION}-1.rhel.7.x86_64.rpm ARG PS_PACKAGE_URL=https://github.com/PowerShell/PowerShell/releases/download/v${PS_VERSION}/${PS_PACKAGE} ARG PS_INSTALL_VERSION=6 @@ -31,14 +31,17 @@ ENV PS_INSTALL_FOLDER=/opt/microsoft/powershell/$PS_INSTALL_VERSION \ POWERSHELL_DISTRIBUTION_CHANNEL=PSDocker-AmazonLinux-${fromTag} # Installation -RUN curl -sSL ${PS_PACKAGE_URL} -o /tmp/powershell-linux.rpm \ +RUN \ + # download PowerShell rpm package + curl -sSL ${PS_PACKAGE_URL} -o /tmp/powershell-linux.rpm \ + # install EPEL repository + && yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \ # install dependencies && yum install -y \ # required for help in PowerShell less \ - # NTLM remoting - epel-release \ - gssntlmssp \ + # install gssntlmssp package from EPEL repository + gssntlmssp \ # install powershell package && yum install -y /tmp/powershell-linux.rpm \ # remove powershell package diff --git a/release/community-stable/amazonlinux/getLatestTag.ps1 b/release/community-stable/amazonlinux/getLatestTag.ps1 index 498130431..9b8dd9524 100644 --- a/release/community-stable/amazonlinux/getLatestTag.ps1 +++ b/release/community-stable/amazonlinux/getLatestTag.ps1 @@ -4,11 +4,11 @@ # return objects representing the tags we need to base the amazon linux image on # The versions of amazon linux we care about -$shortTags = @('2.0') +$shortTags = @('latest') $parent = Join-Path -Path $PSScriptRoot -ChildPath '..' $repoRoot = Join-Path -path (Join-Path -Path $parent -ChildPath '..') -ChildPath '..' $modulePath = Join-Path -Path $repoRoot -ChildPath 'tools\getDockerTags' Import-Module $modulePath -Get-DockerTags -ShortTags $shortTags -Image "amazonlinux" -FullTagFilter '^2\.0\.\d{8}(\.\d*)?$' +Get-DockerTags -ShortTags $shortTags -Image "amazonlinux" -FullTagFilter '^latest$' diff --git a/release/community-stable/amazonlinux/meta.json b/release/community-stable/amazonlinux/meta.json index 91f41b583..d97bbe4e1 100644 --- a/release/community-stable/amazonlinux/meta.json +++ b/release/community-stable/amazonlinux/meta.json @@ -1,7 +1,7 @@ { "IsLinux" : true, "PackageFormat": "powershell-${PS_VERSION}-1.rhel.7.x86_64.rpm", - "SkipGssNtlmSspTests": true, + "SkipGssNtlmSspTests": false, "tagTemplates": [ "#psversion#-amazonlinux-#tag#", "amazonlinux-#shorttag#" From 72cd90bef6b40b7a0b0d0e24a0eab0d395606faf Mon Sep 17 00:00:00 2001 From: Reece Dunham Date: Mon, 28 Oct 2019 17:16:12 -0400 Subject: [PATCH 018/354] Debian bullseye image (#308) --- .dependabot/config.yml | 4 + .gitpod.Dockerfile | 5 + .gitpod.yml | 2 + build.ps1 | 2 +- .../preview/debian11/dependabot/Dockerfile | 6 + release/preview/debian11/docker/Dockerfile | 110 ++++++++++++++++++ release/preview/debian11/getLatestTag.ps1 | 14 +++ release/preview/debian11/meta.json | 16 +++ .../debian11/test-deps/docker/Dockerfile | 43 +++++++ release/preview/debian11/test-deps/meta.json | 16 +++ vsts-ci.yml | 7 ++ 11 files changed, 224 insertions(+), 1 deletion(-) create mode 100644 .gitpod.Dockerfile create mode 100644 .gitpod.yml mode change 100644 => 100755 build.ps1 create mode 100644 release/preview/debian11/dependabot/Dockerfile create mode 100644 release/preview/debian11/docker/Dockerfile create mode 100644 release/preview/debian11/getLatestTag.ps1 create mode 100644 release/preview/debian11/meta.json create mode 100644 release/preview/debian11/test-deps/docker/Dockerfile create mode 100644 release/preview/debian11/test-deps/meta.json diff --git a/.dependabot/config.yml b/.dependabot/config.yml index fc8e973a2..08644e6f5 100644 --- a/.dependabot/config.yml +++ b/.dependabot/config.yml @@ -15,6 +15,10 @@ update_configs: directory: "/release/preview/debian10/dependabot" update_schedule: "daily" + - package_manager: "docker" + directory: "/release/preview/debian11/dependabot" + update_schedule: "daily" + - package_manager: "docker" directory: "/release/preview/fedora/dependabot" update_schedule: "daily" diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile new file mode 100644 index 000000000..b8056ca2e --- /dev/null +++ b/.gitpod.Dockerfile @@ -0,0 +1,5 @@ +FROM mcr.microsoft.com/powershell:latest + +USER root + +RUN apt-get install docker && pwsh -NoLogo -NoProfile -c "install-module -Name Pester -Scope CurrentUser" diff --git a/.gitpod.yml b/.gitpod.yml new file mode 100644 index 000000000..527c76d39 --- /dev/null +++ b/.gitpod.yml @@ -0,0 +1,2 @@ +image: + file: .gitpod.Dockerfile diff --git a/build.ps1 b/build.ps1 old mode 100644 new mode 100755 index 823ab25d5..1ed197933 --- a/build.ps1 +++ b/build.ps1 @@ -1,3 +1,4 @@ +#!/usr/bin/pwsh # Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the MIT License. @@ -251,7 +252,6 @@ End { } else { - $toBuild += $allMeta if($allMeta.Meta.SubImage) { diff --git a/release/preview/debian11/dependabot/Dockerfile b/release/preview/debian11/dependabot/Dockerfile new file mode 100644 index 000000000..8a60bc3b0 --- /dev/null +++ b/release/preview/debian11/dependabot/Dockerfile @@ -0,0 +1,6 @@ +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. + +# Dummy docker image to trigger dependabot PRs + +FROM debian:11 diff --git a/release/preview/debian11/docker/Dockerfile b/release/preview/debian11/docker/Dockerfile new file mode 100644 index 000000000..b034005fe --- /dev/null +++ b/release/preview/debian11/docker/Dockerfile @@ -0,0 +1,110 @@ +# Docker image file that describes an Debian image with PowerShell installed from Microsoft APT Repo +ARG fromTag=bullseye-slim +ARG imageRepo=debian + +FROM ${imageRepo}:${fromTag} AS installer-env + +# Define Args for the needed to add the package +ARG PS_VERSION=6.1.0 +ARG PS_PACKAGE=powershell-${PS_VERSION}-linux-x64.tar.gz +ARG PS_PACKAGE_URL=https://github.com/PowerShell/PowerShell/releases/download/v${PS_VERSION}/${PS_PACKAGE} +ARG PS_INSTALL_VERSION=7-preview + +# Download the Linux tar.gz and save it +ADD ${PS_PACKAGE_URL} /tmp/linux.tar.gz + +# define the folder we will be installing PowerShell to +ENV PS_INSTALL_FOLDER=/opt/microsoft/powershell/$PS_INSTALL_VERSION + +# Create the install folder +RUN mkdir -p ${PS_INSTALL_FOLDER} + +# Unzip the Linux tar.gz +RUN tar zxf /tmp/linux.tar.gz -C ${PS_INSTALL_FOLDER} + +# Start a new stage so we lose all the tar.gz layers from the final image +FROM ${imageRepo}:${fromTag} + +ARG PS_VERSION=6.2.0-preview.3 +ARG PS_INSTALL_VERSION=7-preview + +# Copy only the files we need from the previous stage +COPY --from=installer-env ["/opt/microsoft/powershell", "/opt/microsoft/powershell"] + +# Define Args and Env needed to create links +ARG PS_INSTALL_VERSION=7-preview +ENV PS_INSTALL_FOLDER=/opt/microsoft/powershell/$PS_INSTALL_VERSION \ + \ + # Define ENVs for Localization/Globalization + DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false \ + LC_ALL=en_US.UTF-8 \ + LANG=en_US.UTF-8 \ + # set a fixed location for the Module analysis cache + PSModuleAnalysisCachePath=/var/cache/microsoft/powershell/PSModuleAnalysisCache/ModuleAnalysisCache \ + POWERSHELL_DISTRIBUTION_CHANNEL=PSDocker-Debian-11 + +# Install dependencies and clean up +RUN apt-get update \ + && apt-get install -y \ + # less is required for help in powershell + less \ + # requied to setup the locale + locales \ + # required for SSL + ca-certificates \ + gss-ntlmssp \ + libicu63 \ + libssl1.1 \ + libc6 \ + libgcc1 \ + libgssapi-krb5-2 \ + liblttng-ust0 \ + libstdc++6 \ + zlib1g \ + && apt-get dist-upgrade -y \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + # enable en_US.UTF-8 locale + && sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen \ + # generate locale + && locale-gen && update-locale + + # Give all user execute permissions and remove write permissions for others +RUN chmod a+x,o-w ${PS_INSTALL_FOLDER}/pwsh \ + # Create the pwsh symbolic link that points to powershell + && ln -s ${PS_INSTALL_FOLDER}/pwsh /usr/bin/pwsh \ + # intialize powershell module cache + && pwsh \ + -NoLogo \ + -NoProfile \ + -Command " \ + \$ErrorActionPreference = 'Stop' ; \ + \$ProgressPreference = 'SilentlyContinue' ; \ + while(!(Test-Path -Path \$env:PSModuleAnalysisCachePath)) { \ + Write-Host "'Waiting for $env:PSModuleAnalysisCachePath'" ; \ + Start-Sleep -Seconds 6 ; \ + }" + +# Define args needed only for the labels +ARG VCS_REF="none" +ARG IMAGE_NAME=mcr.microsoft.com/powershell:debian-11 + +LABEL maintainer="PowerShell Team " \ + readme.md="https://github.com/PowerShell/PowerShell/blob/master/docker/README.md" \ + description="This Dockerfile will install the latest release of PowerShell." \ + org.label-schema.usage="https://github.com/PowerShell/PowerShell/tree/master/docker#run-the-docker-image-you-built" \ + org.label-schema.url="https://github.com/PowerShell/PowerShell/blob/master/docker/README.md" \ + org.label-schema.vcs-url="https://github.com/PowerShell/PowerShell-Docker" \ + org.label-schema.name="powershell" \ + org.label-schema.vendor="PowerShell" \ + org.label-schema.version=${PS_VERSION} \ + org.label-schema.schema-version="1.0" \ + org.label-schema.vcs-ref=${VCS_REF} \ + org.label-schema.docker.cmd="docker run ${IMAGE_NAME} pwsh -c '$psversiontable'" \ + org.label-schema.docker.cmd.devel="docker run ${IMAGE_NAME}" \ + org.label-schema.docker.cmd.test="docker run ${IMAGE_NAME} pwsh -c Invoke-Pester" \ + org.label-schema.docker.cmd.help="docker run ${IMAGE_NAME} pwsh -c Get-Help" + +# Use PowerShell as the default shell +# Use array to avoid Docker prepending /bin/sh -c +CMD [ "pwsh" ] diff --git a/release/preview/debian11/getLatestTag.ps1 b/release/preview/debian11/getLatestTag.ps1 new file mode 100644 index 000000000..f19797bb9 --- /dev/null +++ b/release/preview/debian11/getLatestTag.ps1 @@ -0,0 +1,14 @@ +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. + +# return objects representing the tags we need to base the debian image on Docker + +# The versions of debian we care about +$shortTags = @('bullseye-slim') + +$parent = Join-Path -Path $PSScriptRoot -ChildPath '..' +$repoRoot = Join-Path -path (Join-Path -Path $parent -ChildPath '..') -ChildPath '..' +$modulePath = Join-Path -Path $repoRoot -ChildPath 'tools\getDockerTags' +Import-Module $modulePath + +Get-DockerTags -ShortTags $shortTags -Image "debian" -FullTagFilter 'bullseye-\d{8}[\.\d{1}]?-slim' -AlternativeShortTag '11' -SkipShortTagFilter diff --git a/release/preview/debian11/meta.json b/release/preview/debian11/meta.json new file mode 100644 index 000000000..76d23415b --- /dev/null +++ b/release/preview/debian11/meta.json @@ -0,0 +1,16 @@ +{ + "IsLinux" : true, + "UseLinuxVersion" : false, + "PackageFormat": "powershell-${PS_VERSION}-linux-x64.tar.gz", + "osVersion": "Debian 11 (Testing)", + "SkipGssNtlmSspTests": false, + "tagTemplates": [ + "#psversion#-debian-#tag#", + "preview-debian-#shorttag#" + ], + "SubImage": "test-deps", + "TestProperties": { + "size": 314 + } +} + diff --git a/release/preview/debian11/test-deps/docker/Dockerfile b/release/preview/debian11/test-deps/docker/Dockerfile new file mode 100644 index 000000000..9bd7c2fe2 --- /dev/null +++ b/release/preview/debian11/test-deps/docker/Dockerfile @@ -0,0 +1,43 @@ +# Docker image file that describes an Debian image with PowerShell and test dependencies +ARG BaseImage=mcr.microsoft.com/powershell:preview-debian-11 + +FROM ${BaseImage} + +# Install dependencies and clean up +RUN apt-get update \ + && apt-get install -y \ + sudo \ + curl \ + wget \ + iputils-ping \ + iputils-tracepath \ + procps \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +ENV POWERSHELL_DISTRIBUTION_CHANNEL=PSDocker-TestDeps-Debian-11 + +# Define args needed only for the labels +ARG VCS_REF="none" +ARG IMAGE_NAME=mcr.microsoft.com/powershell/test-deps:debian-11 +ARG PS_VERSION=6.2.0 + +LABEL maintainer="PowerShell Team " \ + readme.md="https://github.com/PowerShell/PowerShell/blob/master/docker/README.md" \ + description="This Dockerfile will install the latest release of PowerShell and tools needed for runing CI/CD container jobs." \ + org.label-schema.usage="https://github.com/PowerShell/PowerShell/tree/master/docker#run-the-docker-image-you-built" \ + org.label-schema.url="https://github.com/PowerShell/PowerShell/blob/master/docker/README.md" \ + org.label-schema.vcs-url="https://github.com/PowerShell/PowerShell-Docker" \ + org.label-schema.name="powershell" \ + org.label-schema.vendor="PowerShell" \ + org.label-schema.version=${PS_VERSION} \ + org.label-schema.schema-version="1.0" \ + org.label-schema.vcs-ref=${VCS_REF} \ + org.label-schema.docker.cmd="docker run ${IMAGE_NAME} pwsh -c '$psversiontable'" \ + org.label-schema.docker.cmd.devel="docker run ${IMAGE_NAME}" \ + org.label-schema.docker.cmd.test="docker run ${IMAGE_NAME} pwsh -c Invoke-Pester" \ + org.label-schema.docker.cmd.help="docker run ${IMAGE_NAME} pwsh -c Get-Help" + +# Use PowerShell as the default shell +# Use array to avoid Docker prepending /bin/sh -c +CMD [ "pwsh" ] diff --git a/release/preview/debian11/test-deps/meta.json b/release/preview/debian11/test-deps/meta.json new file mode 100644 index 000000000..568f4e2b2 --- /dev/null +++ b/release/preview/debian11/test-deps/meta.json @@ -0,0 +1,16 @@ +{ + "IsLinux" : true, + "UseLinuxVersion": false, + "osVersion": "Debian 11 (Testing)", + "tagTemplates": [ + "preview-debian-#shorttag#" + ], + "SubRepository": "test-deps", + "OptionalTests": [ + "test-deps", + "test-deps-debian" + ], + "TestProperties": { + "size": 316 + } +} diff --git a/vsts-ci.yml b/vsts-ci.yml index 96c9ee25e..6bf041fe3 100644 --- a/vsts-ci.yml +++ b/vsts-ci.yml @@ -101,6 +101,13 @@ jobs: stable: false preview: true +- template: .vsts-ci/phase.yml + parameters: + name: debian11 + imagename: debian11 + stable: false + preview: true + - template: .vsts-ci/phase.yml parameters: name: kaliRolling From c39802135b63259d3c29be63c4372731cea719d1 Mon Sep 17 00:00:00 2001 From: Reece Dunham Date: Wed, 30 Oct 2019 13:07:08 -0400 Subject: [PATCH 019/354] Create SECURITY.md (#310) --- docs/SECURITY.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 docs/SECURITY.md diff --git a/docs/SECURITY.md b/docs/SECURITY.md new file mode 100644 index 000000000..13e0b1705 --- /dev/null +++ b/docs/SECURITY.md @@ -0,0 +1,18 @@ +# Security Policy + +## Supported Versions + +These versions are currently being supported with security updates: + +| Version | Supported | +| ------------------ | ------------------- | +| Stable | :white_check_mark: | +| Community Stable | :white_check_mark: | +| Preview | :white_check_mark: | +| Servicing | Critical Isses Only | + +## Reporting a Vulnerability + +If you have found a potential security issue in PowerShell Core +or any Docker images present in this repository, +please email details to secure@microsoft.com. From 88af8e8708517e3a564564089b0b89fd5a56ca34 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 30 Oct 2019 12:00:45 -0700 Subject: [PATCH 020/354] Fix GitPod (#309) --- .gitpod.Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile index b8056ca2e..de7746bbe 100644 --- a/.gitpod.Dockerfile +++ b/.gitpod.Dockerfile @@ -2,4 +2,6 @@ FROM mcr.microsoft.com/powershell:latest USER root -RUN apt-get install docker && pwsh -NoLogo -NoProfile -c "install-module -Name Pester -Scope CurrentUser" +RUN apt-get update \ + && apt-get --yes install docker \ + && pwsh -NoLogo -NoProfile -c "install-module -Name Pester -Scope CurrentUser -force" From 19fae92c20340be39e0887d7476a422260693cd2 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 30 Oct 2019 14:37:14 -0700 Subject: [PATCH 021/354] Add retry for retrieving tag list (#315) --- .vsts-ci/phase.yml | 16 ++++++++-------- .vsts-ci/releasePhase.yml | 22 +++++++++++----------- tools/getDockerTags/getDockerTags.psm1 | 3 ++- 3 files changed, 21 insertions(+), 20 deletions(-) diff --git a/.vsts-ci/phase.yml b/.vsts-ci/phase.yml index 3020940fd..faa085bfe 100644 --- a/.vsts-ci/phase.yml +++ b/.vsts-ci/phase.yml @@ -20,47 +20,47 @@ jobs: pool: vmImage: ${{ parameters.vmImage }} steps: - - powershell: Install-module pester -Scope CurrentUser -Force + - pwsh: Install-module pester -Scope CurrentUser -Force displayName: Install Pester condition: succeededOrFailed() - ${{ if eq(parameters.stable, 'true') }}: - - powershell: ./build.ps1 -build -name '$(ImageName)' -IncludeKnownIssues -Channel 'stable' -TestLogPostfix '$(ImageName)-stable' ${{ parameters.ciParameter }} -Repository stable/powershell + - pwsh: ./build.ps1 -build -name '$(ImageName)' -IncludeKnownIssues -Channel 'stable' -TestLogPostfix '$(ImageName)-stable' ${{ parameters.ciParameter }} -Repository stable/powershell displayName: $(ImageName) Stable condition: succeededOrFailed() continueOnError: ${{ parameters.continueonerror }} - ${{ if eq(parameters.preview, 'true') }}: - - powershell: ./build.ps1 -build -name '$(ImageName)' -IncludeKnownIssues -Channel 'preview' -TestLogPostfix '$(ImageName)-preview' ${{ parameters.ciParameter }} -Repository preview/powershell + - pwsh: ./build.ps1 -build -name '$(ImageName)' -IncludeKnownIssues -Channel 'preview' -TestLogPostfix '$(ImageName)-preview' ${{ parameters.ciParameter }} -Repository preview/powershell displayName: $(ImageName) Preview condition: succeededOrFailed() continueOnError: ${{ parameters.continueonerror }} - ${{ if eq(parameters.servicing, 'true') }}: - - powershell: ./build.ps1 -build -name '$(ImageName)' -IncludeKnownIssues -Channel 'servicing' -TestLogPostfix '$(ImageName)-servicing' ${{ parameters.ciParameter }} -Repository servicing/powershell + - pwsh: ./build.ps1 -build -name '$(ImageName)' -IncludeKnownIssues -Channel 'servicing' -TestLogPostfix '$(ImageName)-servicing' ${{ parameters.ciParameter }} -Repository servicing/powershell displayName: $(ImageName) Servicing condition: succeededOrFailed() continueOnError: ${{ parameters.continueonerror }} - ${{ if eq(parameters.communityStable, 'true') }}: - - powershell: ./build.ps1 -build -name '$(ImageName)' -IncludeKnownIssues -Channel 'community-stable' -TestLogPostfix '$(ImageName)-stable' ${{ parameters.ciParameter }} -Repository stable/powershell + - pwsh: ./build.ps1 -build -name '$(ImageName)' -IncludeKnownIssues -Channel 'community-stable' -TestLogPostfix '$(ImageName)-stable' ${{ parameters.ciParameter }} -Repository stable/powershell displayName: $(ImageName) Stable condition: succeededOrFailed() continueOnError: ${{ parameters.continueonerror }} - ${{ if eq(parameters.communityPreview, 'true') }}: - - powershell: ./build.ps1 -build -name '$(ImageName)' -IncludeKnownIssues -Channel 'community-preview' -TestLogPostfix '$(ImageName)-preview' ${{ parameters.ciParameter }} -Repository preview/powershell + - pwsh: ./build.ps1 -build -name '$(ImageName)' -IncludeKnownIssues -Channel 'community-preview' -TestLogPostfix '$(ImageName)-preview' ${{ parameters.ciParameter }} -Repository preview/powershell displayName: $(ImageName) Preview condition: succeededOrFailed() continueOnError: ${{ parameters.continueonerror }} - ${{ if eq(parameters.communityServicing, 'true') }}: - - powershell: ./build.ps1 -build -name '$(ImageName)' -IncludeKnownIssues -Channel 'community-servicing' -TestLogPostfix '$(ImageName)-servicing' ${{ parameters.ciParameter }} -Repository servicing/powershell + - pwsh: ./build.ps1 -build -name '$(ImageName)' -IncludeKnownIssues -Channel 'community-servicing' -TestLogPostfix '$(ImageName)-servicing' ${{ parameters.ciParameter }} -Repository servicing/powershell displayName: $(ImageName) Servicing condition: succeededOrFailed() continueOnError: ${{ parameters.continueonerror }} - - powershell: | + - pwsh: | $files = @(Get-ChildItem -Recurse test*.xml) if($files.count -eq 0) { throw 'no test results found' diff --git a/.vsts-ci/releasePhase.yml b/.vsts-ci/releasePhase.yml index 13ac04f33..d4572cf1c 100644 --- a/.vsts-ci/releasePhase.yml +++ b/.vsts-ci/releasePhase.yml @@ -19,41 +19,41 @@ jobs: displayName: ${{ parameters.jobName }} steps: - - powershell: | + - pwsh: | Write-Host "##vso[task.setvariable variable=ACR_NAME;]$env:ACR_NAME_VAR" displayName: 'Enable ACR' condition: ne(variables['ACR'], 'no') - - powershell: | + - pwsh: | $version = '$(releaseTag)' -replace '^v', '' Write-Host "##vso[task.setvariable variable=Version;]$version" displayName: 'Set Version' - - powershell: | + - pwsh: | $namespace = '$(releaseTag)'.ToLowerInvariant() Write-Host "##vso[task.setvariable variable=dockerNamespace;]$namespace" displayName: 'Set dockerNamespace' - - powershell: 'Get-ChildItem env:' + - pwsh: 'Get-ChildItem env:' displayName: 'Capture Environment' - - powershell: 'docker login $(dockerHost) -u $(dockerUserName) -p $(dockerKey)' + - pwsh: 'docker login $(dockerHost) -u $(dockerUserName) -p $(dockerKey)' displayName: 'docker login' - - powershell: ' az login --service-principal -u $(az_url) -p $(az_key) --tenant $(az_name)' + - pwsh: ' az login --service-principal -u $(az_url) -p $(az_key) --tenant $(az_name)' displayName: 'az login' - - powershell: | + - pwsh: | az account set --subscription $(StorageSubscriptionName) $querystring = az storage account generate-sas --account-name $(StorageAccount) --services b --resource-types o --expiry ((get-date).AddDays(2).ToString("yyyy-MM-dd")) --permission r --https-only | convertfrom-json $url = "https://$(StorageAccount).blob.core.windows.net/?$querystring" Write-Host "##vso[task.setvariable variable=SasUrl;]$url" displayName: 'Set SasUrl variable' - - powershell: 'Install-module pester -Scope CurrentUser -Force -SkipPublisherCheck' + - pwsh: 'Install-module pester -Scope CurrentUser -Force -SkipPublisherCheck' displayName: 'Install Pester' - - powershell: | + - pwsh: | az account set --subscription $(AcrSubscriptionName) $extraParams = @{} if($env:ACR -eq 'no') @@ -83,11 +83,11 @@ jobs: } displayName: 'Build All $(Channel)' - - powershell: 'docker logout $(dockerHost)' + - pwsh: 'docker logout $(dockerHost)' displayName: 'docker logout' condition: always() - - powershell: 'az logout' + - pwsh: 'az logout' displayName: 'az logout' - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 diff --git a/tools/getDockerTags/getDockerTags.psm1 b/tools/getDockerTags/getDockerTags.psm1 index 65d82936b..a48ddff10 100644 --- a/tools/getDockerTags/getDockerTags.psm1 +++ b/tools/getDockerTags/getDockerTags.psm1 @@ -1,6 +1,7 @@ # Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the MIT License. +#Requires -Version 6.2 # function to deal with pagination # which does not happen according to spec'ed behavior function Get-DockerTagsList @@ -17,7 +18,7 @@ function Get-DockerTagsList $nextUrl = $Url while($nextUrl) { - $results = Invoke-RestMethod $nextUrl + $results = Invoke-RestMethod $nextUrl -MaximumRetryCount 5 -RetryIntervalSec 12 if($results.results) { $results.results.$PropertyName | ForEach-Object {Write-Output $_} From 07104f5d711981cf2a9c0e8547b90ceeef73c15a Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Thu, 31 Oct 2019 12:00:29 -0700 Subject: [PATCH 022/354] Sync readme with MCR (#305) * Sync readme with MCR * Update README.powershell.md --- assets/README.powershell.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/assets/README.powershell.md b/assets/README.powershell.md index c4b533ec6..29602e408 100644 --- a/assets/README.powershell.md +++ b/assets/README.powershell.md @@ -33,6 +33,11 @@ See our [Docker examples](https://github.com/PowerShell/PowerShell-Docker#exampl See our [Docker examples](https://github.com/PowerShell/PowerShell-Docker#examples). +## Related Repos + +- [PowerShell-test-deps](https://store.docker.com/images/microsoft-powershell-test-deps/): + PowerShell with Test Dependencies + ## Full Tag Listing Tags go here. @@ -43,8 +48,10 @@ For our support policy, see [PowerShell Core Support Lifecycle](https://docs.mic ## Feedback -- To give feedback for PowerShell Core, file an issue at [PowerShell/Powershell](https://github.com/PowerShell/PowerShell/issues/new/choose) -- To give feedback for how the images are built, file an issue at [PowerShell/PowerShell-Docker](https://github.com/PowerShell/PowerShell-Docker/issues/new/choose) +- To give feedback for PowerShell Core, + file an issue at [PowerShell/Powershell](https://github.com/PowerShell/PowerShell/issues/new/choose) +- To give feedback for how the images are built, + file an issue at [PowerShell/PowerShell-Docker](https://github.com/PowerShell/PowerShell-Docker/issues/new/choose) ## License From e10e5006545b1dc9d8485156b780fc34a2f1292e Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Thu, 31 Oct 2019 12:01:29 -0700 Subject: [PATCH 023/354] Add preview ARM docker file (#301) --- .vsts-ci/phase.yml | 15 +++ .vsts-ci/releasePhase.yml | 1 - .vsts-ci/vsts-arm-ci.yml | 36 +++++++ release/preview/arm32v7/docker/Dockerfile | 95 ++++++++++++++++++ release/preview/arm32v7/getLatestTag.ps1 | 14 +++ release/preview/arm32v7/meta.json | 17 ++++ tests/container.tests.ps1 | 115 +++++++++++++++++++--- tests/containerTestCommon.psm1 | 11 ++- tools/buildHelper/buildHelper.psm1 | 5 + 9 files changed, 291 insertions(+), 18 deletions(-) create mode 100644 .vsts-ci/vsts-arm-ci.yml create mode 100644 release/preview/arm32v7/docker/Dockerfile create mode 100644 release/preview/arm32v7/getLatestTag.ps1 create mode 100644 release/preview/arm32v7/meta.json diff --git a/.vsts-ci/phase.yml b/.vsts-ci/phase.yml index faa085bfe..acfa2da85 100644 --- a/.vsts-ci/phase.yml +++ b/.vsts-ci/phase.yml @@ -10,6 +10,7 @@ parameters: communityServicing: 'false' continueonerror: false ciParameter: '-CI' + useacr: 'false' jobs: - job: ${{ parameters.name }} @@ -20,6 +21,20 @@ jobs: pool: vmImage: ${{ parameters.vmImage }} steps: + - ${{ if eq(parameters.useacr, 'true') }}: + - pwsh: | + Write-Host "##vso[task.setvariable variable=ACR_NAME;]$env:ACR_NAME_VAR" + displayName: 'Enable ACR' + condition: ne(variables['ACR'], 'no') + + - ${{ if eq(parameters.useacr, 'true') }}: + - pwsh: 'Get-ChildItem env:' + displayName: 'Capture Environment' + + - ${{ if eq(parameters.useacr, 'true') }}: + - pwsh: ' az login --service-principal -u $(az_url) -p $(az_key) --tenant $(az_name)' + displayName: 'az login' + - pwsh: Install-module pester -Scope CurrentUser -Force displayName: Install Pester condition: succeededOrFailed() diff --git a/.vsts-ci/releasePhase.yml b/.vsts-ci/releasePhase.yml index d4572cf1c..14b8c46b5 100644 --- a/.vsts-ci/releasePhase.yml +++ b/.vsts-ci/releasePhase.yml @@ -22,7 +22,6 @@ jobs: - pwsh: | Write-Host "##vso[task.setvariable variable=ACR_NAME;]$env:ACR_NAME_VAR" displayName: 'Enable ACR' - condition: ne(variables['ACR'], 'no') - pwsh: | $version = '$(releaseTag)' -replace '^v', '' diff --git a/.vsts-ci/vsts-arm-ci.yml b/.vsts-ci/vsts-arm-ci.yml new file mode 100644 index 000000000..8b44e203d --- /dev/null +++ b/.vsts-ci/vsts-arm-ci.yml @@ -0,0 +1,36 @@ +name: PR-$(System.PullRequest.PullRequestNumber)-$(Date:yyyyMMdd)$(Rev:.rr) + +resources: +- repo: self + clean: true + +variables: + POWERSHELL_TELEMETRY_OPTOUT: 1 + +jobs: + +- job: Set_Build_Name + pool: + vmImage: ubuntu-16.04 + displayName: Set Build Name + condition: ne(variables['Build.Reason'], 'PullRequest') + steps: + - pwsh: Write-Host "##vso[build.updatebuildnumber]$env:BUILD_SOURCEBRANCHNAME-$env:BUILD_SOURCEVERSION-$((get-date).ToString("yyyyMMddhhss"))" + displayName: Set Build Name for Non-PR + condition: ne(variables['Build.Reason'], 'PullRequest') + +- template: phase.yml + parameters: + name: arm32v7 + imagename: arm32v7 + stable: false + preview: true + useacr: true + +- template: phase.yml + parameters: + name: centos7 + imagename: centos7 + stable: false + preview: true + useacr: true diff --git a/release/preview/arm32v7/docker/Dockerfile b/release/preview/arm32v7/docker/Dockerfile new file mode 100644 index 000000000..d86b97763 --- /dev/null +++ b/release/preview/arm32v7/docker/Dockerfile @@ -0,0 +1,95 @@ +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. + +ARG fromTag=bionic +ARG imageRepo=arm32v7/ubuntu + +FROM ${imageRepo}:${fromTag} AS installer-env + +ARG PS_VERSION=6.2.3 +ENV PS_PACKAGE=powershell-${PS_VERSION}-linux-arm32.tar.gz +ENV PS_PACKAGE_URL=https://github.com/PowerShell/PowerShell/releases/download/v${PS_VERSION}/${PS_PACKAGE} +ARG PS_INSTALL_VERSION=7-preview + +# define the folder we will be installing PowerShell to +ENV PS_INSTALL_FOLDER=/opt/microsoft/powershell/$PS_INSTALL_VERSION + +# Create the install folder +RUN mkdir -p ${PS_INSTALL_FOLDER} + +ARG PS_PACKAGE_URL_BASE64 + +RUN apt-get update \ + && apt-get install --no-install-recommends ca-certificates wget --yes + +RUN echo 'in task' \ + && if [ -n "${PS_PACKAGE_URL_BASE64}" ]; then \ + echo 'using base64' \ + && export url=$(echo "${PS_PACKAGE_URL_BASE64}" | base64 --decode -);\ + else \ + echo 'using unencoded' \ + && export url="${PS_PACKAGE_URL}"; \ + fi \ + && echo "url: $url" \ + && wget -O /tmp/powershell.tar.gz "$url" \ + && echo 'task done' + +RUN ls -l /tmp/powershell.tar.gz + + # Unzip the Linux tar.gz +RUN tar zxf /tmp/powershell.tar.gz -C ${PS_INSTALL_FOLDER} + +FROM ${imageRepo}:${fromTag} AS final-image + +# Define Args and Env needed to create links +ARG PS_INSTALL_VERSION=7-preview +ARG PS_VERSION=6.2.3 + +ENV PS_INSTALL_FOLDER=/opt/microsoft/powershell/$PS_INSTALL_VERSION \ + \ + # Define ENVs for Localization/Globalization + DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false \ + LC_ALL=en_US.UTF-8 \ + LANG=en_US.UTF-8 \ + # set a fixed location for the Module analysis cache + PSModuleAnalysisCachePath=/var/cache/microsoft/powershell/PSModuleAnalysisCache/ModuleAnalysisCache \ + POWERSHELL_DISTRIBUTION_CHANNEL=PSDocker-arm32v7-Ubuntu-18.04 + +# Copy only the files we need from the previous stage +COPY --from=installer-env ["/opt/microsoft/powershell", "/opt/microsoft/powershell"] + + +RUN \ + apt-get update \ + && apt-get install --no-install-recommends ca-certificates libunwind8 libssl1.0 libicu60 less --yes + + # Give all user execute permissions and remove write permissions for others +RUN chmod a+x,o-w ${PS_INSTALL_FOLDER}/pwsh \ + # Create the pwsh symbolic link that points to powershell + && ln -s ${PS_INSTALL_FOLDER}/pwsh /usr/bin/pwsh \ + # Create the pwsh-preview symbolic link that points to powershell + && ln -s ${PS_INSTALL_FOLDER}/pwsh /usr/bin/pwsh-preview + +# Define args needed only for the labels +ARG VCS_REF="none" +ARG IMAGE_NAME=mcr.microsoft.com/powershell:preview-arm32v7-ubuntu-bionic + +LABEL maintainer="PowerShell Team " \ + readme.md="https://github.com/PowerShell/PowerShell/blob/master/docker/README.md" \ + description="This Dockerfile will install the latest release of PowerShell." \ + org.label-schema.usage="https://github.com/PowerShell/PowerShell/tree/master/docker#run-the-docker-image-you-built" \ + org.label-schema.url="https://github.com/PowerShell/PowerShell/blob/master/docker/README.md" \ + org.label-schema.vcs-url="https://github.com/PowerShell/PowerShell-Docker" \ + org.label-schema.name="powershell" \ + org.label-schema.vendor="PowerShell" \ + org.label-schema.version=${PS_VERSION} \ + org.label-schema.schema-version="1.0" \ + org.label-schema.vcs-ref=${VCS_REF} \ + org.label-schema.docker.cmd="docker run ${IMAGE_NAME} pwsh -c '$psversiontable'" \ + org.label-schema.docker.cmd.devel="docker run ${IMAGE_NAME}" \ + org.label-schema.docker.cmd.test="docker run ${IMAGE_NAME} pwsh -c Invoke-Pester" \ + org.label-schema.docker.cmd.help="docker run ${IMAGE_NAME} pwsh -c Get-Help" + +# Use PowerShell as the default shell +# Use array to avoid Docker prepending /bin/sh -c +CMD [ "pwsh" ] diff --git a/release/preview/arm32v7/getLatestTag.ps1 b/release/preview/arm32v7/getLatestTag.ps1 new file mode 100644 index 000000000..f4574e134 --- /dev/null +++ b/release/preview/arm32v7/getLatestTag.ps1 @@ -0,0 +1,14 @@ +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. + +# return objects representing the tags we need to base the CentOS image on Docker + +# The versions of CentOS we care about +$shortTags = @('bionic') + +$parent = Join-Path -Path $PSScriptRoot -ChildPath '..' +$repoRoot = Join-Path -path (Join-Path -Path $parent -ChildPath '..') -ChildPath '..' +$modulePath = Join-Path -Path $repoRoot -ChildPath 'tools\getDockerTags' +Import-Module $modulePath + +Get-DockerTags -ShortTags $shortTags -Image "arm32v7/ubuntu" -FullTagFilter '^bionic-\d{8}$' -AlternativeShortTag '18.04' diff --git a/release/preview/arm32v7/meta.json b/release/preview/arm32v7/meta.json new file mode 100644 index 000000000..3ba1260ef --- /dev/null +++ b/release/preview/arm32v7/meta.json @@ -0,0 +1,17 @@ +{ + "IsLinux" : true, + "UseLinuxVersion": false, + "PackageFormat": "powershell-${PS_VERSION}-linux-arm32.tar.gz", + "osVersion": "Ubuntu 18.04 ARM 32v7", + "SkipGssNtlmSspTests": true, + "Base64EncodePackageUrl": true, + "UseAcr": true, + "tagTemplates": [ + "#psversion#-arm32v7-ubuntu-#tag#", + "preview-arm32v7-ubuntu-#shorttag#" + ], + "TestProperties": { + "size": 550, + "Arm32": true + } +} diff --git a/tests/container.tests.ps1 b/tests/container.tests.ps1 index 9fabc8a56..7d1949579 100644 --- a/tests/container.tests.ps1 +++ b/tests/container.tests.ps1 @@ -22,11 +22,12 @@ Describe "Build Linux Containers" -Tags 'Build', 'Linux' { Path = $_.Path BuildArgs = $_.BuildArgs SkipPull = $_.SkipPull + UseAcr = [bool]$_.UseAcr } } } - it " builds from ''" -TestCases $buildTestCases -Skip:$script:skipLinux { + it " builds from '' - UseAcr:" -TestCases $buildTestCases -Skip:$script:skipLinux { param( [Parameter(Mandatory=$true)] [string] @@ -45,10 +46,13 @@ Describe "Build Linux Containers" -Tags 'Build', 'Linux' { $BuildArgs, [bool] - $SkipPull + $SkipPull, + + [bool] + $UseAcr ) - Invoke-DockerBuild -Tags $Tags -Path $Path -BuildArgs $BuildArgs -OSType linux -SkipPull:$SkipPull + Invoke-DockerBuild -Tags $Tags -Path $Path -BuildArgs $BuildArgs -OSType linux -SkipPull:$SkipPull -UseAcr:$UseAcr } } @@ -88,7 +92,7 @@ Describe "Build Windows Containers" -Tags 'Build', 'Windows' { $SkipPull ) - Invoke-DockerBuild -Tags $Tags -Path $Path -BuildArgs $BuildArgs -OSType windows -SkipPull:$SkipPull + Invoke-DockerBuild -Tags $Tags -Path $Path -BuildArgs $BuildArgs -OSType windows -SkipPull:$SkipPull -UseAcr } } @@ -156,24 +160,30 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { $testContext = Get-TestContext -type Linux $runTestCases = @() $script:linuxContainerRunTests | ForEach-Object { + $Arm32 = [bool] $_.TestProperties.Arm32 $runTestCases += @{ Name = $_.Name ExpectedVersion = $_.ExpectedVersion Channel = $_.Channel + Arm32 = $Arm32 } } $webTestCases = @() $script:linuxContainerRunTests | Where-Object {$_.SkipWebCmdletTests -ne $true} | ForEach-Object { + $Arm32 = [bool] $_.TestProperties.Arm32 $webTestCases += @{ Name = $_.Name + Arm32 = $Arm32 } } $gssNtlmSspTestCases = @() $script:linuxContainerRunTests | Where-Object {$_.SkipGssNtlmSspTests -ne $true} | ForEach-Object { + $Arm32 = [bool] $_.TestProperties.Arm32 $gssNtlmSspTestCases += @{ Name = $_.Name + Arm32 = $Arm32 } } } @@ -200,9 +210,17 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { [Parameter(Mandatory=$true)] [string] - $Channel + $Channel, + + [Bool] + $Arm32 ) + if($Arm32) + { + Set-ItResult -Pending -Because "Arm32 is falky on QEMU" + } + $actualVersion = Get-ContainerPowerShellVersion -TestContext $testContext -Name $Name $actualVersion | should -be $ExpectedVersion } @@ -211,9 +229,17 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { param( [Parameter(Mandatory=$true)] [string] - $name + $name, + + [Bool] + $Arm32 ) + if($Arm32) + { + Set-ItResult -Pending -Because "Arm32 is falky on QEMU" + } + $metadataString = Get-MetadataUsingContainer -Name $Name $metadataString | Should -Not -BeNullOrEmpty $metadataJson = $metadataString | ConvertFrom-Json -ErrorAction Stop @@ -232,9 +258,17 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { [Parameter(Mandatory=$true)] [string] - $Channel + $Channel, + + [Bool] + $Arm32 ) + if($Arm32) + { + Set-ItResult -Pending -Because "Arm32 is falky on QEMU" + } + $culture = Get-UICultureUsingContainer -Name $Name $culture | Should -Not -BeNullOrEmpty $culture | Should -BeExactly 'en-US' @@ -244,9 +278,17 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { param( [Parameter(Mandatory=$true)] [string] - $name + $name, + + [Bool] + $Arm32 ) + if($Arm32) + { + Set-ItResult -Pending -Because "Arm32 is falky on QEMU" + } + $gssNtlmSspPath = Get-LinuxGssNtlmSsp -Name $Name $gssNtlmSspPath | Should -Not -BeNullOrEmpty } @@ -263,9 +305,17 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { [Parameter(Mandatory=$true)] [string] - $Channel + $Channel, + + [Bool] + $Arm32 ) + if($Arm32) + { + Set-ItResult -Pending -Because "Arm32 is falky on QEMU" + } + if ($Channel -ne 'preview') { Set-ItResult -Skipped -Because "Test is not applicable to $Channel" } @@ -285,18 +335,21 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { # The expected value is the version, but replace - or ~ with the regex for - or ~ ExpectedValue = $_.ExpectedVersion -replace '[\-~]', '[\-~]' Expectation = 'Match' + UseAcr = [bool]$_.UseAcr } $labelTestCases += @{ Name = $_.Name Label = 'org.label-schema.vcs-ref' ExpectedValue = '[0-9a-f]{7}' Expectation = 'match' + UseAcr = [bool]$_.UseAcr } $labelTestCases += @{ Name = $_.Name Label = 'org.label-schema.docker.cmd.devel' ExpectedValue = "docker run $($_.ImageName)" Expectation = 'BeExactly' + UseAcr = [bool]$_.UseAcr } } @@ -327,9 +380,17 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { [Parameter(Mandatory=$true)] [ValidateSet('Match','BeExactly')] [string] - $Expectation + $Expectation, + + [switch] + $UseAcr ) + if($env:ACR_NAME -and $UseAcr.IsPresent) + { + Set-ItResult -Pending -Because "Image is missing when building using ACR" + } + $labelValue = Get-DockerImageLabel -Name $Name -Label $Label $labelValue | Should -Not -BeNullOrEmpty @@ -353,9 +414,11 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { $permissionsTestCases = @( $script:linuxContainerRunTests | ForEach-Object { + $Arm32 = [bool] $_.TestProperties.Arm32 @{ Name = $_.Name Channel = $_.Channel + Arm32 = $Arm32 } } ) @@ -367,9 +430,17 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { [string] $name, [string] - $Channel + $Channel, + + [Bool] + $Arm32 ) + if($Arm32) + { + Set-ItResult -Pending -Because "Arm32 is falky on QEMU" + } + $path = '/opt/microsoft/powershell/6/pwsh' if($Channel -eq 'preview') @@ -386,9 +457,17 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { [string] $name, [string] - $Channel + $Channel, + + [Bool] + $Arm32 ) + if($Arm32) + { + Set-ItResult -Pending -Because "Arm32 is falky on QEMU" + } + $path = '/opt/microsoft/powershell/6/pwsh' if($Channel -eq 'preview') @@ -412,12 +491,14 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { $testdepsTestCases = @() $script:linuxContainerRunTests | ForEach-Object { + $Arm32 = [bool] $_.TestProperties.Arm32 $name = $_.Name foreach($command in $commands) { $testdepsTestCases += @{ Name = $name Command = $command + Arm32 = $Arm32 } } } @@ -431,9 +512,17 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { $name, [Parameter(Mandatory=$true)] [string] - $Command + $Command, + + [Bool] + $Arm32 ) + if($Arm32) + { + Set-ItResult -Pending -Because "Arm32 is falky on QEMU" + } + $source = Get-DockerCommandSource -Name $name -command $Command $source | Should -Not -BeNullOrEmpty } diff --git a/tests/containerTestCommon.psm1 b/tests/containerTestCommon.psm1 index 631800ef7..753e8bddc 100644 --- a/tests/containerTestCommon.psm1 +++ b/tests/containerTestCommon.psm1 @@ -143,6 +143,7 @@ function Get-LinuxContainer OptionalTests = $testArgs.OptionalTests TestProperties = $testArgs.TestProperties Channel = $testArgs.Channel + UseAcr = $testArgs.UseAcr } } } @@ -506,16 +507,18 @@ function Invoke-DockerBuild $OSType, [switch] - $SkipPull - ) + $SkipPull, + [switch] + $UseAcr + ) $buildArgNames = $BuildArgs | Get-Member -Type NoteProperty | Select-Object -ExpandProperty Name $buildArgList = @() $extraParams = @{} - if($env:ACR_NAME) + if($env:ACR_NAME -and $UseAcr.IsPresent) { $extraParams.Add('UseAcr',$true) $buildArgList += @( @@ -537,7 +540,7 @@ function Invoke-DockerBuild foreach($argName in $buildArgNames) { $value = $BuildArgs.$argName - if($env:ACR_NAME -and $value -match '&') + if($UseAcr.IsPresent -and $env:ACR_NAME -and $value -match '&') { throw "$argName contains '&' and this is not allowed in ACR using the az cli" } diff --git a/tools/buildHelper/buildHelper.psm1 b/tools/buildHelper/buildHelper.psm1 index 800cb6e49..b2277cee5 100644 --- a/tools/buildHelper/buildHelper.psm1 +++ b/tools/buildHelper/buildHelper.psm1 @@ -165,6 +165,9 @@ class DockerImageMetaData { [PSCustomObject] $TagMapping + + [bool] + $UseAcr = $false } class ShortTagMetaData { @@ -519,6 +522,7 @@ class DockerTestArgs [string[]] $OptionalTests [PSCustomObject] $TestProperties [string] $Channel + [bool] $UseAcr } function Get-TestParams @@ -648,6 +652,7 @@ function Get-TestParams OptionalTests = $allMeta.meta.OptionalTests TestProperties = $allMeta.meta.TestProperties Channel = $actualChannel + UseAcr = $allMeta.meta.UseAcr } return [DockerTestParams] @{ From 859838349f7f49082b2777700e06002e5ff950e4 Mon Sep 17 00:00:00 2001 From: Reece Dunham Date: Fri, 1 Nov 2019 14:28:13 -0400 Subject: [PATCH 024/354] Install pester if it isn't already installed (#313) * Install pester if it isn't already installed * highly intellectual move * Update vsts-ci.yml * Update build.ps1 Co-Authored-By: Travis Plunk * I think I fixed it but like I literally don't know powershell * Update build.ps1 * Update build.ps1 Co-Authored-By: Travis Plunk * renamed the switch * Update build.ps1 Co-Authored-By: Travis Plunk * hmm * Update build.ps1 * forgot to get rid of you * oh huh * Add it back --- .vsts-ci/phase.yml | 2 +- build.ps1 | 10 ++++++++-- vsts-ci.yml | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.vsts-ci/phase.yml b/.vsts-ci/phase.yml index acfa2da85..dec2534c1 100644 --- a/.vsts-ci/phase.yml +++ b/.vsts-ci/phase.yml @@ -32,7 +32,7 @@ jobs: displayName: 'Capture Environment' - ${{ if eq(parameters.useacr, 'true') }}: - - pwsh: ' az login --service-principal -u $(az_url) -p $(az_key) --tenant $(az_name)' + - pwsh: 'az login --service-principal -u $(az_url) -p $(az_key) --tenant $(az_name)' displayName: 'az login' - pwsh: Install-module pester -Scope CurrentUser -Force diff --git a/build.ps1 b/build.ps1 index 1ed197933..310e45491 100755 --- a/build.ps1 +++ b/build.ps1 @@ -123,7 +123,10 @@ param( $ServicingVersion, [switch] - $IncludeKnownIssues + $IncludeKnownIssues, + + [switch] + $ForcePesterInstall ) DynamicParam { @@ -132,7 +135,6 @@ DynamicParam { Import-Module $buildHelperPath -Force - # Get the names of the builds. $releasePath = Join-Path -Path $PSScriptRoot -ChildPath 'release' @@ -409,6 +411,10 @@ End { $extraParams.Add('Tags', $tags) } + if(!(Get-Module -ListAvailable pester -ErrorAction Ignore) -or $ForcePesterInstall.IsPresent) + { + Install-Module -Name pester -Scope CurrentUser -Force + } Write-Verbose -Message "logging to $logPath" -Verbose $results = Invoke-Pester -Script $testsPath -OutputFile $logPath -PassThru -OutputFormat NUnitXml @extraParams if(!$results -or $results.FailedCount -gt 0 -or !$results.PassedCount) diff --git a/vsts-ci.yml b/vsts-ci.yml index 6bf041fe3..71605dcc1 100644 --- a/vsts-ci.yml +++ b/vsts-ci.yml @@ -14,7 +14,7 @@ jobs: vmImage: ubuntu-16.04 displayName: Check For Duplicate Tags steps: - - pwsh: Write-Host "##vso[build.updatebuildnumber]$env:BUILD_SOURCEBRANCHNAME-$env:BUILD_SOURCEVERSION-$((get-date).ToString("yyyyMMddhhss"))" + - pwsh: Write-Host "##vso[build.updatebuildnumber]$env:BUILD_SOURCEBRANCHNAME-$env:BUILD_SOURCEVERSION-$((get-date).ToString("yyyyMMddhhss"))" displayName: Set Build Name for Non-PR condition: ne(variables['Build.Reason'], 'PullRequest') From a2d577348042a372d74654443d1b552e54748e34 Mon Sep 17 00:00:00 2001 From: Reece Dunham Date: Sat, 2 Nov 2019 12:35:42 -0400 Subject: [PATCH 025/354] Disabled clearlinux so community build passes for now (#317) --- tools/buildHelper/buildHelper.psm1 | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/tools/buildHelper/buildHelper.psm1 b/tools/buildHelper/buildHelper.psm1 index b2277cee5..3e7e2a865 100644 --- a/tools/buildHelper/buildHelper.psm1 +++ b/tools/buildHelper/buildHelper.psm1 @@ -62,8 +62,8 @@ function Get-PowerShellVersion function Get-ImageList { param( - [Parameter(HelpMessage="Filters returned list to stable or preview images. Default to all images.")] - [ValidateSet('stable','preview','servicing','all','community-stable','community-preview','community-servicing')] + [Parameter(HelpMessage="Filters returned list to stable or preview images. Default to all images.")] + [ValidateSet('stable','preview','servicing','all','community-stable')] [string[]] $Channel='all' ) @@ -74,8 +74,6 @@ function Get-ImageList $previewPath = Join-Path -Path $releasePath -ChildPath 'preview' $servicingPath = Join-Path -Path $releasePath -ChildPath 'servicing' $communityStablePath = Join-Path -Path $releasePath -ChildPath 'community-stable' - $communityPreviewPath = Join-Path -Path $releasePath -ChildPath 'community-preview' - $communityServicingPath = Join-Path -Path $releasePath -ChildPath 'community-ervicing' if ($Channel -in 'stable', 'all') { @@ -94,17 +92,7 @@ function Get-ImageList if ($Channel -in 'community-stable', 'all') { - Get-ChildItem -Path $communityStablePath -Directory | Select-Object -ExpandProperty Name | Write-Output - } - - if ($Channel -in 'community-servicing', 'all') - { - Get-ChildItem -Path $communityServicingPath -Directory -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Name | Write-Output - } - - if ($Channel -in 'community-preview', 'all') - { - Get-ChildItem -Path $communityPreviewPath -Directory -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Name | Where-Object { $dockerFileNames -notcontains $_ } | Write-Output + Get-ChildItem -Path $communityStablePath -Directory | Select-Object -ExpandProperty Name | Where-Object { $dockerFileNames -notcontains "clearlinux" } | Write-Output } } @@ -266,8 +254,8 @@ function Add-ParameterAttribute { class DockerVersions { [string] $WindowsVersion [string] $LinuxVersion - } + function Get-Versions { param( From b322e952c86b1ae3a139bce6470750ee3c3a36fa Mon Sep 17 00:00:00 2001 From: Reece Dunham Date: Mon, 4 Nov 2019 13:27:42 -0500 Subject: [PATCH 026/354] Changed lots of docs (#306) --- MAINTAINERS | 82 ++++++++++++++++++++++++++++++ assets/README.powershell.md | 2 +- docs/development.md | 99 ++++++++++++++++++++++++------------- 3 files changed, 148 insertions(+), 35 deletions(-) create mode 100644 MAINTAINERS diff --git a/MAINTAINERS b/MAINTAINERS new file mode 100644 index 000000000..bf8a36252 --- /dev/null +++ b/MAINTAINERS @@ -0,0 +1,82 @@ +# PowerShell-Docker maintainers file +# Adapted from Moby's maintainers file +# +# This file describes the maintainer groups within the PowerShell/PowerShell-Docker project. +# +# It is structured to be consumable by both humans and programs. +# To extract its contents programmatically, use any TOML-compliant +# parser. +# +[Org] + + [Org."Core maintainers"] + + # The Core maintainers are the ghostbusters of the project: when there's a problem others + # can't solve, they show up and fix it with bizarre devices and weaponry. + # They have final say on technical implementation and coding style. + # They are ultimately responsible for quality in all its forms: usability polish, + # bugfixes, performance, stability, etc. When ownership can cleanly be passed to + # a subsystem, they are responsible for doing so and holding the + # subsystem maintainers accountable. If ownership is unclear, they are the de facto owners. + + people = [ + "TravisEz13", + "anmenega" + ] + + [Org.Curators] + + # The curators help ensure that incoming issues and pull requests are properly triaged and + # that our various contribution and reviewing processes are respected. With their knowledge of + # the repository activity, they can also guide contributors to relevant material or + # discussions. + # They are never expected to merge. They can however: + # - close an issue or pull request when it's an exact duplicate + # - close an issue or pull request when it's inappropriate or off-topic + # - make initial reviews for issues such as syntax errors and basic issues in code/docs + + people = [ + "RDIL" + ] + + [Org.Alumni] + + # This list contains maintainers that are no longer active. + # It is thanks to these people that the project has become what it is today. + # Thank you! + + people = [ + ] + +[people] + +# A reference list of all people associated with the project. +# All other sections should refer to people by their canonical key +# in the people section. + + # ADD YOURSELF HERE IN ALPHABETICAL ORDER (First name) + + [people.adityapatwardhan] + Name = "Aditya Patwardhan" + Email = "" + GitHub = "adityapatwardhan" + + [people.andrew] + Name = "Andrew Menagarishvili" + Email = "" + GitHub = "anmenaga" + + [people.rdil] + Name = "Reece Dunham" + Email = "me@rdil.rocks" + GitHub = "RDIL" + + [people.kiazhi] + Name = "Ryen Tang" + Email = "Ryen.Tang@outlook.sg" + GitHub = "kiazhi" + + [people.travisez13] + Name = "Travis Plunk" + Email = "github@ez13.net" + GitHub = "TravisEz13" diff --git a/assets/README.powershell.md b/assets/README.powershell.md index 29602e408..27e5490ba 100644 --- a/assets/README.powershell.md +++ b/assets/README.powershell.md @@ -62,7 +62,7 @@ PowerShell is licensed under the [MIT license][]. By requesting and using the Container OS image for Windows containers, you acknowledge, understand, and consent to the Supplemental License Terms available on Docker Hub: -- [Window Server Core](https://store.docker.com/_/windowsservercore) +- [Windows Server Core](https://store.docker.com/_/windowsservercore) - [Nano Server](https://store.docker.com/_/nanoserver) [Third-Party Software Notices and Information](https://github.com/PowerShell/PowerShell/blob/master/ThirdPartyNotices.txt) diff --git a/docs/development.md b/docs/development.md index c96df92aa..4eaf233e1 100644 --- a/docs/development.md +++ b/docs/development.md @@ -4,7 +4,7 @@ ### Folder structure -The top level folder with the docker files is `release`. +The top level folder with the `Dockerfile`s is `release`. This should only have folders under it. The three folders are: @@ -17,43 +17,17 @@ The name of the folder will be the name of the image in the build system, but do For example, the `stable` Ubuntu 16.04 image is in `release/stable/ubuntu16.04`. In this folder, there are 4 items: -* `docker` - a folder containing the `Dockerfile` to build the image and any other files needed in the Docker build context -* `meta.json` - This is required for Linux images. It should contain the following: - -```json -{ - "IsLinux" : true, - "tagTemplates": [ - "my-tag", - "my-other-tag" - ] -} -``` - -Tags are a JSON array that describes the tags the image should have. - -Tags you can use: - * `#psversion#` is replaced by the version of PowerShell used to build the image. - * `#tag#` is replaced by all tags generated by the `getLatestTag.ps1` script. - * `#shorttag#` is replaced by short tags generated by the `getLatestTag.ps1` script. - * `#longtag#` is replaced by long tags generated by the `getLatestTag.ps1` script. - -Example - -```json -"tagTemplates": [ - "#psversion#-windowsservercore-#tag#", - "windowsservercore-#tag#" -] -``` - +* `docker` - A folder containing the `Dockerfile` to build the image and any other files needed in the Docker build context. +* `test-deps` (official images only) - Directory for a sub-image. See the [`test-deps` image purpose](./index.md#test-dep-images). +* `dependabot` (optional) - in this directory you can put a dummy `Dockerfile` for [Dependabot](https://dependabot.com) to auto-bump the version. See [Dependabot](#dependabot). +* `meta.json` - See [this section](#metadata-files) later. * `getLatestTag.ps1` - This script should use the `Get-DockerTags` command from `tools\getDockerTags` to get the tags that should be used as the tag in the `FROM` statement in the Dockerfile. -### Dockerfile Standards +### `Dockerfile` Standards -The Dockerfile should follow certain standards: +All `Dockerfile`s should follow certain standards: -* The following comments should be applied at the beginning of the dockerfile to all images: +* The following comments should be applied at the beginning of the `Dockerfile`: * Copyright notice * Software license @@ -146,3 +120,60 @@ Here is a template for an image build job: communityStable: true continueonerror: false ``` + +## Tags + +Tags are a JSON array that describes the tags the image should have. + +### Supported Tags + +Tags you can use: + + * `#psversion#` is replaced by the version of PowerShell used to build the image. + * `#tag#` is replaced by all tags generated by the `getLatestTag.ps1` script. + * `#shorttag#` is replaced by short tags generated by the `getLatestTag.ps1` script. + +### Example + +```json +"tagTemplates": [ + "#psversion#-windowsservercore-#tag#", + "windowsservercore-#tag#" +] +``` + +## Metadata Files + +This file *is **required*** for all containers. Here is the bare minimum: + +```json +{ + "IsLinux" : true +} +``` + +You should also add [tags](#tags) as a field. + +## Dependabot + +This repository has [Dependabot](https://dependabot.com) enabled on it. + +The PRs opened for automatic base-image-version bumps will be closed, but the version will most likely get increased. + +### Adding to a new Image + +You will need to put a `Dockerfile` in the `dependabot` directory of your image, simply containing: + +```dockerfile +FROM my-base-image:1.0.0 +``` + +You will also need to add an entry in the `/.dependabot/config.yml` file. Here is a template for that: + +```yaml +- package_manager: "docker" + directory: "/release/theChannelHere/theImageHere/dependabot" + update_schedule: "daily" +``` + +> **Do not use `latest` as the base**, as this makes the whole purpose invalid! From f6c2a4eb2e6f01c1dc816aa2e024a06116b56adc Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Tue, 5 Nov 2019 14:39:26 -0800 Subject: [PATCH 027/354] Fix fedora security updating (#322) --- release/preview/fedora/docker/Dockerfile | 43 +++++++++++++++++++----- 1 file changed, 35 insertions(+), 8 deletions(-) diff --git a/release/preview/fedora/docker/Dockerfile b/release/preview/fedora/docker/Dockerfile index 8da7253a8..cce5f153f 100644 --- a/release/preview/fedora/docker/Dockerfile +++ b/release/preview/fedora/docker/Dockerfile @@ -22,21 +22,48 @@ ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false \ # Install dependencies and clean up RUN curl -sSL ${PS_PACKAGE_URL} -o /tmp/powershell.rpm \ && dnf install -y /tmp/powershell.rpm \ + # remove powershell package + && rm /tmp/powershell.rpm \ && dnf install -y \ # less is needed for help - less \ + less \ # Needed to run localdef - glibc-locale-source \ + glibc-locale-source \ # Invoke-WebRequest doesn't work correctly without this - compat-openssl10 \ - ca-certificates \ - gssntlmssp \ + compat-openssl10 \ + ca-certificates \ + gssntlmssp \ + && ln -sf /opt/microsoft/powershell/7-preview/pwsh /usr/bin/pwsh \ + # For whatever reason FEDORA-2019-27e7b92407 has to be patched manually + # to do this, upgrade libmodulemd1, if it is installed + && pwsh \ + -NoLogo \ + -NoProfile \ + -Command " \ + \$module = (dnf list installed libmodulemd1 | Select-String -SimpleMatch libmodulemd1); \ + if(\$module) { \ + dnf upgrade -y libmodulemd1 \ + }" \ + # This installs most security advisories && dnf upgrade-minimal -y --security \ + # query and install any remaining security advisories + && pwsh \ + -NoLogo \ + -NoProfile \ + -Command " \ + (dnf updateinfo list -q --security) | \ + Foreach-Object { \ + \$advisory=(\$_ -split ' ')[0]; \ + Write-Host '******* Patching *********'; \ + Write-Host \$advisory; \ + Write-Host '************************'; \ + dnf upgrade -y --advisory=\$advisory \ + }" \ + && echo "verifying all security advisories are installed..." \ + && dnf updateinfo list -q --security \ + && echo "end - verifying all security advisories are installed..." \ && dnf clean all \ && localedef --charmap=UTF-8 --inputfile=en_US $LANG \ - # remove powershell package - && rm /tmp/powershell.rpm \ - && ln -sf /opt/microsoft/powershell/7-preview/pwsh /usr/bin/pwsh \ # intialize powershell module cache && pwsh \ -NoLogo \ From a3eb9d07f4596279d3f9197656148236167ecc48 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Thu, 7 Nov 2019 11:13:20 -0800 Subject: [PATCH 028/354] Skip pushing when using ACR (#325) --- tests/container.tests.ps1 | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/container.tests.ps1 b/tests/container.tests.ps1 index 7d1949579..2914f6ade 100644 --- a/tests/container.tests.ps1 +++ b/tests/container.tests.ps1 @@ -813,6 +813,7 @@ Describe "Push Linux Containers" -Tags 'Linux', 'Push' { $pushTestCases += @{ Tags = $_.Tags Name = $_.Name + UseAcr = [bool]$_.UseAcr } } } @@ -825,9 +826,17 @@ Describe "Push Linux Containers" -Tags 'Linux', 'Push' { [Parameter(Mandatory=$true)] [string[]] - $Tags + $Tags, + + [switch] + $UseAcr ) + if($env:ACR_NAME -and $UseAcr.IsPresent) + { + Set-ItResult -Pending -Because "Image is missing when building using ACR" + } + foreach($tag in $tags) { Invoke-Docker -Command push -Params @( ${tag} From f006a11ad399189994434b9ed870d05e7eb07255 Mon Sep 17 00:00:00 2001 From: Reece Dunham Date: Thu, 7 Nov 2019 14:21:52 -0500 Subject: [PATCH 029/354] Refactoring parts of repo (#318) --- .poshchan/settings.json | 3 +-- .vsts-ci/misc-analysis.yml | 21 ------------------- .vsts-ci/templates/credscan.yml | 31 ---------------------------- assets/README.powershellcommunity.md | 4 +++- build.ps1 | 2 +- createAllManifests.ps1 | 1 - createManifest.ps1 | 3 +++ setupVsts.ps1 | 31 ---------------------------- tests/container.tests.ps1 | 21 +++++++++---------- tools/buildHelper/buildHelper.psm1 | 2 +- vsts-ci.yml | 24 +++++++++++++++++++++ 11 files changed, 43 insertions(+), 100 deletions(-) delete mode 100644 .vsts-ci/misc-analysis.yml delete mode 100644 .vsts-ci/templates/credscan.yml delete mode 100644 setupVsts.ps1 diff --git a/.poshchan/settings.json b/.poshchan/settings.json index 82cb4ec5c..41abd5b54 100644 --- a/.poshchan/settings.json +++ b/.poshchan/settings.json @@ -4,8 +4,7 @@ "organization": "powershell", "project": "docker", "build_targets": { - "CI": "docker-PR", - "secretscan": "Docker-CI-Secret-Scan", + "CI": "docker-PR" }, "authorized_users": [ "SteveL-MSFT", diff --git a/.vsts-ci/misc-analysis.yml b/.vsts-ci/misc-analysis.yml deleted file mode 100644 index 0392c1f4a..000000000 --- a/.vsts-ci/misc-analysis.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: PR-$(System.PullRequest.PullRequestNumber)-$(Date:yyyyMMdd)$(Rev:.rr) -trigger: - # Batch merge builds together while a merge build is running - batch: true - branches: - include: - - master - - release* - -pr: - branches: - include: - - master - - release* - -resources: -- repo: self - clean: true - -jobs: -- template: templates/credscan.yml diff --git a/.vsts-ci/templates/credscan.yml b/.vsts-ci/templates/credscan.yml deleted file mode 100644 index eb711c8e0..000000000 --- a/.vsts-ci/templates/credscan.yml +++ /dev/null @@ -1,31 +0,0 @@ -parameters: - pool: 'Hosted VS2017' - jobName: 'credscan' - displayName: Secret Scan - -jobs: -- job: ${{ parameters.jobName }} - pool: - name: ${{ parameters.pool }} - - displayName: ${{ parameters.displayName }} - - steps: - - powershell: Write-Host "##vso[build.updatebuildnumber]$env:BUILD_SOURCEBRANCHNAME-$env:BUILD_SOURCEVERSION-$((get-date).ToString("yyyyMMddhhmmss"))" - displayName: Set Build Name for Non-PR - condition: ne(variables['Build.Reason'], 'PullRequest') - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2 - displayName: 'Scan for secrets' - inputs: - debugMode: false - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2 - displayName: 'Publish Secret Scan Logs to Build Artifacts' - continueOnError: true - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1 - displayName: 'Check for failures' - inputs: - CredScan: true - ToolLogsNotFoundAction: Error diff --git a/assets/README.powershellcommunity.md b/assets/README.powershellcommunity.md index 18dc2cba5..1de347e73 100644 --- a/assets/README.powershellcommunity.md +++ b/assets/README.powershellcommunity.md @@ -4,7 +4,9 @@ ## Docker pull command -`docker pull pshorg/powershellcommunity` +```bash +$ docker pull pshorg/powershellcommunity +``` ## Tags diff --git a/build.ps1 b/build.ps1 index 310e45491..84ee661b0 100755 --- a/build.ps1 +++ b/build.ps1 @@ -243,7 +243,7 @@ End { -Strict:$CheckForDuplicateTags.IsPresent $nameForMessage = Split-Path -Leaf -Path $dockerFileName - $message = "Channel: $nameForMessage does not exist. Not every image exists in every channel. Skipping." + $message = "$nameForMessage does not exist in every channel. Skipping." if(!$allMeta) { Write-Warning $message diff --git a/createAllManifests.ps1 b/createAllManifests.ps1 index 3c070f3ac..bafad6852 100644 --- a/createAllManifests.ps1 +++ b/createAllManifests.ps1 @@ -15,7 +15,6 @@ param ( $createScriptPath = Join-Path -Path $PSScriptRoot -ChildPath 'createManifest.ps1' - $latestStableUbuntu = "ubuntu-bionic" $latestStableWscLtsc = "windowsservercore-latest" $latestStableWsc1803 = "windowsservercore-1803" diff --git a/createManifest.ps1 b/createManifest.ps1 index ad205a308..a065259d0 100644 --- a/createManifest.ps1 +++ b/createManifest.ps1 @@ -1,3 +1,6 @@ +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. + # Used to create a container manifest. # Prereq: you must login to $ContainerRegistery before running this script # default scenarios is to build a `latest` tag which will point to the `ubuntu-16.04` tag for linux diff --git a/setupVsts.ps1 b/setupVsts.ps1 deleted file mode 100644 index 01e7c8c9d..000000000 --- a/setupVsts.ps1 +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. - -# Queue Docker image build for a particular image -# ** Expects to have OAuth access in the build** -# ** and the build service has to be granted permission to launch builds** -# The build is expected to have the following parameters: -# - fromTag -# - The tag of the image in the from statement which is being produced -# - imageTag -# - The tag of the produced image -# - PowerShellVersion -# - The version of powershell to put in the image -# - Namespace -# - `public` to build for public consumption. -# - `internal` to build for internal consumption. - -param( - [Parameter(Mandatory)] - [string] - $Name, - [Parameter(Mandatory)] - [int] - $BuildDefinitionId, - [Parameter(Mandatory)] - [ValidateSet('public', 'internal')] - [string] - $Namespace -) - -&"$PSScriptRoot\build.ps1" -Name $Name -BuildDefinitionId $BuildDefinitionId -Namespace $Namespace -Vsts diff --git a/tests/container.tests.ps1 b/tests/container.tests.ps1 index 2914f6ade..690a5267a 100644 --- a/tests/container.tests.ps1 +++ b/tests/container.tests.ps1 @@ -27,7 +27,7 @@ Describe "Build Linux Containers" -Tags 'Build', 'Linux' { } } - it " builds from '' - UseAcr:" -TestCases $buildTestCases -Skip:$script:skipLinux { + it "can build image from '' - UseAcr:" -TestCases $buildTestCases -Skip:$script:skipLinux { param( [Parameter(Mandatory=$true)] [string] @@ -70,7 +70,7 @@ Describe "Build Windows Containers" -Tags 'Build', 'Windows' { } } - it " builds from ''" -TestCases $buildTestCases -skip:$script:skipWindows { + it "can build image from ''" -TestCases $buildTestCases -skip:$script:skipWindows { param( [Parameter(Mandatory=$true)] [string] @@ -187,7 +187,7 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { } } } - AfterAll{ + AfterAll { # prune unused volumes $null=Invoke-Docker -Command 'volume', 'prune' -Params '--force' -SuppressHostOutput } @@ -197,8 +197,7 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { } Context "Run Powershell" { - - it "Get PSVersion table from should be " -TestCases $runTestCases -Skip:$script:skipLinuxRun { + it "PSVersion table from should contain " -TestCases $runTestCases -Skip:$script:skipLinuxRun { param( [Parameter(Mandatory=$true)] [string] @@ -363,7 +362,7 @@ Describe "Linux Containers" -Tags 'Behavior', 'Linux' { } } - it "Image should have label: