feat(acl): convert VHD to cosi and upload#8537
Draft
bfjelds wants to merge 10 commits into
Draft
Conversation
Add a post-build pipeline step that converts AzureContainerLinux (ACL) VHD images to COSI format using ImageCustomizer's convert command (v1.2.0-2). Changes: - New script: convert-vhd-to-cosi.sh downloads ACL VHD from blob storage, runs ImageCustomizer convert (VHD -> COSI), and uploads the COSI file - New make target: convert-vhd-to-cosi in packer.mk - Pipeline vars: set IMG_CUSTOMIZER_CONTAINER and IMG_CUSTOMIZER_VERSION on ACL build jobs in both PR and release pipelines - Builder template: add Convert ACL VHD to COSI step after SIG->classic conversion, conditioned on OS_SKU=AzureContainerLinux - Immutable copy: updated to also copy/remove .cosi files for ACL builds Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Move the ACL COSI 'az storage blob copy start' from the VHD immutable copy task into a dedicated task with its own condition gating on OS_SKU=AzureContainerLinux, rather than using a bash if-block inside the VHD copy step. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Move 'Convert ACL VHD to COSI' task to after 'Copy to Immutable Storage Container' so the VHD is safely in immutable storage before conversion. Revert echo to original 'Successfully copied to immutable container'. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Move 'Copy to Immutable Storage Container' (VHD) after 'Copy COSI to Immutable Storage Container'. New order: 1. Convert ACL VHD to COSI 2. Copy COSI to Immutable Storage Container 3. Copy to Immutable Storage Container (VHD) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Use less specific version tag to pick up patch releases automatically. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
SIG_SOURCE_GALLERY_UNIQUE_NAME, SIG_SOURCE_IMAGE_NAME, and SIG_SOURCE_IMAGE_VERSION are set but never consumed by any script or template in the repo. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
FIPS jobs were missing IMG_CUSTOMIZER_CONTAINER and IMG_CUSTOMIZER_VERSION, which are required for the COSI conversion step. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
bfjelds
changed the title
bfjelds
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds an Azure DevOps pipeline step to convert AzureContainerLinux (ACL) VHD artifacts into COSI format via ImageCustomizer and publish them back to storage (including an immutable container flow).
Changes:
- Added a
convert-vhd-to-cosi.shscript that downloads a VHD via azcopy, converts it to COSI via ImageCustomizer, and uploads the result. - Added a
make convert-vhd-to-cositarget and wired it into the builder release pipeline. - Added pipeline variables for the ImageCustomizer container image/version and a follow-up step to copy the COSI blob to an immutable container.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
vhdbuilder/packer/imagecustomizer/scripts/convert-vhd-to-cosi.sh |
New conversion + upload script for producing COSI from ACL VHDs. |
packer.mk |
Adds a Make target to invoke the conversion script. |
.pipelines/templates/.builder-release-template.yaml |
Runs the conversion during release and copies output to immutable storage under certain conditions. |
.pipelines/.vsts-vhd-builder.yaml |
Sets ImageCustomizer image/version pipeline variables for builder runs. |
.pipelines/.vsts-vhd-builder-release.yaml |
Sets ImageCustomizer image/version pipeline variables for release runs. |
|
|
||
| for v in "${required_env_vars[@]}" | ||
| do | ||
| if [ -z "${!v}" ]; then |
Comment on lines
+43
to
+59
| echo "Downloading VHD from ${VHD_BLOB_URL}" | ||
| if ! azcopy copy "$VHD_BLOB_URL" "$LOCAL_VHD" --recursive=true; then | ||
| azExitCode=$? | ||
| shopt -s nullglob | ||
| for f in "${AZCOPY_LOG_LOCATION}"/*.log; do | ||
| echo "Azcopy log file: $f" | ||
| echo "##vso[build.uploadlog]$f" | ||
| if grep -q '"level":"Error"' "$f"; then | ||
| echo "log file $f contains errors" | ||
| echo "##vso[task.logissue type=error]Azcopy log file $f contains errors" | ||
| cat "$f" | ||
| fi | ||
| done | ||
| shopt -u nullglob | ||
| echo "Failed to download VHD, exiting with code $azExitCode" | ||
| exit $azExitCode | ||
| fi |
Comment on lines
+82
to
+98
| echo "Uploading COSI to ${DESTINATION_STORAGE_CONTAINER}/${CAPTURED_SIG_VERSION}.cosi" | ||
| if ! azcopy copy "$LOCAL_COSI" "${DESTINATION_STORAGE_CONTAINER}/${CAPTURED_SIG_VERSION}.cosi" --recursive=true; then | ||
| azExitCode=$? | ||
| shopt -s nullglob | ||
| for f in "${AZCOPY_LOG_LOCATION}"/*.log; do | ||
| echo "Azcopy log file: $f" | ||
| echo "##vso[build.uploadlog]$f" | ||
| if grep -q '"level":"Error"' "$f"; then | ||
| echo "log file $f contains errors" | ||
| echo "##vso[task.logissue type=error]Azcopy log file $f contains errors" | ||
| cat "$f" | ||
| fi | ||
| done | ||
| shopt -u nullglob | ||
| echo "Failed to upload COSI, exiting with code $azExitCode" | ||
| exit $azExitCode | ||
| fi |
| fi | ||
| done | ||
|
|
||
| WORK_DIR="$(pwd)/cosi-convert" |
Comment on lines
+63
to
+68
| docker run \ | ||
| --rm \ | ||
| --interactive \ | ||
| --privileged=true \ | ||
| -v "$WORK_DIR:/convert" \ | ||
| -v /dev:/dev \ |
Comment on lines
+423
to
+424
| echo "Successfully copied COSI to immutable container" | ||
| azcopy remove "${DESTINATION_STORAGE_CONTAINER}/${CAPTURED_SIG_VERSION}.cosi" --recursive=true |
Comment on lines
+110
to
+111
| convert-vhd-to-cosi: az-login | ||
| @./vhdbuilder/packer/imagecustomizer/scripts/convert-vhd-to-cosi.sh |
bfjelds
force-pushed
the
user/bfjelds/acl-cosi-build-and-upload
branch
from
854a475 to
7f792ad
Compare
Create generate-cosi-publishing-info.sh that writes cosi-publishing-info.json
with the immutable storage URL and image metadata, paralleling
generate-vhd-publishing-info.sh for VHDs.
Pipeline steps added after 'Copy COSI to Immutable Storage Container':
- Generate COSI Publishing Info (bash, no az-login needed)
- Publish COSI Publishing Info (artifact: cosi-publishing-info-{artifactName})
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Generate cosi-publishing-info.json (with sha256, size, cosi_url, and image metadata) directly in convert-vhd-to-cosi.sh while the COSI artifact is still on disk. Remove the standalone script and make target. Pipeline order: Convert + generate info -> Publish artifact -> Copy to immutable. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
bfjelds
force-pushed
the
user/bfjelds/acl-cosi-build-and-upload
branch
from
7f792ad to
3835fcd
Compare
Comment on lines
+14
to
+20
| for v in "${required_env_vars[@]}" | ||
| do | ||
| if [ -z "${!v}" ]; then | ||
| echo "$v was not set!" | ||
| exit 1 | ||
| fi | ||
| done |
Comment on lines
+43
to
+46
| echo "Downloading VHD from ${VHD_BLOB_URL}" | ||
| if ! azcopy copy "$VHD_BLOB_URL" "$LOCAL_VHD" --recursive=true; then | ||
| azExitCode=$? | ||
| shopt -s nullglob |
| fi | ||
|
|
||
| echo "Uploading COSI to ${DESTINATION_STORAGE_CONTAINER}/${CAPTURED_SIG_VERSION}.cosi" | ||
| if ! azcopy copy "$LOCAL_COSI" "${DESTINATION_STORAGE_CONTAINER}/${CAPTURED_SIG_VERSION}.cosi" --recursive=true; then |
Comment on lines
+106
to
+115
| if [ -z "$IMAGE_VERSION" ]; then | ||
| IMAGE_VERSION=$(date +%Y%m.%d.0) | ||
| echo "IMAGE_VERSION was not set, defaulting to ${IMAGE_VERSION}" | ||
| fi | ||
|
|
||
| if [ "${ARCHITECTURE,,}" = "arm64" ]; then | ||
| IMAGE_ARCH="Arm64" | ||
| else | ||
| IMAGE_ARCH="x64" | ||
| fi |
| fi | ||
|
|
||
| COSI_NAME="${CAPTURED_SIG_VERSION}.cosi" | ||
| cosi_url="${STORAGE_ACCT_BLOB_URL}/${COSI_NAME}" |
Comment on lines
+432
to
+438
| inlineScript: | | ||
| echo "Copying ${DESTINATION_STORAGE_CONTAINER}/${CAPTURED_SIG_VERSION}.cosi to immutable storage container" | ||
| export AZCOPY_AUTO_LOGIN_TYPE="AZCLI" | ||
| export AZCOPY_CONCURRENCY_VALUE="AUTO" | ||
| az storage blob copy start --account-name "$STORAGE_ACCOUNT_NAME" --destination-blob "${CAPTURED_SIG_VERSION}.cosi" --destination-container "$VHD_CONTAINER_NAME" --source-uri "${DESTINATION_STORAGE_CONTAINER}/${CAPTURED_SIG_VERSION}.cosi" --auth-mode login || exit 1 | ||
| echo "Successfully copied COSI to immutable container" | ||
| azcopy remove "${DESTINATION_STORAGE_CONTAINER}/${CAPTURED_SIG_VERSION}.cosi" --recursive=true |
OS_NAME was referenced in cosi-publishing-info.json but never set. ACL COSI artifacts are always Linux, so hardcode it. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
For ACL, the VHD must be converted to COSI to prepare for AB update. The COSI will be uploaded to storage for aks-rp to publish/register.
Which issue(s) this PR fixes:
Fixes #