feature: initial commit for all new image changes

This commit is contained in:
Subir Ghosh
2024-11-13 17:16:01 -07:00
parent de6aa9e70e
commit fcf3d0ac96
1042 changed files with 45086 additions and 1 deletions
+1
View File
@@ -0,0 +1 @@
* @actions/runner-images-team
+56
View File
@@ -0,0 +1,56 @@
name: Announcement
description: Submit an announcement
labels: [Announcement]
body:
- type: textarea
attributes:
label: Breaking changes
placeholder: Short description of the upcoming change
validations:
required: true
- type: textarea
attributes:
label: Target date
placeholder: Date of changes propagation start
validations:
required: true
- type: textarea
attributes:
label: The motivation for the changes
placeholder: Description of main reasons for this change
validations:
required: true
- type: textarea
attributes:
label: Possible impact
placeholder: Description of who might be impacted by this change
validations:
required: true
- type: checkboxes
attributes:
label: Platforms affected
options:
- label: Azure DevOps
- label: GitHub Actions
- type: checkboxes
attributes:
label: Runner images affected
options:
- label: Ubuntu 20.04
- label: Ubuntu 22.04
- label: Ubuntu 24.04
- label: macOS 12
- label: macOS 13
- label: macOS 13 Arm64
- label: macOS 14
- label: macOS 14 Arm64
- label: macOS 15
- label: macOS 15 Arm64
- label: Windows Server 2019
- label: Windows Server 2022
- type: textarea
attributes:
label: Mitigation ways
description: Steps or options for impact mitigation
validations:
required: true
+71
View File
@@ -0,0 +1,71 @@
name: Bug Report
description: Submit a bug report.
labels: [bug report, needs triage]
body:
- type: textarea
attributes:
label: Description
description: A clear and concise description of what the bug is, and why you consider it to be a bug.
validations:
required: true
- type: checkboxes
attributes:
label: Platforms affected
options:
- label: Azure DevOps
- label: GitHub Actions - Standard Runners
- label: GitHub Actions - Larger Runners
- type: checkboxes
attributes:
label: Runner images affected
options:
- label: Ubuntu 20.04
- label: Ubuntu 22.04
- label: Ubuntu 24.04
- label: macOS 12
- label: macOS 13
- label: macOS 13 Arm64
- label: macOS 14
- label: macOS 14 Arm64
- label: macOS 15
- label: macOS 15 Arm64
- label: Windows Server 2019
- label: Windows Server 2022
- type: textarea
attributes:
label: Image version and build link
description: |
Image version where you are experiencing the issue. Where to find image version in build logs:
1. For GitHub Actions, under "Set up job" -> "Runner Image" -> "Version".
2. For Azure DevOps, under "Initialize job" -> "Runner Image" -> "Version".
If you have a public example, please, provide a link to the failed build.
validations:
required: true
- type: input
attributes:
label: Is it regression?
description: If yes, please, provide the latest image version where the issue didn't persist, and a link to the latest successful build.
validations:
required: true
- type: textarea
attributes:
label: Expected behavior
description: A description of what you expected to happen.
validations:
required: true
- type: textarea
attributes:
label: Actual behavior
description: A description of what is actually happening.
validations:
required: true
- type: textarea
attributes:
label: Repro steps
placeholder: |
A description with steps to reproduce the issue.
1. Step 1
2. Step 2
validations:
required: true
+6
View File
@@ -0,0 +1,6 @@
blank_issues_enabled: false
contact_links:
- name: Get help in GitHub Discussions
url: https://github.com/actions/runner-images/discussions
about: Have a question? Feel free to ask in the runner-images GitHub Discussions!
+84
View File
@@ -0,0 +1,84 @@
name: Tool request
description: Request a new tool or update to a tool
title: Update/Add [tool name]
labels: [feature request, needs triage]
body:
- type: markdown
attributes:
value: "## Tool information"
- type: input
attributes:
label: Tool name
validations:
required: true
- type: input
attributes:
label: Tool license
description: Type of licensing for desired tool.
validations:
required: true
- type: checkboxes
attributes:
label: Add or update?
options:
- label: Add
- label: Update
- type: input
attributes:
label: Desired version
description: Let us know if you're requesting a specific version, dev/RC, whatever is latest, etc.
validations:
required: true
- type: input
attributes:
label: Approximate size
description: Leave blank if unknown.
- type: markdown
attributes:
value: "## If this is an add request"
- type: textarea
attributes:
label: Brief description of tool
- type: input
attributes:
label: URL for tool's homepage
- type: textarea
attributes:
label: Provide a basic test case to validate the tool's functionality.
description: This will be automatically formatted into code.
render: bash
- type: checkboxes
attributes:
label: Platforms where you need the tool
options:
- label: Azure DevOps
- label: GitHub Actions
- type: checkboxes
attributes:
label: Runner images where you need the tool
options:
- label: Ubuntu 20.04
- label: Ubuntu 22.04
- label: Ubuntu 24.04
- label: macOS 12
- label: macOS 13
- label: macOS 13 Arm64
- label: macOS 14
- label: macOS 14 Arm64
- label: macOS 15
- label: macOS 15 Arm64
- label: Windows Server 2019
- label: Windows Server 2022
- type: textarea
attributes:
label: Can this tool be installed during the build?
description: If so, please provide a description with required steps. This will be automatically formatted into code.
render: bash
- type: input
attributes:
label: Tool installation time in runtime
description: How long does it take to install the tool?
- type: input
attributes:
label: Are you willing to submit a PR?
description: We accept contributions!
+14
View File
@@ -0,0 +1,14 @@
# Description
New tool, Bug fixing, or Improvement?
Please include a summary of the change and which issue is fixed. Also include relevant motivation and context.
**For new tools, please provide total size and installation time.**
<!-- Currently, we can't accept external contributions to macOS source. Please find more details in [CONTRIBUTING.md](CONTRIBUTING.md#macOS) guide -->
#### Related issue:
## Check list
- [ ] Related issue / work item is attached
- [ ] Tests are written (if applicable)
- [ ] Documentation is updated (if applicable)
- [ ] Changes are tested and related VM images are successfully generated
+72
View File
@@ -0,0 +1,72 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '32 4 * * 0'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
# only required for workflows in private repositories
actions: read
contents: read
# required for all workflows
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'python', 'ruby' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3
# ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
@@ -0,0 +1,22 @@
name: Create GitHub release
on:
repository_dispatch:
types: [create-github-release]
jobs:
Create_GitHub_release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Create release for ${{ github.event.client_payload.ReleaseBranchName }}
uses: ncipollo/release-action@v1.14.0
with:
tag: ${{ github.event.client_payload.ReleaseBranchName }}
name: ${{ github.event.client_payload.ReleaseTitle }}
body: ${{ github.event.client_payload.ReleaseBody }}
prerelease: ${{ github.event.client_payload.Prerelease }}
commit: ${{ github.event.client_payload.Commitish }}
+49
View File
@@ -0,0 +1,49 @@
name: Create Pull Request
on:
repository_dispatch:
types: [create-pr]
jobs:
Create_pull_request:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Clone release branch to create pull request
run: |
git checkout ${{ github.event.client_payload.ReleaseBranchName }}
git branch ${{ github.event.client_payload.ReleaseBranchName }}-docs
git push origin ${{ github.event.client_payload.ReleaseBranchName }}-docs
- name: Create pull request for ${{ github.event.client_payload.ReleaseBranchName }}
id: create-pr
uses: actions/github-script@v7
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
let response = await github.rest.pulls.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: "${{ github.event.client_payload.PullRequestTitle }}",
head: "${{ github.event.client_payload.ReleaseBranchName }}-docs",
base: "${{ github.event.client_payload.PullRequestBase }}",
body: `${{ github.event.client_payload.PullRequestBody }}`
});
return response.data.number
- name: Request reviewers
uses: actions/github-script@v7
with:
github-token: ${{secrets.PRAPPROVAL_SECRET}}
script: |
github.rest.pulls.requestReviewers({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: ${{ steps.create-pr.outputs.result }},
team_reviewers: ['runner-images-team']
})
+92
View File
@@ -0,0 +1,92 @@
name: Create SBOM for the release
# Inherited variables:
# github.event.client_payload.agentSpec - Current YAML Label
# github.event.client_payload.ReleaseID - Current release ID
# github.event.client_payload.imageVersion - AzDO image version "major.minor"
# github.event.client_payload.ReleaseBranchName - Necessary to identify workflow run
#
# Current SYFT tool issues:
# macOS (major): prompt privilegies that blocking process indefinetely (https://github.com/anchore/syft/issues/1367)
on:
repository_dispatch:
types: [generate-sbom]
defaults:
run:
shell: pwsh
jobs:
#Checking current release for SBOM
sbom-check:
outputs:
check_status: ${{ steps.check.outputs.status }}
runs-on: ubuntu-latest
steps:
- name: Check release for ${{ github.event.client_payload.ReleaseBranchName }}
id: check
shell: pwsh
run: |
$apiUrl = "https://api.github.com/repos/actions/runner-images/releases/${{ github.event.client_payload.ReleaseID }}"
$response = Invoke-RestMethod -Uri $apiUrl -Method Get -SkipHttpErrorCheck
if ($response.message -ilike "Not Found") {
echo "status=release_not_found" >> $env:GITHUB_OUTPUT
Write-Error "Release ${{ github.event.client_payload.ReleaseID }} wasn't found"
exit 1
}
foreach ($asset in $response.assets) {
if ($asset.name -like '*sbom*') {
echo "status=sbom_exists" >> $env:GITHUB_OUTPUT
return "Release ${{ github.event.client_payload.ReleaseID }} already contains a SBOM"
}
}
Write-Host "Release has been found, SBOM is not attached, starting generation."
echo "status=okay" >> $env:GITHUB_OUTPUT
#Generating SBOM
building-sbom:
needs: sbom-check
if: ${{ needs.sbom-check.outputs.check_status == 'okay' }}
runs-on: ${{ github.event.client_payload.agentSpec }}
steps:
- name: Available image version check for ${{ github.event.client_payload.ReleaseBranchName }}
run: |
$imageVersionComponents = $env:ImageVersion.Split('.')
$imageMajorVersion = $imageVersionComponents[0]
$imageMinorVersion = $imageVersionComponents[1]
if ("$imageMajorVersion.$imageMinorVersion" -ne '${{ github.event.client_payload.imageVersion }}') {
throw "Current runner $imageMajorVersion.$imageMinorVersion image version doesn't match ${{ github.event.client_payload.imageVersion }}."
}
- name: Install SYFT tool on Windows
if: ${{ runner.os == 'Windows' }}
run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b D:/syft
- name: Install SYFT tool on Ubuntu or macOS
if: ${{ runner.os != 'Windows' }}
run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v0.100.0
#Running section.
- name: Run SYFT on Windows
if: ${{ runner.os == 'Windows' }}
run: D:/syft/syft dir:C:/ -vv -o spdx-json=sbom.json
- name: Run SYFT on Ubuntu
if: ${{ runner.os == 'Linux' }}
run: syft dir:/ -vv -o spdx-json=sbom.json
- name: Run SYFT on macOS
if: ${{ runner.os == 'macOS' }}
run: sudo syft dir:/ -vv -o spdx-json=sbom.json --exclude ./Users --exclude ./System/Volumes --exclude ./private
shell: bash
#Preparing artifact (raw SBOM.json is too big)
- name: Compress SBOM file
run: Compress-Archive sbom.json sbom.json.zip
#Upload artifact action
- uses: actions/upload-artifact@v4
with:
name: sbom-${{ github.event.client_payload.agentSpec }}-${{ github.event.client_payload.imageVersion }}
path: sbom.json.zip
if-no-files-found: warn
#Upload release asset action
#Might be changed to softprops/action-gh-release after additional check
- name: Upload release asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: "https://uploads.github.com/repos/actions/runner-images/releases/${{ github.event.client_payload.ReleaseID }}/assets{?name,label}"
asset_path: ./sbom.json.zip
asset_name: sbom.${{ github.event.client_payload.agentSpec }}.json.zip
asset_content_type: application/zip
+36
View File
@@ -0,0 +1,36 @@
# CI Validation
name: Linter
on:
pull_request:
branches: [ main ]
paths:
- '**.json'
- '**.md'
- '**.sh'
jobs:
build:
name: Lint JSON & MD files
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Lint Code Base
uses: github/super-linter/slim@v4
env:
VALIDATE_ALL_CODEBASE: false
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VALIDATE_JSON: true
VALIDATE_MARKDOWN: true
DEFAULT_BRANCH: ${{ github.base_ref }}
FILTER_REGEX_EXCLUDE: .*images/*/.*-Readme.md
- name: Checking shebang lines in MacOS and Ubuntu releases.
run: ./images.CI/shebang-linter.ps1
shell: pwsh
+48
View File
@@ -0,0 +1,48 @@
name: Merge pull request
on:
repository_dispatch:
types: [merge-pr]
jobs:
Merge_pull_request:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Resolve possible conflicts ${{ github.event.client_payload.ReleaseBranchName }} with main
run: |
git config --global user.email "no-reply@github.com"
git config --global user.name "Actions service account"
git checkout ${{ github.event.client_payload.ReleaseBranchName }}-docs
git merge --no-edit --strategy-option=ours main
git push origin ${{ github.event.client_payload.ReleaseBranchName }}-docs
sleep 30
- name: Approve pull request by GitHub-Actions bot
uses: actions/github-script@v7
with:
github-token: ${{secrets.PRAPPROVAL_SECRET}}
script: |
github.rest.pulls.createReview({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: ${{ github.event.client_payload.PullRequestNumber }},
event: "APPROVE"
});
- name: Merge pull request for ${{ github.event.client_payload.ReleaseBranchName }}
uses: actions/github-script@v7
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.pulls.merge({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: ${{ github.event.client_payload.PullRequestNumber }},
merge_method: "squash"
})
+25
View File
@@ -0,0 +1,25 @@
# CI Validation
name: PowerShell Tests
on:
pull_request:
branches: [ main ]
paths:
- 'helpers/software-report-base/**'
jobs:
powershell-tests:
name: PowerShell tests
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Run Software Report module tests
shell: pwsh
run: |
$ErrorActionPreference = "Stop"
Invoke-Pester -Output Detailed "helpers/software-report-base/tests"
@@ -0,0 +1,47 @@
name: Trigger Build workflow
on:
workflow_call:
inputs:
image_type:
required: true
type: string
defaults:
run:
shell: pwsh
jobs:
trigger-workflow:
runs-on: ubuntu-latest
steps:
- name: Trigger Build workflow
env:
CI_PR_TOKEN: ${{ secrets.CI_PR_TOKEN }}
PR_TITLE: ${{ github.event.pull_request.title }}
CI_PR: ${{ secrets.CI_REPO }}
run: |
$headers = @{
Authorization="Bearer $env:CI_PR_TOKEN"
}
# Private repository for builds
$apiRepoUrl = "https://api.github.com/repos/$env:CI_PR"
$eventType = "trigger-${{ inputs.image_type }}-build"
$body = @{
event_type = $eventType;
client_payload = @{
pr_title = "$env:PR_TITLE"
custom_repo = "${{ github.event.pull_request.head.repo.full_name }}"
custom_repo_commit_hash = "${{ github.event.pull_request.head.sha }}"
}
}
$bodyString = $body | ConvertTo-Json
try {
Invoke-WebRequest -Uri "$apiRepoUrl/dispatches" -Method Post -Headers $headers -Body $bodyString | Out-Null
} catch {
throw "$($_.exception[0].message)"
}
+20
View File
@@ -0,0 +1,20 @@
name: Trigger Ubuntu20.04 CI
run-name: Ubuntu20.04 - ${{ github.event.pull_request.title }}
on:
pull_request_target:
types: labeled
paths:
- 'images/ubuntu/**'
defaults:
run:
shell: pwsh
jobs:
Ubuntu_2004:
if: github.event.label.name == 'CI ubuntu-all' || github.event.label.name == 'CI ubuntu-2004'
uses: ./.github/workflows/trigger-ubuntu-win-build.yml
with:
image_type: 'ubuntu2004'
secrets: inherit
+20
View File
@@ -0,0 +1,20 @@
name: Trigger Ubuntu22.04 CI
run-name: Ubuntu22.04 - ${{ github.event.pull_request.title }}
on:
pull_request_target:
types: labeled
paths:
- 'images/ubuntu/**'
defaults:
run:
shell: pwsh
jobs:
Ubuntu_2204:
if: github.event.label.name == 'CI ubuntu-all' || github.event.label.name == 'CI ubuntu-2204'
uses: ./.github/workflows/trigger-ubuntu-win-build.yml
with:
image_type: 'ubuntu2204'
secrets: inherit
+20
View File
@@ -0,0 +1,20 @@
name: Trigger Ubuntu24.04 CI
run-name: Ubuntu24.04 - ${{ github.event.pull_request.title }}
on:
pull_request_target:
types: labeled
paths:
- 'images/ubuntu/**'
defaults:
run:
shell: pwsh
jobs:
Ubuntu_2404:
if: github.event.label.name == 'CI ubuntu-all' || github.event.label.name == 'CI ubuntu-2404'
uses: ./.github/workflows/trigger-ubuntu-win-build.yml
with:
image_type: 'ubuntu2404'
secrets: inherit
@@ -0,0 +1,30 @@
name: Update release
on:
repository_dispatch:
types: [update-github-release]
jobs:
Update_GitHub_release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Update release for ${{ github.event.client_payload.ReleaseBranchName }}
uses: actions/github-script@v7
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const response = await github.rest.repos.getReleaseByTag({
owner: context.repo.owner,
repo: context.repo.repo,
tag: "${{ github.event.client_payload.ReleaseBranchName }}"
});
github.rest.repos.updateRelease({
owner: context.repo.owner,
repo: context.repo.repo,
release_id: response.data.id,
prerelease: ${{ github.event.client_payload.Prerelease }}
});
+20
View File
@@ -0,0 +1,20 @@
name: Trigger Windows19 CI
run-name: Windows2019 - ${{ github.event.pull_request.title }}
on:
pull_request_target:
types: labeled
paths:
- 'images/windows/**'
defaults:
run:
shell: pwsh
jobs:
Windows_2019:
if: github.event.label.name == 'CI windows-all' || github.event.label.name == 'CI windows-2019'
uses: ./.github/workflows/trigger-ubuntu-win-build.yml
with:
image_type: 'windows2019'
secrets: inherit
+20
View File
@@ -0,0 +1,20 @@
name: Trigger Windows22 CI
run-name: Windows2022 - ${{ github.event.pull_request.title }}
on:
pull_request_target:
types: labeled
paths:
- 'images/windows/**'
defaults:
run:
shell: pwsh
jobs:
Windows_2022:
if: github.event.label.name == 'CI windows-all' || github.event.label.name == 'CI windows-2022'
uses: ./.github/workflows/trigger-ubuntu-win-build.yml
with:
image_type: 'windows2022'
secrets: inherit
+20
View File
@@ -0,0 +1,20 @@
name: Trigger Windows25 CI
run-name: Windows2025 - ${{ github.event.pull_request.title }}
on:
pull_request_target:
types: labeled
paths:
- 'images/windows/**'
defaults:
run:
shell: pwsh
jobs:
Windows_2025:
if: github.event.label.name == 'CI windows-all' || github.event.label.name == 'CI windows-2025'
uses: ./.github/workflows/trigger-ubuntu-win-build.yml
with:
image_type: 'windows2025'
secrets: inherit