Pull new base image from GHCR (#6390)

microsoft · Jul 25, 2024 · bc1d75e · bc1d75e
1 parent b5e9bb7
commit bc1d75e
Show file tree

Hide file tree

Showing 7 changed files with 29 additions and 5 deletions.
diff --git a/.azure-pipelines-templates/daily-matrix.yml b/.azure-pipelines-templates/daily-matrix.yml
@@ -51,6 +51,9 @@ jobs:
       - checkout: self
         clean: true
         fetchDepth: 10000
+      - script: |
+          sudo rm -rf build
+        displayName: "Cleanup"
       - script: |
           set -ex
           mkdir build_make

diff --git a/.azure-pipelines-templates/deploy_aci.yml b/.azure-pipelines-templates/deploy_aci.yml
@@ -54,6 +54,7 @@ jobs:
 
       - script: |
           set -ex
+          az acr login --name $ACR_REGISTRY_RESOURCE_NAME
           python3.8 -m venv ./scripts/azure_deployment/.env
           source ./scripts/azure_deployment/.env/bin/activate
           pip install -r ./scripts/azure_deployment/requirements.txt
@@ -64,6 +65,7 @@ jobs:
             --aci-type dynamic-agent \
             --deployment-name ci-$(Build.BuildNumber) \
             --aci-image ccfmsrc.azurecr.io/ccf/ci:pr-`git rev-parse HEAD` \
+            --managed-identity $(CCF_SNP_CI_MANAGED_IDENTITY_ID)
             --ports 22 \
             --aci-setup-timeout 300 \
             --aci-private-key-b64 $(sshKey) \
@@ -75,6 +77,7 @@ jobs:
         name: deploy_primary_aci
         displayName: "Deploy Primary ACI"
         env:
+          ACR_REGISTRY_RESOURCE_NAME: ccfmsrc
           CCF_AZURE_SUBSCRIPTION_ID: $(CCF_AZURE_SUBSCRIPTION_ID)
 
       - script: |

diff --git a/.azure_pipelines_snp.yml b/.azure_pipelines_snp.yml
@@ -22,7 +22,7 @@ schedules:
 resources:
   containers:
     - container: virtual
-      image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-virtual-clang15
+      image: ghcr.io/microsoft/ccf/ci/default:build-25-07-2024
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
 
 jobs:

diff --git a/.daily.yml b/.daily.yml
@@ -27,15 +27,15 @@ schedules:
 resources:
   containers:
     - container: virtual
-      image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-virtual-clang15
+      image: ghcr.io/microsoft/ccf/ci/default:build-25-07-2024
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE
 
     - container: snp
-      image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-snp-clang15
+      image: ghcr.io/microsoft/ccf/ci/default:build-25-07-2024
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
 
     - container: sgx
-      image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-sgx
+      image: ghcr.io/microsoft/ccf/ci/sgx:build-25-07-2024
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx
 
 jobs:

diff --git a/.multi-thread.yml b/.multi-thread.yml
@@ -20,7 +20,7 @@ pr:
 resources:
   containers:
     - container: virtual
-      image: ccfmsrc.azurecr.io/ccf/ci:2024-06-26-virtual-clang15
+      image: ghcr.io/microsoft/ccf/ci/default:build-25-07-2024
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
 
 jobs:

diff --git a/scripts/azure_deployment/arm_aci.py b/scripts/azure_deployment/arm_aci.py
@@ -8,6 +8,7 @@
 from argparse import ArgumentParser, Namespace
 import base64
 import tempfile
+import urllib.parse
 
 from azure.identity import AzureCliCredential
 from azure.mgmt.resource.resources.models import (
@@ -253,6 +254,12 @@ def make_aci_deployment(args: Namespace) -> Deployment:
             "initContainers": [],
             "restartPolicy": "Never",
             "osType": "Linux",
+            "imageRegistryCredentials": [
+                {
+                    "server": urllib.parse.urlparse(f"//{args.aci_image}").netloc,
+                    "identity": args.managed_identity,
+                }
+            ],
         }
 
         if args.ports:
@@ -308,6 +315,12 @@ def make_aci_deployment(args: Namespace) -> Deployment:
             "name": f"{deployment_name}-{i}",
             "location": args.region,
             "properties": container_group_properties,
+            "identity": {
+                "type": "SystemAssigned, UserAssigned",
+                "userAssignedIdentities": {
+                    args.managed_identity: {},
+                },
+            },
         }
 
         arm_template["resources"].append(container_group)

diff --git a/scripts/azure_deployment/arm_template.py b/scripts/azure_deployment/arm_template.py
@@ -57,6 +57,11 @@
     type=lambda in_str: str(in_str).replace(".", ""),
 )
 
+parser.add_argument(
+    "--managed-identity",
+    help="The managed identity on the host that you want the ACI to inherit, so it can access its container registries",
+)
+
 parser.add_argument(
     "--out",
     help="Location to write the deployment info to",