Azure · yoyowang268 · Aug 20, 2025 · Aug 20, 2025 · Aug 20, 2025 · Aug 20, 2025
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -37,7 +37,9 @@ jobs:
 
       # Build base dockerfile
       - name: Build the base.Dockerfile
-        run: docker build -t base_cloudshell -f linux/base.Dockerfile .
+        run: |
+          echo "https://pypi.org/simple/" > pip_index_url.txt
+          docker build -t base_cloudshell -f linux/base.Dockerfile --secret id=pip_index_url,src=pip_index_url.txt .
 
       - name: Create temporary trivy directories
         run: |
@@ -57,7 +59,7 @@ jobs:
       # Build tools dockerfile
       - name: Build the tools.Dockerfile
         run: |
-          docker build -t tools_cloudshell --build-arg IMAGE_LOCATION=base_cloudshell -f linux/tools.Dockerfile .
+          docker build -t tools_cloudshell --build-arg IMAGE_LOCATION=base_cloudshell -f linux/tools.Dockerfile --secret id=pip_index_url,src=pip_index_url.txt .
 
       - name: Scan Tools image with Trivy
         id: trivy-tools-scan

diff --git a/linux/base.Dockerfile b/linux/base.Dockerfile
@@ -158,18 +158,18 @@ ENV LANG="en_US.utf8"
 
 # # BEGIN: Install Ansible in isolated Virtual Environment
 COPY ./linux/ansible/ansible*  /usr/local/bin/
-RUN chmod 755 /usr/local/bin/ansible* \
+RUN --mount=type=secret,id=pip_index_url,target=/run/secrets/pip_index_url \
+  chmod 755 /usr/local/bin/ansible* \
   && cd /opt \
   && virtualenv -p python3 ansible \
-  && /bin/bash -c "source ansible/bin/activate && pip3 list --format=freeze | cut -d '=' -f1 | xargs -n1 pip3 install -U && pip3 install ansible && pip3 install pywinrm\>\=0\.2\.2 && deactivate" \
+  && /bin/bash -c "source ansible/bin/activate && pip3 list --format=freeze | cut -d '=' -f1 | xargs -n1 pip3 install -U --index-url $(cat /run/secrets/pip_index_url) && pip3 install --index-url $(cat /run/secrets/pip_index_url) ansible && pip3 install --index-url $(cat /run/secrets/pip_index_url) pywinrm\>\=0\.2\.2 && deactivate" \
   && rm -rf ~/.local/share/virtualenv/ \
   && rm -rf ~/.cache/pip/ \
   && ansible-galaxy collection install azure.azcollection --force -p /usr/share/ansible/collections \
   # Temp: Proper fix is to use regular python for Ansible.
   && mkdir -p /usr/share/ansible/collections/ansible_collections/azure/azcollection/ \
   && wget -nv -q -O /usr/share/ansible/collections/ansible_collections/azure/azcollection/requirements.txt https://raw.githubusercontent.com/ansible-collections/azure/dev/requirements.txt \
-  && /opt/ansible/bin/python -m pip install -r /usr/share/ansible/collections/ansible_collections/azure/azcollection/requirements.txt
-
+  && /opt/ansible/bin/python -m pip install --index-url $(cat /run/secrets/pip_index_url) -r /usr/share/ansible/collections/ansible_collections/azure/azcollection/requirements.txt
 
 # Install latest version of Istio
 RUN export TMP_DIR=$(mktemp -d) \

diff --git a/linux/tools.Dockerfile b/linux/tools.Dockerfile
@@ -4,7 +4,7 @@
 
 # To build yourself locally, override this location with a local image tag. See README.md for more detail
 
-ARG IMAGE_LOCATION=cdpxb787066ec88f4e20ae65e42a858c42ca00.azurecr.io/official/cloudshell:base.master.3df5312c.20250612.2
+ARG IMAGE_LOCATION=cloudconregtest.azurecr.io/cloudshell:base.master.548d49ff.20250719.3
 
 # Copy from base build
 FROM ${IMAGE_LOCATION}
@@ -23,11 +23,16 @@ RUN tdnf clean all && \
     rm -rf /var/cache/tdnf/*
 
 # Install any Azure CLI extensions that should be included by default.
-RUN az extension add --system --name ssh -y \
-    && az extension add --system --name ml -y
+RUN --mount=type=secret,id=pip_index_url,target=/run/secrets/pip_index_url \
+    echo "Using Azure Artifacts feed: $(cat /run/secrets/pip_index_url)" && \
+    export PIP_VERBOSE=1 && \
+    az extension add --system --name ssh -y --pip-extra-index-urls "$(cat /run/secrets/pip_index_url)" --verbose --debug \
+    && az extension add --system --name ml -y --pip-extra-index-urls "$(cat /run/secrets/pip_index_url)" --verbose --debug
 
 # Install kubectl
-RUN az aks install-cli \
+RUN --mount=type=secret,id=pip_index_url,target=/run/secrets/pip_index_url \
+    export PIP_INDEX_URL=$(cat /run/secrets/pip_index_url) && \
+    az aks install-cli \
     && chmod +x /usr/local/bin/kubectl \
     && chmod +x /usr/local/bin/kubelogin
 
@@ -51,7 +56,12 @@ ENV POWERSHELL_DISTRIBUTION_CHANNEL=CloudShell \
 
 # Copy and run script to install Powershell modules and setup Powershell machine profile
 COPY ./linux/powershell/ powershell
-RUN cp ./powershell/libs/libmi.so /opt/microsoft/powershell/7/libmi.so && \
+RUN --mount=type=secret,id=pip_index_url,target=/run/secrets/pip_index_url \
+    cp ./powershell/libs/libmi.so /opt/microsoft/powershell/7/libmi.so && \
+    # Set environment variables for PowerShell to potentially use Azure Artifacts feed
+    export NUGET_SOURCE=$(cat /run/secrets/pip_index_url | sed 's|/simple/|/nuget/v2|') && \
+    # Temporarily override PowerShell Gallery URL in the setup script to use Azure Artifacts feed
+    sed -i "s|https://www.powershellgallery.com/api/v2|$NUGET_SOURCE|g" ./powershell/setupPowerShell.ps1 && \
     /usr/bin/pwsh -File ./powershell/setupPowerShell.ps1 -image Base && \
     cp -r ./powershell/PSCloudShellUtility /usr/local/share/powershell/Modules/PSCloudShellUtility/ && \
     /usr/bin/pwsh -File ./powershell/setupPowerShell.ps1 -image Top && \