Merge branch '2.0' into fasttrack/2.0

Author: jslobodzian

.pipelines/containerSourceData/scripts/PublishContainers.sh

@@ -95,11 +95,52 @@ function acr_login {
 # $1: image name
 function oras_attach {
     local image_name=$1
+    local max_retries=3
+    local retry_count=0
+
+    while [ $retry_count -lt $max_retries ]; do
+        echo "+++ Attempting to attach lifecycle annotation to $image_name (attempt $((retry_count + 1))/$max_retries)"
+        
+        if oras attach \
+            --artifact-type "application/vnd.microsoft.artifact.lifecycle" \
+            --annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=$END_OF_LIFE_1_YEAR" \
+            "$image_name"; then
+            echo "+++ Successfully attached lifecycle annotation to $image_name"
+            return 0
+        else
+            retry_count=$((retry_count + 1))
+            if [ $retry_count -lt $max_retries ]; then
+                echo "+++ Failed to attach lifecycle annotation to $image_name. Retrying in 5 seconds..."
+                sleep 5
+            else
+                echo "+++ Failed to attach lifecycle annotation to $image_name after $max_retries attempts"
+                return 1
+            fi
+        fi
+    done
+}
+
+# Detach the end-of-life annotation from the container image.
+# $1: image name
+function oras_detach {
+    local image_name=$1
+    lifecycle_manifests=$(oras discover -o json  --artifact-type "application/vnd.microsoft.artifact.lifecycle" "$image_name")
+    manifests=$(echo "$lifecycle_manifests" | jq -r '.manifests')
+
+    if [[ -z $manifests ]]; then
+        echo "+++ No lifecycle manifests found for $image_name"
+        return
+    fi
 
-    oras attach \
-        --artifact-type "application/vnd.microsoft.artifact.lifecycle" \
-        --annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=$END_OF_LIFE_1_YEAR" \
-        "$image_name"
+    echo "+++ Found lifecycle manifests for $image_name: $manifests"
+    # Loop through the manifests and delete them.
+    manifest_count=$(echo "$manifests" | jq length)
+    for (( i=0; i<manifest_count; i++ )); do
+        digest=$(echo "$lifecycle_manifests" | jq -r ".manifests[$i].digest")
+        echo "Deleting manifest with digest: $digest"
+        imageNameWithoutTag=${image_name%:*}
+        oras manifest delete --force "$imageNameWithoutTag@$digest"
+    done
 }
 
 function create_multi_arch_tags {
@@ -194,6 +235,7 @@ function create_multi_arch_tags {
     echo "+++ push $full_multiarch_tag tag"
     docker manifest push "$full_multiarch_tag"
     echo "+++ $full_multiarch_tag tag pushed successfully"
+    oras_detach "$full_multiarch_tag"
     oras_attach "$full_multiarch_tag"
 
     # Save the multi-arch tag to a file.
@@ -282,6 +324,7 @@ do
             docker image tag "$amd64_image" "$amd64_retagged_image_name"
             docker rmi "$amd64_image"
             docker image push "$amd64_retagged_image_name"
+            oras_detach "$amd64_retagged_image_name"
             oras_attach "$amd64_retagged_image_name"
 
             if [[ $ARCHITECTURE_TO_BUILD == *"ARM64"*  ]]; then
@@ -290,6 +333,7 @@ do
                 docker image tag "$arm64_image" "$arm64_retagged_image_name"
                 docker rmi "$arm64_image"
                 docker image push "$arm64_retagged_image_name"
+                oras_detach "$arm64_retagged_image_name"
                 oras_attach "$arm64_retagged_image_name"
             fi
 

SPECS-SIGNED/hvloader-signed/hvloader-signed.spec

@@ -6,7 +6,7 @@
 Summary:        Signed HvLoader.efi for %{buildarch} systems
 Name:           hvloader-signed-%{buildarch}
 Version:        1.0.1
-Release:        12%{?dist}
+Release:        13%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -69,6 +69,9 @@ popd
 /boot/efi/HvLoader.efi
 
 %changelog
+* Tue May 13 2025 Archana Shettigar <[email protected]> - 1.0.1-13
+- Bump release for consistency with hvloader spec.
+
 * Tue Apr 29 2025 Mayank Singh <[email protected]> - 1.0.1-12
 - Bump release for consistency with hvloader spec.
 

SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec

@@ -9,7 +9,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for Azure
 Name:           kernel-azure-signed-%{buildarch}
-Version:        5.15.184.1
+Version:        5.15.186.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %exclude /module_info.ld
 
 %changelog
+* Mon Jul 07 2025 CBL-Mariner Servicing Account <[email protected]> - 5.15.186.1-1
+- Auto-upgrade to 5.15.186.1
+
 * Fri May 30 2025 CBL-Mariner Servicing Account <[email protected]> - 5.15.184.1-1
 - Auto-upgrade to 5.15.184.1
 

SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec

@@ -4,7 +4,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for HCI
 Name:           kernel-hci-signed-%{buildarch}
-Version:        5.15.184.1
+Version:        5.15.186.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -149,6 +149,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %exclude /module_info.ld
 
 %changelog
+* Mon Jul 07 2025 CBL-Mariner Servicing Account <[email protected]> - 5.15.186.1-1
+- Auto-upgrade to 5.15.186.1
+
 * Fri May 30 2025 CBL-Mariner Servicing Account <[email protected]> - 5.15.184.1-1
 - Auto-upgrade to 5.15.184.1
 

SPECS-SIGNED/kernel-signed/kernel-signed.spec

@@ -9,7 +9,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
-Version:        5.15.184.1
+Version:        5.15.186.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %exclude /module_info.ld
 
 %changelog
+* Mon Jul 07 2025 CBL-Mariner Servicing Account <[email protected]> - 5.15.186.1-1
+- Auto-upgrade to 5.15.186.1
+
 * Fri May 30 2025 CBL-Mariner Servicing Account <[email protected]> - 5.15.184.1-1
 - Auto-upgrade to 5.15.184.1