diff --git a/eng/common/templates/1es.yml b/eng/common/templates/1es.yml index 19f8c1f1..95a44b2a 100644 --- a/eng/common/templates/1es.yml +++ b/eng/common/templates/1es.yml @@ -32,6 +32,13 @@ parameters: name: $(defaultSourceAnalysisPoolName) image: $(defaultSourceAnalysisPoolImage) os: windows +# Container image SBOMs are generated manually during the build job. 1ESPT's +# automatic SBOM generation only adds unnecessary steps and artifacts to +# builds. SBOM is not needed for JSON outputs. If a pipeline outputs binary +# artifacts that ship to customers, then set this parameter to true. +- name: enableSbom + type: boolean + default: false resources: repositories: @@ -47,10 +54,8 @@ extends: templateParameters: pool: ${{ parameters.pool }} sdl: - # Required for unofficial pipelines because we rely on the ManifestGeneratorTask that is - # automatically installed by 1ES pipeline templates sbom: - enabled: true + enabled: ${{ parameters.enableSbom }} binskim: enabled: true componentgovernance: diff --git a/eng/common/templates/jobs/build-images.yml b/eng/common/templates/jobs/build-images.yml index 65d9d75f..24fa3e79 100644 --- a/eng/common/templates/jobs/build-images.yml +++ b/eng/common/templates/jobs/build-images.yml @@ -10,7 +10,7 @@ parameters: noCache: false internalProjectName: null publicProjectName: null - isInternalServicingValidation: false + storageAccountServiceConnection: null jobs: - job: ${{ parameters.name }} @@ -73,11 +73,11 @@ jobs: id: ${{ parameters.publishConfig.buildAcr.serviceConnection.id }} tenantId: ${{ parameters.publishConfig.buildAcr.serviceConnection.tenantId }} clientId: ${{ parameters.publishConfig.buildAcr.serviceConnection.clientId }} - - ${{ if eq(parameters.isInternalServicingValidation, true) }}: + - ${{ if parameters.storageAccountServiceConnection }}: - name: storage - id: $(dotnetstaging.serviceConnection.id) - tenantId: $(dotnetstaging.serviceConnection.tenantId) - clientId: $(dotnetstaging.serviceConnection.clientId) + id: ${{ parameters.storageAccountServiceConnection.id }} + tenantId: ${{ parameters.storageAccountServiceConnection.tenantId }} + clientId: ${{ parameters.storageAccountServiceConnection.clientId }} internalProjectName: ${{ parameters.internalProjectName }} dockerClientOS: ${{ parameters.dockerClientOS }} args: >- diff --git a/eng/common/templates/jobs/publish.yml b/eng/common/templates/jobs/publish.yml index 68cfb4fe..463d9af4 100644 --- a/eng/common/templates/jobs/publish.yml +++ b/eng/common/templates/jobs/publish.yml @@ -236,7 +236,7 @@ jobs: - template: /eng/common/templates/steps/annotate-eol-digests.yml@self parameters: - publishConfig: ${{ parameters.publishConfig }} + acr: ${{ parameters.publishConfig.publishAcr }} dataFile: $(artifactsPath)/eol-annotation-data/eol-annotation-data.json - script: > @@ -284,8 +284,8 @@ jobs: --task "🟪 Publish Image Info" --task "🟪 Ingest Kusto Image Info" --task "🟪 Generate EOL Annotation Data" - --task "🟪 Annotate EOL Images" - --task "🟪 Wait for Annotation Ingestion" + --task "🟪 Annotate EOL Images (${{ parameters.publishConfig.publishAcr.server }})" + --task "🟪 Wait for Annotation Ingestion (${{ parameters.publishConfig.publishAcr.server }})" $(dryRunArg) $(imageBuilder.commonCmdArgs) displayName: Post Publish Notification diff --git a/eng/common/templates/stages/build-and-test.yml b/eng/common/templates/stages/build-and-test.yml index 9bc28875..2d5ed702 100644 --- a/eng/common/templates/stages/build-and-test.yml +++ b/eng/common/templates/stages/build-and-test.yml @@ -25,7 +25,7 @@ parameters: versionsRepoRef: "" - isInternalServicingValidation: false + storageAccountServiceConnection: null linuxAmd64Pool: vmImage: $(defaultLinuxAmd64PoolImage) @@ -113,7 +113,7 @@ stages: publishConfig: ${{ parameters.publishConfig }} internalProjectName: ${{ parameters.internalProjectName }} publicProjectName: ${{ parameters.publicProjectName }} - isInternalServicingValidation: ${{ parameters.isInternalServicingValidation }} + storageAccountServiceConnection: ${{ parameters.storageAccountServiceConnection }} - template: /eng/common/templates/jobs/build-images.yml@self parameters: name: Linux_arm64 @@ -131,7 +131,7 @@ stages: publishConfig: ${{ parameters.publishConfig }} internalProjectName: ${{ parameters.internalProjectName }} publicProjectName: ${{ parameters.publicProjectName }} - isInternalServicingValidation: ${{ parameters.isInternalServicingValidation }} + storageAccountServiceConnection: ${{ parameters.storageAccountServiceConnection }} - template: /eng/common/templates/jobs/build-images.yml@self parameters: name: Linux_arm32 @@ -149,7 +149,7 @@ stages: publishConfig: ${{ parameters.publishConfig }} internalProjectName: ${{ parameters.internalProjectName }} publicProjectName: ${{ parameters.publicProjectName }} - isInternalServicingValidation: ${{ parameters.isInternalServicingValidation }} + storageAccountServiceConnection: ${{ parameters.storageAccountServiceConnection }} - template: /eng/common/templates/jobs/build-images.yml@self parameters: name: Windows1809_amd64 @@ -167,7 +167,7 @@ stages: publishConfig: ${{ parameters.publishConfig }} internalProjectName: ${{ parameters.internalProjectName }} publicProjectName: ${{ parameters.publicProjectName }} - isInternalServicingValidation: ${{ parameters.isInternalServicingValidation }} + storageAccountServiceConnection: ${{ parameters.storageAccountServiceConnection }} - template: /eng/common/templates/jobs/build-images.yml@self parameters: name: Windows2022_amd64 @@ -185,7 +185,7 @@ stages: publishConfig: ${{ parameters.publishConfig }} internalProjectName: ${{ parameters.internalProjectName }} publicProjectName: ${{ parameters.publicProjectName }} - isInternalServicingValidation: ${{ parameters.isInternalServicingValidation }} + storageAccountServiceConnection: ${{ parameters.storageAccountServiceConnection }} - template: /eng/common/templates/jobs/build-images.yml@self parameters: name: Windows2025_amd64 @@ -204,7 +204,7 @@ stages: internalProjectName: ${{ parameters.internalProjectName }} publicProjectName: ${{ parameters.publicProjectName }} versionsRepoRef: ${{ parameters.versionsRepoRef }} - isInternalServicingValidation: ${{ parameters.isInternalServicingValidation }} + storageAccountServiceConnection: ${{ parameters.storageAccountServiceConnection }} - template: /eng/common/templates/jobs/build-images.yml@self parameters: name: WindowsLtsc2016_amd64 @@ -222,7 +222,7 @@ stages: publishConfig: ${{ parameters.publishConfig }} internalProjectName: ${{ parameters.internalProjectName }} publicProjectName: ${{ parameters.publicProjectName }} - isInternalServicingValidation: ${{ parameters.isInternalServicingValidation }} + storageAccountServiceConnection: ${{ parameters.storageAccountServiceConnection }} ################################################################################ # Post-Build diff --git a/eng/common/templates/stages/dotnet/build-and-test.yml b/eng/common/templates/stages/dotnet/build-and-test.yml index 3b57c18b..dd8afd9e 100644 --- a/eng/common/templates/stages/dotnet/build-and-test.yml +++ b/eng/common/templates/stages/dotnet/build-and-test.yml @@ -3,7 +3,13 @@ parameters: linuxAmd64Pool: "" - isInternalServicingValidation: false + + # (Optional) This service connection should be an Azure Resource Manager + # service connection to a storage account that's needed during image builds. + # It can be used to build images with access to private/internal bits. + # If specified, this service connection will be used to pass a storage + # account access token as `--build-arg ACCESSTOKEN=***` to all image builds. + storageAccountServiceConnection: null # Parameters for pre-build jobs customGenerateMatrixInitSteps: [] @@ -40,7 +46,7 @@ stages: publishConfig: ${{ parameters.publishConfig }} internalProjectName: ${{ parameters.internalProjectName }} publicProjectName: ${{ parameters.publicProjectName }} - isInternalServicingValidation: ${{ parameters.isInternalServicingValidation }} + storageAccountServiceConnection: ${{ parameters.storageAccountServiceConnection }} customGenerateMatrixInitSteps: ${{ parameters.customGenerateMatrixInitSteps }} buildMatrixCustomBuildLegGroupArgs: ${{ parameters.buildMatrixCustomBuildLegGroupArgs }} testMatrixCustomBuildLegGroupArgs: ${{ parameters.testMatrixCustomBuildLegGroupArgs }} diff --git a/eng/common/templates/stages/dotnet/build-test-publish-repo.yml b/eng/common/templates/stages/dotnet/build-test-publish-repo.yml index e5648784..ee8f43af 100644 --- a/eng/common/templates/stages/dotnet/build-test-publish-repo.yml +++ b/eng/common/templates/stages/dotnet/build-test-publish-repo.yml @@ -2,7 +2,6 @@ parameters: linuxAmd64Pool: "" - isInternalServicingValidation: false # Parameters for pre-build jobs customGenerateMatrixInitSteps: [] @@ -39,7 +38,6 @@ stages: - template: /eng/common/templates/stages/dotnet/build-and-test.yml@self parameters: linuxAmd64Pool: ${{ parameters.linuxAmd64Pool }} - isInternalServicingValidation: ${{ parameters.isInternalServicingValidation }} # Pre-build customGenerateMatrixInitSteps: ${{ parameters.customGenerateMatrixInitSteps }} customCopyBaseImagesInitSteps: ${{ parameters.customCopyBaseImagesInitSteps }} @@ -68,7 +66,6 @@ stages: - template: /eng/common/templates/stages/dotnet/publish.yml@self parameters: pool: ${{ parameters.linuxAmd64Pool }} - isInternalServicingValidation: ${{ parameters.isInternalServicingValidation }} customPublishInitSteps: ${{ parameters.customPublishInitSteps }} internalProjectName: ${{ parameters.internalProjectName }} publicProjectName: ${{ parameters.publicProjectName }} diff --git a/eng/common/templates/stages/dotnet/publish-config-nonprod.yml b/eng/common/templates/stages/dotnet/publish-config-nonprod.yml index bc236962..eddd7859 100644 --- a/eng/common/templates/stages/dotnet/publish-config-nonprod.yml +++ b/eng/common/templates/stages/dotnet/publish-config-nonprod.yml @@ -61,6 +61,13 @@ stages: publicMirrorAcr: server: $(public-mirror.server) + resourceGroup: $(public-mirror.resourceGroup) + subscription: $(public-mirror.subscription) + serviceConnection: + name: $(public-mirror.serviceConnectionName) + id: $(public-mirror.serviceConnection.id) + tenantId: $(public-mirror.serviceConnection.tenantId) + clientId: $(public-mirror.serviceConnection.clientId) buildAcr: server: $(acr-staging-test.server) @@ -73,6 +80,12 @@ stages: clientId: $(build-test.serviceConnection.clientId) tenantId: $(testTenant) + cleanServiceConnection: + name: $(clean-test.serviceConnectionName) + id: $(clean-test.serviceConnection.id) + clientId: $(clean-test.serviceConnection.clientId) + tenantId: $(testTenant) + testServiceConnection: name: $(test-nonprod.serviceConnectionName) id: $(test-nonprod.serviceConnection.id) diff --git a/eng/common/templates/stages/dotnet/publish-config-prod.yml b/eng/common/templates/stages/dotnet/publish-config-prod.yml index 7ac47d69..d45807dd 100644 --- a/eng/common/templates/stages/dotnet/publish-config-prod.yml +++ b/eng/common/templates/stages/dotnet/publish-config-prod.yml @@ -61,6 +61,13 @@ stages: publicMirrorAcr: server: $(public-mirror.server) + resourceGroup: $(public-mirror.resourceGroup) + subscription: $(public-mirror.subscription) + serviceConnection: + name: $(public-mirror.serviceConnectionName) + id: $(public-mirror.serviceConnection.id) + tenantId: $(public-mirror.serviceConnection.tenantId) + clientId: $(public-mirror.serviceConnection.clientId) buildAcr: server: $(acr-staging.server) @@ -73,6 +80,12 @@ stages: clientId: $(build.serviceConnection.clientId) tenantId: $(build.serviceConnection.tenantId) + cleanServiceConnection: + name: $(clean.serviceConnectionName) + id: $(clean.serviceConnection.id) + clientId: $(clean.serviceConnection.clientId) + tenantId: $(clean.serviceConnection.tenantId) + testServiceConnection: name: $(test.serviceConnectionName) id: $(test.serviceConnection.id) diff --git a/eng/common/templates/stages/dotnet/publish.yml b/eng/common/templates/stages/dotnet/publish.yml index 4e1745fd..d041b3d5 100644 --- a/eng/common/templates/stages/dotnet/publish.yml +++ b/eng/common/templates/stages/dotnet/publish.yml @@ -6,7 +6,6 @@ parameters: publicProjectName: null publishConfig: null pool: "" - isInternalServicingValidation: false isStandalonePublish: false customPublishInitSteps: [] sourceBuildPipelineDefinitionId: '' @@ -20,7 +19,6 @@ stages: internalProjectName: ${{ parameters.internalProjectName }} publicProjectName: ${{ parameters.publicProjectName }} publishConfig: ${{ parameters.publishConfig }} - isInternalServicingValidation: ${{ parameters.isInternalServicingValidation }} isStandalonePublish: ${{ parameters.isStandalonePublish }} sourceBuildPipelineDefinitionId: ${{ parameters.sourceBuildPipelineDefinitionId }} sourceBuildPipelineRunId: ${{ parameters.sourceBuildPipelineRunId }} diff --git a/eng/common/templates/stages/publish.yml b/eng/common/templates/stages/publish.yml index bd294e1c..f1569fba 100644 --- a/eng/common/templates/stages/publish.yml +++ b/eng/common/templates/stages/publish.yml @@ -7,7 +7,6 @@ parameters: publishConfig: null - isInternalServicingValidation: false isStandalonePublish: false pool: @@ -29,54 +28,53 @@ parameters: # Publish Images ################################################################################ stages: -- ${{ if eq(parameters.isInternalServicingValidation, 'false') }}: - - stage: Publish - ${{ if eq(parameters.isStandalonePublish, true) }}: - dependsOn: [] +- stage: Publish + ${{ if eq(parameters.isStandalonePublish, true) }}: + dependsOn: [] + ${{ else }}: + ${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}: + dependsOn: Test ${{ else }}: - ${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}: - dependsOn: Test - ${{ else }}: - dependsOn: Post_Build - condition: " + dependsOn: Post_Build + condition: " + and( + not(canceled()), and( - not(canceled()), - and( - contains(variables['stages'], 'publish'), + contains(variables['stages'], 'publish'), + or( or( + and( + and( + contains(variables['stages'], 'build'), + succeeded('Post_Build')), + and( + contains(variables['stages'], 'test'), + in(dependencies.Test.result, 'Succeeded', 'SucceededWithIssues', 'Skipped'))), or( and( - and( - contains(variables['stages'], 'build'), - succeeded('Post_Build')), + not(contains(variables['stages'], 'build')), and( contains(variables['stages'], 'test'), in(dependencies.Test.result, 'Succeeded', 'SucceededWithIssues', 'Skipped'))), - or( - and( - not(contains(variables['stages'], 'build')), - and( - contains(variables['stages'], 'test'), - in(dependencies.Test.result, 'Succeeded', 'SucceededWithIssues', 'Skipped'))), + and( + not(contains(variables['stages'], 'test')), and( - not(contains(variables['stages'], 'test')), - and( - contains(variables['stages'], 'build'), - succeeded('Post_Build'))))), - not( - or( - contains(variables['stages'], 'build'), - contains(variables['stages'], 'test'))))))" - jobs: - - template: /eng/common/templates/jobs/publish.yml@self - parameters: - pool: ${{ parameters.pool }} - internalProjectName: ${{ parameters.internalProjectName }} - publishConfig: ${{ parameters.publishConfig }} - customPublishVariables: ${{ parameters.customPublishVariables }} - customInitSteps: ${{ parameters.customPublishInitSteps }} - sourceBuildPipelineDefinitionId: ${{ parameters.sourceBuildPipelineDefinitionId }} - sourceBuildPipelineRunId: ${{ parameters.sourceBuildPipelineRunId }} - versionsRepoRef: ${{ parameters.versionsRepoRef }} - versionsRepoPath: ${{ parameters.versionsRepoPath }} - overrideImageInfoCommit: ${{ parameters.overrideImageInfoCommit }} + contains(variables['stages'], 'build'), + succeeded('Post_Build'))))), + not( + or( + contains(variables['stages'], 'build'), + contains(variables['stages'], 'test'))))))" + jobs: + - template: /eng/common/templates/jobs/publish.yml@self + parameters: + pool: ${{ parameters.pool }} + internalProjectName: ${{ parameters.internalProjectName }} + publishConfig: ${{ parameters.publishConfig }} + customPublishVariables: ${{ parameters.customPublishVariables }} + customInitSteps: ${{ parameters.customPublishInitSteps }} + sourceBuildPipelineDefinitionId: ${{ parameters.sourceBuildPipelineDefinitionId }} + sourceBuildPipelineRunId: ${{ parameters.sourceBuildPipelineRunId }} + versionsRepoRef: ${{ parameters.versionsRepoRef }} + versionsRepoPath: ${{ parameters.versionsRepoPath }} + overrideImageInfoCommit: ${{ parameters.overrideImageInfoCommit }} diff --git a/eng/common/templates/steps/annotate-eol-digests.yml b/eng/common/templates/steps/annotate-eol-digests.yml index 0e7d5c32..57c5221f 100644 --- a/eng/common/templates/steps/annotate-eol-digests.yml +++ b/eng/common/templates/steps/annotate-eol-digests.yml @@ -1,5 +1,5 @@ parameters: -- name: publishConfig +- name: acr type: object # Path to EOL annotation data JSON file generated by 'generateEolAnnotationData*' command - name: dataFile @@ -10,33 +10,32 @@ steps: displayName: Create Annotation Digests Directory - template: /eng/common/templates/steps/run-imagebuilder.yml@self parameters: - name: AnnotateEOLImages - displayName: Annotate EOL Images + displayName: Annotate EOL Images (${{ parameters.acr.server }}) serviceConnections: - name: acr - id: ${{ parameters.publishConfig.publishAcr.serviceConnection.id }} - tenantId: ${{ parameters.publishConfig.publishAcr.serviceConnection.tenantId }} - clientId: ${{ parameters.publishConfig.publishAcr.serviceConnection.clientId }} + id: ${{ parameters.acr.serviceConnection.id }} + tenantId: ${{ parameters.acr.serviceConnection.tenantId }} + clientId: ${{ parameters.acr.serviceConnection.clientId }} internalProjectName: internal condition: and(succeeded(), eq(variables['publishEolAnnotations'], 'true')) args: >- annotateEolDigests - ${{ parameters.dataFile }} - ${{ parameters.publishConfig.publishAcr.server }} - ${{ parameters.publishConfig.publishAcr.repoPrefix }} + "${{ parameters.dataFile }}" + "${{ parameters.acr.server }}" + "${{ parameters.acr.repoPrefix }}" $(artifactsPath)/annotation-digests/annotation-digests.txt $(dryRunArg) - template: /eng/common/templates/steps/publish-artifact.yml@self parameters: path: $(Build.ArtifactStagingDirectory)/annotation-digests - artifactName: annotation-digests-$(System.JobAttempt) - displayName: Publish Annotation Digests List + artifactName: annotation-digests-${{ parameters.acr.server }}-$(System.JobAttempt) + displayName: Publish Annotation Digests List (${{ parameters.acr.server }}) internalProjectName: internal publicProjectName: public condition: and(succeeded(), eq(variables['publishEolAnnotations'], 'true')) - template: /eng/common/templates/steps/run-imagebuilder.yml@self parameters: - displayName: Wait for Annotation Ingestion + displayName: Wait for Annotation Ingestion (${{ parameters.acr.server }}) serviceConnections: - name: mar id: $(marStatus.serviceConnection.id) diff --git a/eng/common/templates/steps/clean-acr-images.yml b/eng/common/templates/steps/clean-acr-images.yml index abfb9fb9..0361df44 100644 --- a/eng/common/templates/steps/clean-acr-images.yml +++ b/eng/common/templates/steps/clean-acr-images.yml @@ -1,28 +1,33 @@ parameters: repo: null - subscription: null - resourceGroup: null acr: null action: null age: null - customArgs: "" + customArgs: "--dry-run" internalProjectName: null + publishConfig: null steps: - template: /eng/common/templates/steps/run-imagebuilder.yml@self parameters: - displayName: Clean ACR Images - ${{ parameters.repo }} + # Options are documented in CleanAcrImagesOptions.cs + ${{ if eq(parameters.action, 'delete') }}: + displayName: "Delete ${{ parameters.repo }}" + ${{ elseif parameters.age }}: + displayName: "Clean ${{ parameters.repo }} (${{ parameters.action }} > ${{ parameters.age }}d)" + ${{ else }}: + displayName: "Clean ${{ parameters.repo }} (${{ parameters.action }})" serviceConnections: - name: acr - id: $(clean.serviceConnection.id) - tenantId: $(clean.serviceConnection.tenantId) - clientId: $(clean.serviceConnection.clientId) + id: ${{ parameters.publishConfig.cleanServiceConnection.id }} + tenantId: ${{ parameters.publishConfig.cleanServiceConnection.tenantId }} + clientId: ${{ parameters.publishConfig.cleanServiceConnection.clientId }} internalProjectName: ${{ parameters.internalProjectName }} args: >- cleanAcrImages ${{ parameters.repo }} - ${{ parameters.subscription }} - ${{ parameters.resourceGroup }} - ${{ parameters.acr }} + ${{ parameters.acr.subscription }} + ${{ parameters.acr.resourceGroup }} + ${{ parameters.acr.server }} --action ${{ parameters.action }} --age ${{ parameters.age }} ${{ parameters.customArgs }} diff --git a/eng/common/templates/steps/validate-branch.yml b/eng/common/templates/steps/validate-branch.yml index 0bfcf9c9..0fb1a841 100644 --- a/eng/common/templates/steps/validate-branch.yml +++ b/eng/common/templates/steps/validate-branch.yml @@ -7,26 +7,39 @@ steps: - powershell: | if ("$env:ONEESPT_BUILDTYPE" -eq "Unofficial") { - echo "Build is from an unofficial pipeline, continuing..." + echo "Build is from an unofficial pipeline, continuing." exit 0 } - if ("$(officialBranches)".Split(',').Contains("$(sourceBranch)") ` - -and "$(officialRepoPrefixes)".Split(',').Contains("${{ parameters.publishConfig.publishAcr.repoPrefix }}")) + $isOfficialRepoPrefix = "$(officialRepoPrefixes)".Split(',').Contains("${{ parameters.publishConfig.publishAcr.repoPrefix }}") + if (-not $isOfficialRepoPrefix) { - echo "Conditions met for official build, continuing..." + echo "This build will not publish to an official repo prefix, continuing." + echo "Publish repo prefix: ${{ parameters.publishConfig.publishAcr.repoPrefix }}" + echo "Official repo prefixes: $(officialRepoPrefixes)" exit 0 } - if (-not "$(officialRepoPrefixes)".Split(',').Contains("${{ parameters.publishConfig.publishAcr.repoPrefix }}")) + $isOfficialBranch = "$(officialBranches)".Split(',').Contains("$(sourceBranch)") + if ($isOfficialBranch) { - echo "This build is a test build, continuing..." + echo "$(sourceBranch) is an official branch, continuing." + echo "Official branches: $(officialBranches)" exit 0 } - if ("${{ variables['overrideOfficialBranchValidation'] }}" -eq "true") + $hasOfficialBranchPrefix = $false + foreach ($prefix in "$(officialBranchPrefixes)".Split(',')) { + if ("$(sourceBranch)".StartsWith($prefix)) { + $hasOfficialBranchPrefix = $true + break + } + } + + if ($hasOfficialBranchPrefix) { - echo "Variable overrideOfficialBranchValidation is set to true, continuing..." + echo "$(sourceBranch) has an official branch prefix, continuing." + echo "Official branch prefixes: $(officialBranchPrefixes)" exit 0 } diff --git a/eng/common/templates/variables/docker-images.yml b/eng/common/templates/variables/docker-images.yml index 33f6287d..cfaf8fa5 100644 --- a/eng/common/templates/variables/docker-images.yml +++ b/eng/common/templates/variables/docker-images.yml @@ -1,5 +1,5 @@ variables: - imageNames.imageBuilderName: mcr.microsoft.com/dotnet-buildtools/image-builder:2781076 + imageNames.imageBuilderName: mcr.microsoft.com/dotnet-buildtools/image-builder:2805555 imageNames.imageBuilder: $(imageNames.imageBuilderName) imageNames.imageBuilder.withrepo: imagebuilder-withrepo:$(Build.BuildId)-$(System.JobId) imageNames.testRunner: mcr.microsoft.com/dotnet-buildtools/prereqs:azurelinux3.0-docker-testrunner diff --git a/eng/common/templates/variables/dotnet/secrets-unofficial.yml b/eng/common/templates/variables/dotnet/secrets-unofficial.yml index d55d9318..1744ad28 100644 --- a/eng/common/templates/variables/dotnet/secrets-unofficial.yml +++ b/eng/common/templates/variables/dotnet/secrets-unofficial.yml @@ -1,5 +1,5 @@ variables: -- group: DotNet-Docker-Secrets-Unofficial +- group: DotNet-Docker-Secrets-Low - name: dockerHubRegistryCreds - value: --registry-creds 'docker.io=$(dotnetDockerHubBot.userName);$(BotAccount-dotnet-dockerhub-bot-PAT)' + value: --registry-creds 'docker.io=$(dotnet-dockerhub-bot-username);$(dotnet-dockerhub-bot-pat-low)'