Skip to content

Commit 97801eb

Browse files
lbusselllbussell
authored
Merge branch 'main' into compat
2 parents d7e45d7 + 3c101dc commit 97801eb

File tree

64 files changed

+951
-424
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

64 files changed

+951
-424
lines changed

README.aspnet.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -90,12 +90,12 @@ Tag | Dockerfile
9090

9191
Tag | Dockerfile
9292
---------| ---------------
93-
4.8-20250708-windowsservercore-ltsc2016, 4.8-windowsservercore-ltsc2016, 4.8, latest | [Dockerfile](src/aspnet/4.8/windowsservercore-ltsc2016/Dockerfile)
94-
4.7.2-20250708-windowsservercore-ltsc2016, 4.7.2-windowsservercore-ltsc2016, 4.7.2 | [Dockerfile](src/aspnet/4.7.2/windowsservercore-ltsc2016/Dockerfile)
95-
4.7.1-20250708-windowsservercore-ltsc2016, 4.7.1-windowsservercore-ltsc2016, 4.7.1 | [Dockerfile](src/aspnet/4.7.1/windowsservercore-ltsc2016/Dockerfile)
96-
4.7-20250708-windowsservercore-ltsc2016, 4.7-windowsservercore-ltsc2016, 4.7 | [Dockerfile](src/aspnet/4.7/windowsservercore-ltsc2016/Dockerfile)
97-
4.6.2-20250708-windowsservercore-ltsc2016, 4.6.2-windowsservercore-ltsc2016, 4.6.2 | [Dockerfile](src/aspnet/4.6.2/windowsservercore-ltsc2016/Dockerfile)
98-
3.5-20250708-windowsservercore-ltsc2016, 3.5-windowsservercore-ltsc2016, 3.5 | [Dockerfile](src/aspnet/3.5/windowsservercore-ltsc2016/Dockerfile)
93+
4.8-20250812-windowsservercore-ltsc2016, 4.8-windowsservercore-ltsc2016, 4.8, latest | [Dockerfile](src/aspnet/4.8/windowsservercore-ltsc2016/Dockerfile)
94+
4.7.2-20250812-windowsservercore-ltsc2016, 4.7.2-windowsservercore-ltsc2016, 4.7.2 | [Dockerfile](src/aspnet/4.7.2/windowsservercore-ltsc2016/Dockerfile)
95+
4.7.1-20250812-windowsservercore-ltsc2016, 4.7.1-windowsservercore-ltsc2016, 4.7.1 | [Dockerfile](src/aspnet/4.7.1/windowsservercore-ltsc2016/Dockerfile)
96+
4.7-20250812-windowsservercore-ltsc2016, 4.7-windowsservercore-ltsc2016, 4.7 | [Dockerfile](src/aspnet/4.7/windowsservercore-ltsc2016/Dockerfile)
97+
4.6.2-20250812-windowsservercore-ltsc2016, 4.6.2-windowsservercore-ltsc2016, 4.6.2 | [Dockerfile](src/aspnet/4.6.2/windowsservercore-ltsc2016/Dockerfile)
98+
3.5-20250812-windowsservercore-ltsc2016, 3.5-windowsservercore-ltsc2016, 3.5 | [Dockerfile](src/aspnet/3.5/windowsservercore-ltsc2016/Dockerfile)
9999
<!--End of generated tags-->
100100

101101
*Tags not listed in the table above are not supported. See the [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md).

README.runtime.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -81,12 +81,12 @@ Tag | Dockerfile
8181

8282
Tag | Dockerfile
8383
---------| ---------------
84-
4.8-20250708-windowsservercore-ltsc2016, 4.8-windowsservercore-ltsc2016, 4.8, latest | [Dockerfile](src/runtime/4.8/windowsservercore-ltsc2016/Dockerfile)
85-
4.7.2-20250708-windowsservercore-ltsc2016, 4.7.2-windowsservercore-ltsc2016, 4.7.2 | [Dockerfile](src/runtime/4.7.2/windowsservercore-ltsc2016/Dockerfile)
86-
4.7.1-20250708-windowsservercore-ltsc2016, 4.7.1-windowsservercore-ltsc2016, 4.7.1 | [Dockerfile](src/runtime/4.7.1/windowsservercore-ltsc2016/Dockerfile)
87-
4.7-20250708-windowsservercore-ltsc2016, 4.7-windowsservercore-ltsc2016, 4.7 | [Dockerfile](src/runtime/4.7/windowsservercore-ltsc2016/Dockerfile)
88-
4.6.2-20250708-windowsservercore-ltsc2016, 4.6.2-windowsservercore-ltsc2016, 4.6.2 | [Dockerfile](src/runtime/4.6.2/windowsservercore-ltsc2016/Dockerfile)
89-
3.5-20250708-windowsservercore-ltsc2016, 3.5-windowsservercore-ltsc2016, 3.5 | [Dockerfile](src/runtime/3.5/windowsservercore-ltsc2016/Dockerfile)
84+
4.8-20250812-windowsservercore-ltsc2016, 4.8-windowsservercore-ltsc2016, 4.8, latest | [Dockerfile](src/runtime/4.8/windowsservercore-ltsc2016/Dockerfile)
85+
4.7.2-20250812-windowsservercore-ltsc2016, 4.7.2-windowsservercore-ltsc2016, 4.7.2 | [Dockerfile](src/runtime/4.7.2/windowsservercore-ltsc2016/Dockerfile)
86+
4.7.1-20250812-windowsservercore-ltsc2016, 4.7.1-windowsservercore-ltsc2016, 4.7.1 | [Dockerfile](src/runtime/4.7.1/windowsservercore-ltsc2016/Dockerfile)
87+
4.7-20250812-windowsservercore-ltsc2016, 4.7-windowsservercore-ltsc2016, 4.7 | [Dockerfile](src/runtime/4.7/windowsservercore-ltsc2016/Dockerfile)
88+
4.6.2-20250812-windowsservercore-ltsc2016, 4.6.2-windowsservercore-ltsc2016, 4.6.2 | [Dockerfile](src/runtime/4.6.2/windowsservercore-ltsc2016/Dockerfile)
89+
3.5-20250812-windowsservercore-ltsc2016, 3.5-windowsservercore-ltsc2016, 3.5 | [Dockerfile](src/runtime/3.5/windowsservercore-ltsc2016/Dockerfile)
9090
<!--End of generated tags-->
9191

9292
*Tags not listed in the table above are not supported. See the [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md).

README.sdk.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -86,8 +86,8 @@ Tag | Dockerfile
8686

8787
Tag | Dockerfile
8888
---------| ---------------
89-
4.8-20250708-windowsservercore-ltsc2016, 4.8-windowsservercore-ltsc2016, 4.8, latest | [Dockerfile](src/sdk/4.8/windowsservercore-ltsc2016/Dockerfile)
90-
3.5-20250708-windowsservercore-ltsc2016, 3.5-windowsservercore-ltsc2016, 3.5 | [Dockerfile](src/sdk/3.5/windowsservercore-ltsc2016/Dockerfile)
89+
4.8-20250812-windowsservercore-ltsc2016, 4.8-windowsservercore-ltsc2016, 4.8, latest | [Dockerfile](src/sdk/4.8/windowsservercore-ltsc2016/Dockerfile)
90+
3.5-20250812-windowsservercore-ltsc2016, 3.5-windowsservercore-ltsc2016, 3.5 | [Dockerfile](src/sdk/3.5/windowsservercore-ltsc2016/Dockerfile)
9191
<!--End of generated tags-->
9292

9393
*Tags not listed in the table above are not supported. See the [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md).

README.wcf.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -90,11 +90,11 @@ Tag | Dockerfile
9090

9191
Tag | Dockerfile
9292
---------| ---------------
93-
4.8-20250708-windowsservercore-ltsc2016, 4.8-windowsservercore-ltsc2016, 4.8, latest | [Dockerfile](src/wcf/4.8/windowsservercore-ltsc2016/Dockerfile)
94-
4.7.2-20250708-windowsservercore-ltsc2016, 4.7.2-windowsservercore-ltsc2016, 4.7.2 | [Dockerfile](src/wcf/4.7.2/windowsservercore-ltsc2016/Dockerfile)
95-
4.7.1-20250708-windowsservercore-ltsc2016, 4.7.1-windowsservercore-ltsc2016, 4.7.1 | [Dockerfile](src/wcf/4.7.1/windowsservercore-ltsc2016/Dockerfile)
96-
4.7-20250708-windowsservercore-ltsc2016, 4.7-windowsservercore-ltsc2016, 4.7 | [Dockerfile](src/wcf/4.7/windowsservercore-ltsc2016/Dockerfile)
97-
4.6.2-20250708-windowsservercore-ltsc2016, 4.6.2-windowsservercore-ltsc2016, 4.6.2 | [Dockerfile](src/wcf/4.6.2/windowsservercore-ltsc2016/Dockerfile)
93+
4.8-20250812-windowsservercore-ltsc2016, 4.8-windowsservercore-ltsc2016, 4.8, latest | [Dockerfile](src/wcf/4.8/windowsservercore-ltsc2016/Dockerfile)
94+
4.7.2-20250812-windowsservercore-ltsc2016, 4.7.2-windowsservercore-ltsc2016, 4.7.2 | [Dockerfile](src/wcf/4.7.2/windowsservercore-ltsc2016/Dockerfile)
95+
4.7.1-20250812-windowsservercore-ltsc2016, 4.7.1-windowsservercore-ltsc2016, 4.7.1 | [Dockerfile](src/wcf/4.7.1/windowsservercore-ltsc2016/Dockerfile)
96+
4.7-20250812-windowsservercore-ltsc2016, 4.7-windowsservercore-ltsc2016, 4.7 | [Dockerfile](src/wcf/4.7/windowsservercore-ltsc2016/Dockerfile)
97+
4.6.2-20250812-windowsservercore-ltsc2016, 4.6.2-windowsservercore-ltsc2016, 4.6.2 | [Dockerfile](src/wcf/4.6.2/windowsservercore-ltsc2016/Dockerfile)
9898
<!--End of generated tags-->
9999

100100
*Tags not listed in the table above are not supported. See the [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md).

eng/common/Dockerfile.syft

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
ARG SYFT_IMAGE_NAME
2+
ARG TARGET_IMAGE_NAME
3+
4+
FROM ${SYFT_IMAGE_NAME} AS syft
5+
FROM ${TARGET_IMAGE_NAME} AS scan-image
6+
7+
FROM syft AS run-scan
8+
ARG TARGET_IMAGE_NAME
9+
ENV SYFT_CHECK_FOR_APP_UPDATE=0 \
10+
SYFT_SOURCE_NAME=${TARGET_IMAGE_NAME}
11+
USER root
12+
RUN --mount=from=scan-image,source=/,target=/rootfs \
13+
["/syft", "scan", "/rootfs/", "--select-catalogers", "image", "--output", "spdx-json=/manifest.spdx.json"]
14+
15+
FROM scratch AS output
16+
COPY --from=run-scan /manifest.spdx.json /manifest.spdx.json

eng/common/Pull-Image.ps1

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
#!/usr/bin/env pwsh
2+
3+
[cmdletbinding()]
4+
param(
5+
[Parameter(Mandatory = $true, Position = 0)]
6+
[string]$Image,
7+
8+
[Parameter(Mandatory = $false)]
9+
[int]$Retries = 2,
10+
11+
[Parameter(Mandatory = $false)]
12+
[int]$WaitFactor = 6
13+
)
14+
15+
Set-StrictMode -Version Latest
16+
$ErrorActionPreference = 'Stop'
17+
18+
& "$PSScriptRoot/Invoke-WithRetry.ps1" "docker pull $Image" -Retries $Retries -WaitFactor $WaitFactor

eng/common/templates/1es-official.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
# do the following:
33
#
44
# - Do not rely on any source code from the versions repo so as to not circumvent SDL and CG guidelines
5-
# - The versions repo resource must be named `InternalVersionsRepo` or `PublicVersionsRepo` to avoid SDL scans
5+
# - The versions repo resource must be named `VersionsRepo` to avoid SDL scans
66
# - The versions repo must be checked out to `$(Build.SourcesDirectory)/versions` to avoid CG scans
77
#
88
# If the pipeline is not using a separate repository resource, ensure that there is no source code checked out in
@@ -57,14 +57,14 @@ extends:
5757
enabled: true
5858
sourceRepositoriesToScan:
5959
exclude:
60-
- repository: InternalVersionsRepo
61-
- repository: PublicVersionsRepo
60+
- repository: VersionsRepo
6261
sourceAnalysisPool: ${{ parameters.sourceAnalysisPool }}
6362
tsa:
6463
enabled: true
6564
stages:
66-
- template: /eng/common/templates/stages/setup-service-connections.yml@self
67-
parameters:
68-
pool: ${{ parameters.pool }}
69-
serviceConnections: ${{ parameters.serviceConnections }}
65+
- ${{ if gt(length(parameters.serviceConnections), 0) }}:
66+
- template: /eng/common/templates/stages/setup-service-connections.yml@self
67+
parameters:
68+
pool: ${{ parameters.pool }}
69+
serviceConnections: ${{ parameters.serviceConnections }}
7070
- ${{ parameters.stages }}

eng/common/templates/1es-unofficial.yml

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -71,8 +71,9 @@ extends:
7171
tsa:
7272
enabled: true
7373
stages:
74-
- template: /eng/common/templates/stages/setup-service-connections.yml@self
75-
parameters:
76-
pool: ${{ parameters.pool }}
77-
serviceConnections: ${{ parameters.serviceConnections }}
74+
- ${{ if gt(length(parameters.serviceConnections), 0) }}:
75+
- template: /eng/common/templates/stages/setup-service-connections.yml@self
76+
parameters:
77+
pool: ${{ parameters.pool }}
78+
serviceConnections: ${{ parameters.serviceConnections }}
7879
- ${{ parameters.stages }}

eng/common/templates/1es.yml

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
# When extending this template, pipelines using a repository resource containing versions files for image caching must
2+
# do the following:
3+
#
4+
# - Do not rely on any source code from the versions repo so as to not circumvent SDL and CG guidelines
5+
# - The versions repo resource must be named `VersionsRepo` to avoid SDL scans
6+
# - The versions repo must be checked out to `$(Build.SourcesDirectory)/versions` to avoid CG scans
7+
#
8+
# If the pipeline is not using a separate repository resource, ensure that there is no source code checked out in
9+
# `$(Build.SourcesDirectory)/versions`, as it will not be scanned.
10+
11+
parameters:
12+
- name: stages
13+
type: stageList
14+
default: []
15+
# List of repositories that will be excluded from SDL scanning. This should
16+
# only be used when including other repos without building their source code.
17+
# E.g. for the dotnet/versions repo.
18+
- name: reposToExcludeFromScanning
19+
type: object
20+
default: []
21+
# The pool that will be used for initializing service connections.
22+
- name: pool
23+
type: object
24+
default:
25+
name: $(default1ESInternalPoolName)
26+
image: $(default1ESInternalPoolImage)
27+
os: linux
28+
# The pool that will be used for SDL jobs.
29+
- name: sourceAnalysisPool
30+
type: object
31+
default:
32+
name: $(defaultSourceAnalysisPoolName)
33+
image: $(defaultSourceAnalysisPoolImage)
34+
os: windows
35+
36+
resources:
37+
repositories:
38+
- repository: 1ESPipelineTemplates
39+
type: git
40+
name: 1ESPipelineTemplates/1ESPipelineTemplates
41+
ref: refs/tags/release
42+
43+
extends:
44+
template: /eng/common/templates/task-prefix-decorator.yml@self
45+
parameters:
46+
baseTemplate: v1/1ES.${{ iif(contains(variables['Build.DefinitionName'], '-official'), 'Official', 'Unofficial') }}.PipelineTemplate.yml@1ESPipelineTemplates
47+
templateParameters:
48+
pool: ${{ parameters.pool }}
49+
sdl:
50+
# Required for unofficial pipelines because we rely on the ManifestGeneratorTask that is
51+
# automatically installed by 1ES pipeline templates
52+
sbom:
53+
enabled: true
54+
binskim:
55+
enabled: true
56+
componentgovernance:
57+
ignoreDirectories: $(Build.SourcesDirectory)/versions
58+
showAlertLink: true
59+
policheck:
60+
enabled: true
61+
${{ if ne(length(parameters.reposToExcludeFromScanning), 0) }}:
62+
sourceRepositoriesToScan:
63+
exclude:
64+
- ${{ each repo in parameters.reposToExcludeFromScanning }}:
65+
- repository: ${{ repo }}
66+
sourceAnalysisPool: ${{ parameters.sourceAnalysisPool }}
67+
tsa:
68+
enabled: true
69+
stages:
70+
- ${{ parameters.stages }}

0 commit comments

Comments
 (0)