Skip to content

Update the docker build process #142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
joe-braley merged 9 commits into from
Feb 18, 2026
Merged

Update the docker build process #142

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
74cb66c
wip: adjust how we call signing process
joebraley Feb 4, 2026
569173e
Update annotations
joebraley Feb 10, 2026
dbb5543
Add retries for build image
joebraley Feb 10, 2026
8b0923a
Add short digest tag
joebraley Feb 10, 2026
e91df27
Add missing args
joebraley Feb 10, 2026
cdd53d3
PR feedback
joebraley Feb 12, 2026
b230217
Add condition
joebraley Feb 12, 2026
b9e4190
PR feedback
joebraley Feb 17, 2026
9ab2e4a
Wip: Fix args
joebraley Feb 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
280 changes: 122 additions & 158 deletions .devops/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,50 +13,33 @@ trigger:
exclude:
- .devops
- .github/workflows

pr: none

parameters:
- name: organization
type: string
- name: feed
type: string
- name: package
- name: az_package
type: string
displayName: "Oras package name"
- name: dryrun
displayName: "Execute a dry run?"
type: boolean
default: false
- name: jobs
type: object
default:
azurelinux_8:
new_LTS_image: false
hasExistingImages: true
distro: azurelinux
version: 8
package: temurin-8
image: "image-repository"
tag: "3.0"
distroless_8:
new_LTS_image: false
distro: distroless
version: 8
package: temurin-8
installer_image: "image-repository"
installer_tag: "3.0"
base_image: "image-repository"
base_tag: "3.0"
ubuntu_11:
new_LTS_image: false
distro: ubuntu
version: 11
package: msopenjdk-11
image: "image-repository"
tag: "image-tag"
azurelinux_11:
new_LTS_image: false
distro: azurelinux
version: 11
package: msopenjdk-11
image: "image-repository"
tag: "3.0"
distroless_11:
new_LTS_image: false
hasExistingImages: true
distro: distroless
version: 11
package: msopenjdk-11
Expand All @@ -65,51 +48,19 @@ parameters:
base_image: "image-repository"
base_tag: "3.0"
ubuntu_17:
new_LTS_image: false
hasExistingImages: true
distro: ubuntu
version: 17
package: msopenjdk-17
image: "image-repository"
tag: "image-tag"
azurelinux_17:
new_LTS_image: false
distro: azurelinux
version: 17
package: msopenjdk-17
image: "image-repository"
tag: "3.0"
distroless_17:
new_LTS_image: false
distro: distroless
version: 17
package: msopenjdk-17
installer_image: "image-repository"
installer_tag: "3.0"
base_image: "image-repository"
base_tag: "3.0"
ubuntu_21:
new_LTS_image: false
distro: ubuntu
version: 21
package: msopenjdk-21
image: "image-repository"
tag: "image-tag"
azurelinux_21:
new_LTS_image: false
hasExistingImages: true
distro: azurelinux
version: 21
package: msopenjdk-21
image: "image-repository"
tag: "3.0"
distroless_21:
new_LTS_image: false
distro: distroless
version: 21
package: msopenjdk-21
installer_image: "image-repository"
installer_tag: "3.0"
base_image: "image-repository"
base_tag: "3.0"

resources:
repositories:
Expand All @@ -127,157 +78,170 @@ extends:
os: windows
stages:
- stage: build_internal
displayName: "Build Internal"
displayName: Build Internal
variables:
ACR_NAME: msopenjdk
jobs:
- job: build_internal
displayName: "build internal"
pool:
name: JEG-azurelinux-x64-release
os: linux
strategy:
matrix: ${{ parameters.jobs }}
steps:
- task: AzureCLI@2
displayName: "Download ORAS"
condition: ne( variables['new_LTS_image'], true)
inputs:
azureSubscription: "JEG-Infrastructure"
scriptType: "bash"
scriptLocation: "scriptPath"
scriptPath: $(Build.SourcesDirectory)/scripts/install-oras.sh
env:
AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
ORAS_VERSION: 1.1.0
ORGANIZATION: ${{ parameters.organization }}
FEED: ${{ parameters.feed }}
NAME: ${{ parameters.package }}
- template: /.devops/templates/prepare-annotation.yml@self
parameters:
registry: $(INTERNAL_ACR_REGISTRY)
tag: $(version)-$(distro)

- bash: |
REGISTRIES=msopenjdk.azurecr.io/internal/private/openjdk/jdk:$(version)-$(distro)
REGISTRIES=$(INTERNAL_ACR_REGISTRY):$(version)-$(distro)
if [[ "$(distro)" == "azurelinux" ]]; then
REGISTRIES+=";msopenjdk.azurecr.io/internal/private/openjdk/jdk:$(version)-mariner"
REGISTRIES+=";$(INTERNAL_ACR_REGISTRY):$(version)-mariner"
fi
echo "##vso[task.setvariable variable=REGISTRIES]$REGISTRIES"
displayName: Set REGISTRIES variable

- task: AzureCLI@2
displayName: Annotate previous image
condition: ne( variables['new_LTS_image'], true)
inputs:
azureSubscription: "JEG-Infrastructure"
scriptType: "bash"
scriptLocation: "scriptPath"
scriptPath: $(Build.SourcesDirectory)/scripts/image-annotation.sh
env:
ACR_NAME: msopenjdk
REGISTRIES: $(REGISTRIES)
- task: AzureCLI@2
retryCountOnTaskFailure: 2
inputs:
azureSubscription: "JEG-Infrastructure"
scriptType: "bash"
scriptLocation: "scriptPath"
scriptPath: $(Build.SourcesDirectory)/scripts/build-image.sh
displayName: build image
env:
REGISTRY_TAGS: $(REGISTRIES)
IMAGE: $(image)
TAG: $(tag)
PACKAGE: $(package)
DISTRIBUTION: $(distro)
INSTALLER_IMAGE: $(installer_image)
INSTALLER_TAG: $(installer_tag)
${{ if eq(parameters.dryrun, true) }}:
arguments: >
--image $(image)
--tag $(tag)
--package $(package)
--distribution $(distro)
--registries $(REGISTRIES)
--installer-image $(installer_image)
--installer-tag $(installer_tag)
--base-image $(base_image)
--base-tag $(base_tag)
--dryrun
${{ else }}:
arguments: >
--image $(image)
--tag $(tag)
--package $(package)
--distribution $(distro)
--registries $(REGISTRIES)
--installer-image $(installer_image)
--installer-tag $(installer_tag)
--base-image $(base_image)
--base-tag $(base_tag)
displayName: build container image

- template: /.devops/templates/annotate-image.yml@self
parameters:
registry: $(INTERNAL_ACR_REGISTRY)
organization: ${{ parameters.organization }}
feed: ${{ parameters.feed }}
package: ${{ parameters.az_package }}
dryrun: ${{ parameters.dryrun }}


- stage: validate_and_publish
displayName: "Validate & Publish"
dependsOn: build_internal
jobs:

- job: wait_for_validation
displayName: wait for validation
pool: server
steps:
- task: ManualValidation@0
# 3 days
timeoutInMinutes: 4320
timeoutInMinutes: 4320 # Three days
inputs:
instructions: "please validate the build configuration, artifacts, tests, and resume"
onTimeout: "resume"

- job: build_public
displayName: "build public "
dependsOn: wait_for_validation
pool:
name: JEG-azurelinux-x64-release
os: linux
strategy:
matrix: ${{ parameters.jobs }}
variables:
ACR_NAME: msopenjdk
steps:
- task: AzureCLI@2
displayName: "Download ORAS"
condition: ne( variables['new_LTS_image'], true)
inputs:
azureSubscription: "JEG-Infrastructure"
scriptType: "bash"
scriptLocation: "scriptPath"
scriptPath: $(Build.SourcesDirectory)/scripts/install-oras.sh
env:
AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
ORAS_VERSION: 1.1.0
ORGANIZATION: ${{ parameters.organization }}
FEED: ${{ parameters.feed }}
NAME: ${{ parameters.package }}
- template: /.devops/templates/prepare-annotation.yml@self
parameters:
registry: $(ACR_REGISTRY)
tag: $(version)-$(distro)

- bash: |
REGISTRIES=msopenjdk.azurecr.io/public/openjdk/jdk:$(version)-$(distro)
TAGS="$(version)-$(distro)"
REGISTRIES=$(ACR_REGISTRY):$(version)-$(distro)
if [[ "$(distro)" == "azurelinux" ]]; then
REGISTRIES+=";msopenjdk.azurecr.io/public/openjdk/jdk:$(version)-mariner"
REGISTRIES+=";$(ACR_REGISTRY):$(version)-mariner"
fi
echo "##vso[task.setvariable variable=REGISTRIES]$REGISTRIES"
echo "##vso[task.setvariable variable=TAGS]$TAGS"
displayName: Set environment variables
displayName: Set REGISTRIES variable

- task: AzureCLI@2
displayName: Annotate previous image
condition: ne( variables['new_LTS_image'], true)
retryCountOnTaskFailure: 2
inputs:
azureSubscription: "JEG-Infrastructure"
scriptType: "bash"
scriptLocation: "scriptPath"
scriptPath: $(Build.SourcesDirectory)/scripts/image-annotation.sh
env:
ACR_NAME: msopenjdk
REGISTRIES: $(REGISTRIES)
scriptPath: $(Build.SourcesDirectory)/scripts/build-image.sh
${{ if eq(parameters.dryrun, true) }}:
arguments: >
--image $(image)
--tag $(tag)
--package $(package)
--distribution $(distro)
--registries $(REGISTRIES)
--installer-image $(installer_image)
--installer-tag $(installer_tag)
--base-image $(base_image)
--base-tag $(base_tag)
--dryrun
${{ else }}:
arguments: >
--image $(image)
--tag $(tag)
--package $(package)
--distribution $(distro)
--registries $(REGISTRIES)
--installer-image $(installer_image)
--installer-tag $(installer_tag)
--base-image $(base_image)
--base-tag $(base_tag)
displayName: build container image

- task: AzureCLI@2
inputs:
azureSubscription: "JEG-Infrastructure"
scriptType: "bash"
scriptLocation: "scriptPath"
scriptPath: scripts/build-image.sh
displayName: build image
env:
REGISTRY_TAGS: $(REGISTRIES)
IMAGE: $(image)
TAG: $(tag)
PACKAGE: $(package)
DISTRIBUTION: $(distro)
INSTALLER_IMAGE: $(installer_image)
INSTALLER_TAG: $(installer_tag)
- template: /.devops/templates/annotate-image.yml@self
parameters:
registry: $(ACR_REGISTRY)
organization: ${{ parameters.organization }}
feed: ${{ parameters.feed }}
package: ${{ parameters.az_package }}
dryrun: ${{ parameters.dryrun }}

- task: AzureCLI@2
displayName: Trigger image signing
env:
AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
inputs:
azureSubscription: "JEG-Infrastructure"
scriptType: "bash"
scriptLocation: "inlineScript"
inlineScript: |
az pipelines run \
--branch main \
--org ${{ parameters.organization }} \
--project $(OPENJDK_PROJECT) \
--id $(OPENJDK_SIGNING_ID) \
--parameters openjdk_tags="[$(TAGS)]" \
image_registry="msopenjdk.azurecr.io/public/openjdk" \
image_name="jdk"
- bash: |
short_digest=$(echo "$(containerImageDigest)" | cut -c1-15)
echo "##vso[build.addbuildtag]$short_digest"
displayName: Add build tag from image digest
condition: ne(${{ parameters.dryrun }}, true)

- ${{ if ne(parameters.dryrun, true) }}:
- task: AzureCLI@2
displayName: Trigger signing
env:
AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
inputs:
azureSubscription: "JEG-Infrastructure"
scriptType: "bash"
scriptLocation: "inlineScript"
inlineScript: |
az pipelines run \
--branch main \
--org ${{ parameters.organization }} \
--project $(OPENJDK_PROJECT) \
--id $(OPENJDK_SIGNING_ID) \
--parameters registry="$(ACR_REGISTRY)" \
reference="$(containerImageDigest)" \
reference_type="container_digest"
Loading
Loading