feat: add scripts hotfix pipeline for test#8046
Conversation
Devinwong
requested review from
AbelHu,
awesomenix,
calvin197,
cameronmeissner,
djsly,
ganeshkumarashok,
juan-lee,
junjiezhang1997,
lilypan26,
mxj220,
pdamianov-dev,
phealy,
r2k1,
sulixu,
surajssd,
timmy-wright and
zachary-bailey
as code owners
There was a problem hiding this comment.
Pull request overview
Adds a manually triggered Azure DevOps pipeline intended to build, validate (via e2e), and publish “provisioning scripts hotfix” OCI artifacts to AKS-managed ACR and onward MCR syndication.
Changes:
- Introduces a new
.pipelines/.vsts-provisioning-scripts-hotfix.yamlpipeline with Build / Validate / Publish stages. - Adds parameter validation (SKU + affected VHD version format) and conditional validation skipping.
| - bash: | | ||
| set -euo pipefail | ||
| bash vhdbuilder/provisioning-manifest/build-hotfix-oci.sh \ | ||
| --sku "${{ parameters.sku }}" \ | ||
| --affected-version "${{ parameters.affectedVersion }}" \ | ||
| --description "${{ parameters.description }}" \ | ||
| --files "${{ parameters.changedFiles }}" \ | ||
| --dry-run |
There was a problem hiding this comment.
The pipeline invokes vhdbuilder/provisioning-manifest/build-hotfix-oci.sh, but there is no vhdbuilder/provisioning-manifest/ directory (or build-hotfix-oci.sh) in the repo. As written, the Build stage will fail immediately. Either add the missing script/directory in this PR or update the path to the correct existing script location.
| inlineScript: | | ||
| set -euo pipefail | ||
| az acr login --name $(E2E_HOTFIX_ACR_NAME) | ||
|
|
||
| bash vhdbuilder/provisioning-manifest/build-hotfix-oci.sh \ | ||
| --sku "${{ parameters.sku }}" \ | ||
| --affected-version "${{ parameters.affectedVersion }}" \ | ||
| --description "${{ parameters.description }}" \ | ||
| --files "${{ parameters.changedFiles }}" \ | ||
| --registry "$(E2E_HOTFIX_ACR_NAME).azurecr.io" |
There was a problem hiding this comment.
Same issue as the Build stage: this job calls vhdbuilder/provisioning-manifest/build-hotfix-oci.sh, but that script/path does not exist in the repository, so pushing to the test ACR cannot work.
| inlineScript: | | ||
| set -euo pipefail | ||
| az acr login --name aksnipackages | ||
|
|
||
| bash vhdbuilder/provisioning-manifest/build-hotfix-oci.sh \ | ||
| --sku "${{ parameters.sku }}" \ | ||
| --affected-version "${{ parameters.affectedVersion }}" \ | ||
| --description "${{ parameters.description }}" \ | ||
| --files "${{ parameters.changedFiles }}" \ | ||
| --registry "aksnipackages.azurecr.io" |
There was a problem hiding this comment.
Same issue as earlier stages: the Publish job calls vhdbuilder/provisioning-manifest/build-hotfix-oci.sh, but the referenced script/path is missing from the repo, so production publishing will fail.
| set -euo pipefail | ||
| # Override the hotfix registry so check_for_script_hotfix() | ||
| # pulls from the test ACR instead of mcr.microsoft.com | ||
| export HOTFIX_REGISTRY="$(E2E_HOTFIX_ACR_NAME).azurecr.io" | ||
|
|
||
| # Run the standard e2e harness — the test node will detect | ||
| # and apply the hotfix from the test ACR during provisioning | ||
| bash .pipelines/scripts/e2e_run.sh |
There was a problem hiding this comment.
The Validate stage claims setting HOTFIX_REGISTRY will cause the node to “detect and apply the hotfix”, but there is no HOTFIX_REGISTRY reference nor check_for_script_hotfix() implementation anywhere in the repo. As a result, this validation run won’t actually exercise the hotfix mechanism and could provide false confidence. Either wire the hotfix registry into the e2e harness/provisioning flow (e.g., via SIG/customData inputs) or remove/replace the misleading logic/comments.
There was a problem hiding this comment.
Other functions and scripts will be provided in the topic branch. I need a pipeline so that I can test my topic branch
| BUILD_SRC_DIR: $(System.DefaultWorkingDirectory) | ||
| DefaultWorkingDirectory: $(Build.SourcesDirectory) | ||
| HOTFIX_REGISTRY: $(E2E_HOTFIX_ACR_NAME).azurecr.io | ||
| TAGS_TO_RUN: "os=linux" |
There was a problem hiding this comment.
affectedVersion is a required parameter, but it is only used when building the artifact; the e2e validation job never uses it to select or validate against the affected VHD version (e2e uses SIG_VERSION_TAG_NAME/SIG_VERSION_TAG_VALUE or VHD_BUILD_ID). This means the Validate stage may test an unrelated image (default main) instead of the version being hotfixed.
| TAGS_TO_RUN: "os=linux" | |
| AFFECTED_VERSION: ${{ parameters.affectedVersion }} | |
| TAGS_TO_RUN: "os=linux,affectedVersion=${{ parameters.affectedVersion }}" |
| inlineScript: | | ||
| bash .pipelines/scripts/e2e_delete_vmss.sh | ||
|
|
||
| # Stage 3: Publish to production ACR (syndicates to MAR) |
There was a problem hiding this comment.
The comment says “syndicates to MAR” but earlier in the file you refer to “MCR syndication”. If this is meant to be Microsoft Container Registry, this should be “MCR” for consistency; otherwise clarify what “MAR” refers to.
| # Stage 3: Publish to production ACR (syndicates to MAR) | |
| # Stage 3: Publish to production ACR (syndicates to MCR) |
What this PR does / why we need it:
Add scripts hotfix pipeline for test because ADO pipeline only can be created based on yaml file on
mainbranch.Which issue(s) this PR fixes:
Fixes #