Skip to content

Commit 0bf999c

Browse files
[main] Update Image Builder tag reference (#1963)
Updates the common pipeline variables to reference an updated tag of Image Builder. --------- Co-authored-by: Logan Bussell <loganbussell@microsoft.com>
1 parent a825723 commit 0bf999c

15 files changed

Lines changed: 214 additions & 143 deletions

eng/docker-tools/CHANGELOG.md

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
# Docker Tools / ImageBuilder Changelog
2+
3+
All breaking changes and new features in `eng/docker-tools` will be documented in this file.
4+
5+
---
6+
7+
## 2026-02-19: Separate Registry Endpoints from Authentication
8+
9+
- Pull request: [#1945](https://github.com/dotnet/docker-tools/pull/1945)
10+
- Issue: [#1914](https://github.com/dotnet/docker-tools/issues/1914)
11+
12+
Authentication details (`serviceConnection`, `resourceGroup`, `subscription`) have been moved from individual registry endpoints into a centralized `RegistryAuthentication` list.
13+
This fixes an issue where ACR authentication could fail when multiple service connections existed for the same registry.
14+
15+
**Before:** Each registry endpoint embedded its own authentication:
16+
17+
```yaml
18+
publishConfig:
19+
BuildRegistry:
20+
server: $(acr.server)
21+
repoPrefix: "my-prefix/"
22+
resourceGroup: $(resourceGroup)
23+
subscription: $(subscription)
24+
serviceConnection:
25+
name: $(serviceConnectionName)
26+
id: $(serviceConnection.id)
27+
clientId: $(serviceConnection.clientId)
28+
tenantId: $(tenant)
29+
PublishRegistry:
30+
server: $(acr.server)
31+
repoPrefix: "publish/"
32+
resourceGroup: $(resourceGroup)
33+
subscription: $(subscription)
34+
serviceConnection:
35+
name: $(publishServiceConnectionName)
36+
id: $(publishServiceConnection.id)
37+
clientId: $(publishServiceConnection.clientId)
38+
tenantId: $(tenant)
39+
```
40+
41+
**After:** Registry endpoints only contain `server` and `repoPrefix`. Authentication is centralized:
42+
43+
```yaml
44+
publishConfig:
45+
BuildRegistry:
46+
server: $(acr.server)
47+
repoPrefix: "my-prefix/"
48+
PublishRegistry:
49+
server: $(acr.server)
50+
repoPrefix: "publish/"
51+
RegistryAuthentication:
52+
- server: $(acr.server)
53+
resourceGroup: $(resourceGroup)
54+
subscription: $(subscription)
55+
serviceConnection:
56+
name: $(serviceConnectionName)
57+
id: $(serviceConnection.id)
58+
clientId: $(serviceConnection.clientId)
59+
tenantId: $(tenant)
60+
```
61+
62+
How to update:
63+
- Update any publishConfig parameters to match the new structure.
64+
- Multiple registries can share authentication. If two registries use the same ACR server, only one entry is needed in `RegistryAuthentication`.
65+
- The new structure should match [ImageBuilder's Configuration Model](https://github.com/dotnet/docker-tools/tree/a82572386854f15af441c50c6efa698a627e9f2b/src/ImageBuilder/Configuration).
66+
- Update service connection setup (if using `setup-service-connections.yml`):
67+
- The template now supports looking up service connections from `publishConfig.RegistryAuthentication`
68+
- Use the new `usesRegistries` parameter to specify which registries need auth setup:
69+
```yaml
70+
- template: eng/docker-tools/templates/stages/setup-service-connections.yml
71+
parameters:
72+
publishConfig: ${{ variables.publishConfig }}
73+
usesRegistries:
74+
- $(buildRegistry.server)
75+
- $(publishRegistry.server)
76+
```

eng/docker-tools/templates/jobs/build-images.yml

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,7 @@ parameters:
44
matrix: {}
55
dockerClientOS: null
66
buildJobTimeout: 60
7-
# Custom steps to set up ImageBuilder instead of pulling from MCR (e.g., bootstrap from source).
8-
# Runs before ImageBuilder pull. If non-empty, skips the default ImageBuilder pull.
97
customInitSteps: []
10-
# Custom steps that run after ImageBuilder is set up but before the build starts.
11-
# Use for build-specific initialization (e.g., setting variables, additional setup).
12-
customBuildInitSteps: []
138
publishConfig: null
149
versionsRepoRef: ""
1510
noCache: false
@@ -41,7 +36,6 @@ jobs:
4136
versionsRepoRef: ${{ parameters.versionsRepoRef }}
4237
cleanupDocker: true
4338
customInitSteps: ${{ parameters.customInitSteps }}
44-
- ${{ parameters.customBuildInitSteps }}
4539
- template: /eng/docker-tools/templates/steps/set-image-info-path-var.yml@self
4640
parameters:
4741
publicSourceBranch: $(publicSourceBranch)
@@ -91,8 +85,6 @@ jobs:
9185
--architecture $(architecture)
9286
--retry
9387
--digests-out-var 'builtImages'
94-
--acr-subscription '${{ parameters.publishConfig.BuildRegistry.subscription }}'
95-
--acr-resource-group '${{ parameters.publishConfig.BuildRegistry.resourceGroup }}'
9688
$(manifestVariables)
9789
$(imageBuilderBuildArgs)
9890
- template: /eng/docker-tools/templates/steps/publish-artifact.yml@self

eng/docker-tools/templates/jobs/copy-base-images-staging.yml

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -8,15 +8,9 @@ parameters:
88
- name: publishConfig
99
type: object
1010
default: null
11-
# Custom steps to set up ImageBuilder instead of pulling from MCR (e.g., bootstrap from source).
12-
# Runs before ImageBuilder pull. If non-empty, skips the default ImageBuilder pull.
1311
- name: customInitSteps
1412
type: stepList
1513
default: []
16-
# Custom steps that run after ImageBuilder is set up but before copy-base-images runs.
17-
- name: customCopyBaseImagesInitSteps
18-
type: stepList
19-
default: []
2014
- name: additionalOptions
2115
type: string
2216
default: ''
@@ -34,7 +28,6 @@ jobs:
3428
pool: ${{ parameters.pool }}
3529
publishConfig: ${{ parameters.publishConfig }}
3630
customInitSteps: ${{ parameters.customInitSteps }}
37-
customCopyBaseImagesInitSteps: ${{ parameters.customCopyBaseImagesInitSteps }}
3831
additionalOptions: ${{ parameters.additionalOptions }}
3932
acr: ${{ parameters.publishConfig.InternalMirrorRegistry }}
4033
versionsRepoRef: ${{ parameters.versionsRepoRef }}

eng/docker-tools/templates/jobs/copy-base-images.yml

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -11,15 +11,9 @@ parameters:
1111
- name: acr
1212
type: object
1313
default: null
14-
# Custom steps to set up ImageBuilder instead of pulling from MCR (e.g., bootstrap from source).
15-
# Runs before ImageBuilder pull. If non-empty, skips the default ImageBuilder pull.
1614
- name: customInitSteps
1715
type: stepList
1816
default: []
19-
# Custom steps that run after ImageBuilder is set up but before copy-base-images runs.
20-
- name: customCopyBaseImagesInitSteps
21-
type: stepList
22-
default: []
2317
- name: additionalOptions
2418
type: string
2519
default: ''
@@ -43,7 +37,6 @@ jobs:
4337
publishConfig: ${{ parameters.publishConfig }}
4438
customInitSteps: ${{ parameters.customInitSteps }}
4539
versionsRepoRef: ${{ parameters.versionsRepoRef }}
46-
- ${{ parameters.customCopyBaseImagesInitSteps }}
4740
- template: /eng/docker-tools/templates/steps/copy-base-images.yml@self
4841
parameters:
4942
acr: ${{ parameters.acr }}

eng/docker-tools/templates/jobs/generate-matrix.yml

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,7 @@ parameters:
77
internalProjectName: null
88
noCache: false
99
publishConfig: null
10-
# Custom steps to set up ImageBuilder instead of pulling from MCR (e.g., bootstrap from source).
11-
# Runs before ImageBuilder pull. If non-empty, skips the default ImageBuilder pull.
1210
customInitSteps: []
13-
# Custom steps that run after ImageBuilder is set up but before matrix generation runs.
14-
customGenerateMatrixInitSteps: []
1511
versionsRepoRef: ""
1612
sourceBuildPipelineRunId: ""
1713

@@ -25,7 +21,6 @@ jobs:
2521
publishConfig: ${{ parameters.publishConfig }}
2622
versionsRepoRef: ${{ parameters.versionsRepoRef }}
2723
customInitSteps: ${{ parameters.customInitSteps }}
28-
- ${{ parameters.customGenerateMatrixInitSteps }}
2924
- template: /eng/docker-tools/templates/steps/retain-build.yml@self
3025
- template: /eng/docker-tools/templates/steps/validate-branch.yml@self
3126
parameters:

eng/docker-tools/templates/jobs/publish.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -97,8 +97,6 @@ jobs:
9797
internalProjectName: ${{ parameters.internalProjectName }}
9898
args: >-
9999
copyAcrImages
100-
'${{ parameters.publishConfig.BuildRegistry.subscription }}'
101-
'${{ parameters.publishConfig.BuildRegistry.resourceGroup }}'
102100
'${{ parameters.publishConfig.BuildRegistry.repoPrefix }}'
103101
'${{ parameters.publishConfig.BuildRegistry.server }}'
104102
--os-type '*'

eng/docker-tools/templates/stages/build-and-test.yml

Lines changed: 31 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,9 @@ parameters:
55
testMatrixCustomBuildLegGroupArgs: ""
66
customCopyBaseImagesInitSteps: []
77
customGenerateMatrixInitSteps: []
8-
# Custom steps to set up ImageBuilder instead of pulling from MCR (e.g., bootstrap from source).
9-
# Runs before ImageBuilder pull. If non-empty, skips the default ImageBuilder pull.
10-
customInitSteps: []
11-
# Custom steps that run after ImageBuilder is set up but before the build starts.
12-
# Use for build-specific initialization (e.g., setting variables, additional setup).
138
customBuildInitSteps: []
149
customTestInitSteps: []
10+
customInitSteps: []
1511
sourceBuildPipelineRunId: ""
1612

1713
linuxAmdBuildJobTimeout: 60
@@ -82,8 +78,9 @@ stages:
8278
publishConfig: ${{ parameters.publishConfig }}
8379
pool: ${{ parameters.linuxAmd64Pool }}
8480
additionalOptions: "--manifest '$(manifest)' $(imageBuilder.pathArgs) $(manifestVariables)"
85-
customInitSteps: ${{ parameters.customInitSteps }}
86-
customCopyBaseImagesInitSteps: ${{ parameters.customCopyBaseImagesInitSteps }}
81+
customInitSteps:
82+
- ${{ parameters.customInitSteps }}
83+
- ${{ parameters.customCopyBaseImagesInitSteps }}
8784
versionsRepoRef: ${{ parameters.versionsRepoRef }}
8885

8986
- template: /eng/docker-tools/templates/jobs/generate-matrix.yml@self
@@ -95,8 +92,9 @@ stages:
9592
internalProjectName: ${{ parameters.internalProjectName }}
9693
noCache: ${{ parameters.noCache }}
9794
publishConfig: ${{ parameters.publishConfig }}
98-
customInitSteps: ${{ parameters.customInitSteps }}
99-
customGenerateMatrixInitSteps: ${{ parameters.customGenerateMatrixInitSteps }}
95+
customInitSteps:
96+
- ${{ parameters.customInitSteps }}
97+
- ${{ parameters.customGenerateMatrixInitSteps }}
10098
versionsRepoRef: ${{ parameters.versionsRepoRef }}
10199

102100
- template: /eng/docker-tools/templates/jobs/build-images.yml@self
@@ -107,8 +105,9 @@ stages:
107105
dockerClientOS: linux
108106
buildJobTimeout: ${{ parameters.linuxAmdBuildJobTimeout }}
109107
versionsRepoRef: ${{ parameters.versionsRepoRef }}
110-
customInitSteps: ${{ parameters.customInitSteps }}
111-
customBuildInitSteps: ${{ parameters.customBuildInitSteps }}
108+
customInitSteps:
109+
- ${{ parameters.customInitSteps }}
110+
- ${{ parameters.customBuildInitSteps }}
112111
noCache: ${{ parameters.noCache }}
113112
publishConfig: ${{ parameters.publishConfig }}
114113
internalProjectName: ${{ parameters.internalProjectName }}
@@ -122,8 +121,9 @@ stages:
122121
dockerClientOS: linux
123122
buildJobTimeout: ${{ parameters.linuxArmBuildJobTimeout }}
124123
versionsRepoRef: ${{ parameters.versionsRepoRef }}
125-
customInitSteps: ${{ parameters.customInitSteps }}
126-
customBuildInitSteps: ${{ parameters.customBuildInitSteps }}
124+
customInitSteps:
125+
- ${{ parameters.customInitSteps }}
126+
- ${{ parameters.customBuildInitSteps }}
127127
noCache: ${{ parameters.noCache }}
128128
publishConfig: ${{ parameters.publishConfig }}
129129
internalProjectName: ${{ parameters.internalProjectName }}
@@ -137,8 +137,9 @@ stages:
137137
dockerClientOS: linux
138138
buildJobTimeout: ${{ parameters.linuxArmBuildJobTimeout }}
139139
versionsRepoRef: ${{ parameters.versionsRepoRef }}
140-
customInitSteps: ${{ parameters.customInitSteps }}
141-
customBuildInitSteps: ${{ parameters.customBuildInitSteps }}
140+
customInitSteps:
141+
- ${{ parameters.customInitSteps }}
142+
- ${{ parameters.customBuildInitSteps }}
142143
noCache: ${{ parameters.noCache }}
143144
publishConfig: ${{ parameters.publishConfig }}
144145
internalProjectName: ${{ parameters.internalProjectName }}
@@ -152,8 +153,9 @@ stages:
152153
dockerClientOS: windows
153154
buildJobTimeout: ${{ parameters.windowsAmdBuildJobTimeout }}
154155
versionsRepoRef: ${{ parameters.versionsRepoRef }}
155-
customInitSteps: ${{ parameters.customInitSteps }}
156-
customBuildInitSteps: ${{ parameters.customBuildInitSteps }}
156+
customInitSteps:
157+
- ${{ parameters.customInitSteps }}
158+
- ${{ parameters.customBuildInitSteps }}
157159
noCache: ${{ parameters.noCache }}
158160
publishConfig: ${{ parameters.publishConfig }}
159161
internalProjectName: ${{ parameters.internalProjectName }}
@@ -167,8 +169,9 @@ stages:
167169
dockerClientOS: windows
168170
buildJobTimeout: ${{ parameters.windowsAmdBuildJobTimeout }}
169171
versionsRepoRef: ${{ parameters.versionsRepoRef }}
170-
customInitSteps: ${{ parameters.customInitSteps }}
171-
customBuildInitSteps: ${{ parameters.customBuildInitSteps }}
172+
customInitSteps:
173+
- ${{ parameters.customInitSteps }}
174+
- ${{ parameters.customBuildInitSteps }}
172175
noCache: ${{ parameters.noCache }}
173176
publishConfig: ${{ parameters.publishConfig }}
174177
internalProjectName: ${{ parameters.internalProjectName }}
@@ -182,8 +185,9 @@ stages:
182185
dockerClientOS: windows
183186
buildJobTimeout: ${{ parameters.windowsAmdBuildJobTimeout }}
184187
versionsRepoRef: ${{ parameters.versionsRepoRef }}
185-
customInitSteps: ${{ parameters.customInitSteps }}
186-
customBuildInitSteps: ${{ parameters.customBuildInitSteps }}
188+
customInitSteps:
189+
- ${{ parameters.customInitSteps }}
190+
- ${{ parameters.customBuildInitSteps }}
187191
noCache: ${{ parameters.noCache }}
188192
publishConfig: ${{ parameters.publishConfig }}
189193
internalProjectName: ${{ parameters.internalProjectName }}
@@ -197,8 +201,9 @@ stages:
197201
dockerClientOS: windows
198202
buildJobTimeout: ${{ parameters.windowsAmdBuildJobTimeout }}
199203
versionsRepoRef: ${{ parameters.versionsRepoRef }}
200-
customInitSteps: ${{ parameters.customInitSteps }}
201-
customBuildInitSteps: ${{ parameters.customBuildInitSteps }}
204+
customInitSteps:
205+
- ${{ parameters.customInitSteps }}
206+
- ${{ parameters.customBuildInitSteps }}
202207
noCache: ${{ parameters.noCache }}
203208
publishConfig: ${{ parameters.publishConfig }}
204209
internalProjectName: ${{ parameters.internalProjectName }}
@@ -246,8 +251,9 @@ stages:
246251
isTestStage: true
247252
internalProjectName: ${{ parameters.internalProjectName }}
248253
publicProjectName: ${{ parameters.publicProjectName }}
249-
customInitSteps: ${{ parameters.customInitSteps }}
250-
customGenerateMatrixInitSteps: ${{ parameters.customGenerateMatrixInitSteps }}
254+
customInitSteps:
255+
- ${{ parameters.customInitSteps }}
256+
- ${{ parameters.customGenerateMatrixInitSteps }}
251257
sourceBuildPipelineRunId: ${{ parameters.sourceBuildPipelineRunId }}
252258
versionsRepoRef: ${{ parameters.versionsRepoRef }}
253259
- template: /eng/docker-tools/templates/jobs/test-images-linux-client.yml@self

eng/docker-tools/templates/stages/dotnet/publish-config-nonprod.yml

Lines changed: 30 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -53,35 +53,44 @@ stages:
5353
InternalMirrorRegistry:
5454
server: $(acr-staging-test.server)
5555
repoPrefix: $(internalMirrorRepoPrefix)
56-
resourceGroup: $(testResourceGroup)
57-
subscription: $(testSubscription)
58-
serviceConnection:
59-
name: $(internal-mirror-test.serviceConnectionName)
60-
id: $(internal-mirror-test.serviceConnection.id)
61-
clientId: $(internal-mirror-test.serviceConnection.clientId)
62-
tenantId: $(testTenant)
6356

6457
PublicMirrorRegistry:
6558
server: $(public-mirror.server)
6659
repoPrefix: $(publicMirrorRepoPrefix)
67-
resourceGroup: $(public-mirror.resourceGroup)
68-
subscription: $(public-mirror.subscription)
69-
serviceConnection:
70-
name: $(public-mirror.serviceConnectionName)
71-
id: $(public-mirror.serviceConnection.id)
72-
tenantId: $(public-mirror.serviceConnection.tenantId)
73-
clientId: $(public-mirror.serviceConnection.clientId)
7460

7561
BuildRegistry:
7662
server: $(acr-staging-test.server)
77-
resourceGroup: $(testResourceGroup)
78-
subscription: $(testSubscription)
7963
repoPrefix: "${{ parameters.stagingRepoPrefix }}${{ parameters.sourceBuildPipelineRunId }}/"
80-
serviceConnection:
81-
name: $(build-test.serviceConnectionName)
82-
id: $(build-test.serviceConnection.id)
83-
clientId: $(build-test.serviceConnection.clientId)
84-
tenantId: $(testTenant)
64+
65+
PublishRegistry:
66+
server: $(acr-test.server)
67+
repoPrefix: "${{ parameters.publishRepoPrefix }}"
68+
69+
RegistryAuthentication:
70+
- server: $(acr-staging-test.server)
71+
resourceGroup: $(testResourceGroup)
72+
subscription: $(testSubscription)
73+
serviceConnection:
74+
name: $(build-test.serviceConnectionName)
75+
id: $(build-test.serviceConnection.id)
76+
clientId: $(build-test.serviceConnection.clientId)
77+
tenantId: $(testTenant)
78+
- server: $(public-mirror.server)
79+
resourceGroup: $(public-mirror.resourceGroup)
80+
subscription: $(public-mirror.subscription)
81+
serviceConnection:
82+
name: $(public-mirror.serviceConnectionName)
83+
id: $(public-mirror.serviceConnection.id)
84+
tenantId: $(public-mirror.serviceConnection.tenantId)
85+
clientId: $(public-mirror.serviceConnection.clientId)
86+
- server: $(acr-test.server)
87+
resourceGroup: $(testResourceGroup)
88+
subscription: $(testSubscription)
89+
serviceConnection:
90+
name: $(publish-test.serviceConnectionName)
91+
id: $(publish-test.serviceConnection.id)
92+
clientId: $(publish-test.serviceConnection.clientId)
93+
tenantId: $(testTenant)
8594

8695
cleanServiceConnection:
8796
name: $(clean-test.serviceConnectionName)
@@ -94,14 +103,3 @@ stages:
94103
id: $(test-nonprod.serviceConnection.id)
95104
clientId: $(test-nonprod.serviceConnection.clientId)
96105
tenantId: $(testTenant)
97-
98-
PublishRegistry:
99-
server: $(acr-test.server)
100-
resourceGroup: $(testResourceGroup)
101-
subscription: $(testSubscription)
102-
repoPrefix: "${{ parameters.publishRepoPrefix }}"
103-
serviceConnection:
104-
name: $(publish-test.serviceConnectionName)
105-
id: $(publish-test.serviceConnection.id)
106-
clientId: $(publish-test.serviceConnection.clientId)
107-
tenantId: $(testTenant)

0 commit comments

Comments
 (0)