chore: update dockerfiles and workflows for Windows eBPF branch#2284
Open
matmerr wants to merge 6 commits into
Open
chore: update dockerfiles and workflows for Windows eBPF branch#2284matmerr wants to merge 6 commits into
matmerr wants to merge 6 commits into
Conversation
Signed-off-by: Quang Nguyen <nguyenquang@microsoft.com>
Overlays the current state of all Dockerfiles and .github/workflows/*
from upstream/main onto dev/v0.0.33-windows so this branch is up-to-date
with main's CI infrastructure and image base/build tooling.
Preserved (kept from dev/v0.0.33-windows, not on main):
- controller/Dockerfile.windows-2019
- operator/Dockerfile.windows-2019
- test/e2e/tools/event-writer/Dockerfile
- .github/workflows/e2e-test-event-writer.yml (restored to windows-branch
version because main's version was gutted when the Dockerfile was removed
upstream)
The dev/v0.0.33-windows version of images.yaml has logic specific to this branch (pull_request on dev/**, SHOULD_PUSH_IMAGE gated on workflow_dispatch from refs/heads/dev/v0.0.33-windows, ltsc2019 + ltsc2022 matrix) that was lost when overlaying main's restructured workflow. Restore the windows-branch version.
main's controller/Dockerfile and Windows Dockerfiles were primarily
restructured around a different build pipeline (pre-built binaries via
artifacts, no Windows agent stages in controller/Dockerfile, etc.) that
is incompatible with the dev/v0.0.33-windows CI flow. Restore the
windows-branch build model while keeping the dependency upgrades from
main:
controller/Dockerfile
- Restore: ARG OS_VERSION, ltsc2019 + ltsc2022 base stages,
eBPFRetinaStage (downloads retinaebpfapi.dll from NuGet), agent-win
final stage (Windows agent image with eBPF DLL + etl2pcapng).
- Keep from main: azurelinux 3.0 base, golang 1.26.2-azurelinux3.0,
clang/lld (was clang16/lld16), bpftool in init-bin,
HUBBLE_VERSION v1.18.6, /etc/pki/tls/ in init/agent.
controller/Dockerfile.windows-2022
- Restore the cross-compile builder model (the windows branch's
images.yaml relies on this Dockerfile to build controller.exe and
captureworkload.exe; main's variant assumes pre-built binaries).
- Bump golang base to 1.26.2-azurelinux3.0 and pin servercore:ltsc2022
by digest as in main.
controller/Dockerfile.windows-retina-oss-build
- Restore the ltsc2019 stage and the ${REPO_PATH}/retina/windows/
layout used by this branch's build scripts.
- Keep main's CVE-2013-3900 mitigation reg adds and pinned digests.
The dev/v0.0.33-windows images.yaml ran the linux/arm64 builds on ubuntu-latest (amd64) with QEMU emulation. Cross-compiling Go from amd64 to arm64 forces CGO_ENABLED=0, which is incompatible with the mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-azurelinux3.0 image (GOEXPERIMENT=systemcrypto on Linux requires CGO_ENABLED=1). Mirror main's pattern: amd64 jobs run on ubuntu-latest, arm64 jobs run on ubuntu-24.04-arm natively, so CGO_ENABLED defaults to 1 and systemcrypto links correctly. Applies to: - retina-images (Build Images and Run E2E) - retina-operator-images (Build Operator Images) - retina-shell-images (Build Retina Shell Images) - kubectl-retina-images (Build Kubectl Retina Images)
Fork PRs cannot push to the org's GHCR registry (GITHUB_TOKEN has no packages:write on fork PRs), so the build job always failed at docker push. Split build and push into separate steps and gate push on non-pull_request events. The build still runs on PRs as a validation gate; pushes happen on push to main/dev branches and in merge_group.
|
This PR will be closed in 7 days due to inactivity. |
github-actions
Bot
added
the
meta/waiting-for-author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Please provide a brief description of the changes made in this pull request.
Related Issue
If this pull request is related to any issue, please mention it here. Additionally, make sure that the issue is assigned to you before submitting this pull request.
Checklist
git commit -S -s ...). See this documentation on signing commits.Screenshots (if applicable) or Testing Completed
Please add any relevant screenshots or GIFs to showcase the changes made.
Additional Notes
Add any additional notes or context about the pull request here.
Please refer to the CONTRIBUTING.md file for more information on how to contribute to this project.