From 9de088b1e8a6926a4205e64346aee5703dd202fd Mon Sep 17 00:00:00 2001 From: George Adams Date: Wed, 16 Oct 2024 14:04:02 +0100 Subject: [PATCH 1/5] docker: add action to deploy windows build image --- .github/workflows/build.yml | 5 ++ .github/workflows/build_vagrant.yml | 2 +- .github/workflows/build_windows.yml | 48 +++++++++++++++++++ .github/workflows/build_wsl.yml | 2 +- FAQ.md | 2 +- ansible/docker/Dockerfile.win2022 | 22 ++++----- .../roles/ANT/tasks/main.yml | 7 +-- .../roles/Incredibuild/tasks/main.yml | 17 ++++--- .../roles/MSVS_2022_REDIST/tasks/main.yml | 4 +- 9 files changed, 80 insertions(+), 29 deletions(-) create mode 100644 .github/workflows/build_windows.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b8ce12b1be..c9be25773b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,6 +16,11 @@ on: branches: - master +# Cancel existing runs if user makes another push. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + permissions: contents: read diff --git a/.github/workflows/build_vagrant.yml b/.github/workflows/build_vagrant.yml index 9feaf2240e..a65ae53363 100644 --- a/.github/workflows/build_vagrant.yml +++ b/.github/workflows/build_vagrant.yml @@ -10,7 +10,7 @@ on: # Cancel existing runs if user makes another push. concurrency: - group: "${{ github.ref }}" + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: ${{ github.event_name == 'pull_request' }} permissions: diff --git a/.github/workflows/build_windows.yml b/.github/workflows/build_windows.yml new file mode 100644 index 0000000000..f863597109 --- /dev/null +++ b/.github/workflows/build_windows.yml @@ -0,0 +1,48 @@ +name: Docker (Windows) + +on: + pull_request: + paths: + - .github/workflows/build_windows.yml + - ansible/docker/Dockerfile.win2022 + branches: + - master + push: + paths: + - .github/workflows/build_windows.yml + - ansible/docker/Dockerfile.win2022 + branches: + - master + +# Cancel existing runs if user makes another push. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +permissions: + id-token: write + contents: read + +jobs: + build: + if: startsWith(github.repository, 'adoptium/') + runs-on: windows-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Login to our Azure subscription + if: github.ref == 'refs/heads/master' + uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID_OIDC }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Build container image + run: docker build -t adoptium.azurecr.io/windows2022_build_image:latest -f ansible/docker/Dockerfile.win2022 . + + - name: Push container image to ACR + if: github.ref == 'refs/heads/master' + run: | + az acr login --name adoptium + docker push adoptium.azurecr.io/windows2022_build_image:latest diff --git a/.github/workflows/build_wsl.yml b/.github/workflows/build_wsl.yml index 7ce36e5611..f2fa658486 100644 --- a/.github/workflows/build_wsl.yml +++ b/.github/workflows/build_wsl.yml @@ -14,7 +14,7 @@ on: # Cancel existing runs if user makes another push. concurrency: - group: "${{ github.ref }}" + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: ${{ github.event_name == 'pull_request' }} permissions: diff --git a/FAQ.md b/FAQ.md index f8ff218f5c..4b68beb0af 100644 --- a/FAQ.md +++ b/FAQ.md @@ -89,7 +89,7 @@ have at the moment: | [Centos6](./ansible/docker/Dockerfile.CentOS6) | [`adoptopenjdk/centos6_build_image`](https://hub.docker.com/r/adoptopenjdk/centos6_build_image)| linux/amd64 | [GH Actions](.github/workflows/build.yml) | Yes | [Alpine3](./ansible/docker/Dockerfile.Alpine3) | [`adoptopenjdk/alpine3_build_image`](https://hub.docker.com/r/adoptopenjdk/alpine3_build_image) | linux/x64 & linux/arm64 | [Jenkins](https://ci.adoptium.net/job/centos7_docker_image_updater/) | Yes | [Ubuntu 20.04 (riscv64 only)](./ansible/docker/Dockerfile.Ubuntu2004-riscv64) | [`adoptopenjdk/ubuntu2004_build_image:linux-riscv64`](https://hub.docker.com/r/adoptopenjdk/ubuntu2004_build_image) | linux/riscv64 | [Jenkins](https://ci.adoptium.net/job/centos7_docker_image_updater/) | Yes -| [Windows Server 2022](./ansible/docker/Dockerfile.win2022) | n/a - restricted | Windows | No +| [Windows Server 2022](./ansible/docker/Dockerfile.win2022) | `adoptium.azurecr.io/windows2022_build_image` - restricted | Windows | [GH Actions](.github/workflows/build_windows.yml) | Yes
(*) - Caveats: diff --git a/ansible/docker/Dockerfile.win2022 b/ansible/docker/Dockerfile.win2022 index 3674a2f145..08eb089eb9 100644 --- a/ansible/docker/Dockerfile.win2022 +++ b/ansible/docker/Dockerfile.win2022 @@ -16,11 +16,10 @@ RUN powershell -Command \ Write-Host 'Checksum verification succeeded!' -ForegroundColor Green; \ }" -# Set up cygwin with git and ansible as a bootstrap, and add to system default path -RUN setup-x86_64.exe --packages git,ansible --download --local-install --delete-orphans --site https://mirrors.kernel.org/sourceware/cygwin --local-package-dir c:\cygwin_packages --root C:\cygwin64 --wait --quiet-mode & \ - C:\cygwin64\bin\git config --system core.autocrlf false & \ - del setup-x86_64.exe & \ - setx PATH "c:\cygwin64\bin;%PATH%" & \ +# Set up cygwin with ansible as a bootstrap, and add to system default path +RUN setup-x86_64.exe --packages ansible --download --local-install --delete-orphans --site https://mirrors.kernel.org/sourceware/cygwin --local-package-dir c:\cygwin_packages --root C:\cygwin64 --wait --quiet-mode && \ + del setup-x86_64.exe && \ + setx PATH "c:\cygwin64\bin;%PATH%" && \ mkdir c:\temp # Download Ansible Config Script & Verify Its Checksum @@ -45,13 +44,14 @@ RUN PowerShell .\ConfigureRemotingForAnsible.ps1 -CertValidityDays 9999 & \ # Set up WinRM user, clone and run the playbook, then delete the user so it's not in any layer ENV TERM=dumb -RUN net user ansible %PW% /ADD & net localgroup "Administrators" ansible /ADD & net localgroup "Remote Management Users" ansible /ADD & \ - C:\cygwin64\bin\git clone https://github.com/sxa/infrastructure -b windows_docker_support c:/infrastructure & \ - sed -i -e 's/hosts: .*/hosts: localhost/' infrastructure/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml & \ - echo localhost ansible_connection=winrm > infrastructure/ansible/hosts & \ - cd infrastructure\ansible & \ +COPY . infrastructure + +RUN net user ansible %PW% /ADD & net localgroup "Administrators" ansible /ADD & net localgroup "Remote Management Users" ansible /ADD && \ + sed -i -e 's/hosts: .*/hosts: localhost/' infrastructure/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml && \ + echo localhost ansible_connection=winrm > infrastructure/ansible/hosts && \ + cd infrastructure\ansible && \ C:\cygwin64\bin\python3.7m.exe /usr/bin/ansible-playbook -e git_sha=00000000 -e ansible_user=ansible -e ansible_password=%PW% -i hosts \ - --skip-tags=adoptopenjdk,reboot,NTP_TIME,MSVS_2013,MSVS_2017,MSVS_2019 playbooks/AdoptOpenJDK_Windows_Playbook/main.yml & \ + --skip-tags=adoptopenjdk,reboot,Windows_Updates,NTP_TIME,MSVS_2013,MSVS_2017,MSVS_2019,NVidia_Cuda_Toolkit,clang_64bit,clang_32bit,nasm,Rust,IcedTea-Web playbooks/AdoptOpenJDK_Windows_Playbook/main.yml && \ net user ansible /DELETE ENTRYPOINT ["C:\\Program Files (x86)\\Microsoft Visual Studio\\2022\\BuildTools\\Common7\\Tools\\VsDevCmd.bat", "&&", "powershell.exe", "-NoLogo", "-ExecutionPolicy", "Bypass"] diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml index 42affc1265..c0d306f974 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml @@ -64,12 +64,7 @@ tags: ANT - name: Download ant-contrib - win_get_url: - url: https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.zip - dest: c:\temp\ant-contrib.zip - force: no - checksum: 22bae6c3ddf1a464b285784599eef8698f64dde24378c77e42522a536b88cbbc - checksum_algorithm: sha256 + win_shell: c:\cygwin64\bin\curl -L -o /cygdrive/c/temp/ant-contrib.zip https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.zip when: (not ant_contrib_installed.stat.exists) tags: ANT diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Incredibuild/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Incredibuild/tasks/main.yml index 598e006981..54643336df 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Incredibuild/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Incredibuild/tasks/main.yml @@ -3,16 +3,19 @@ # Incredibuild - Configuration Tasks # ####################################### -- name: Check if the ibxbuild service exists - ansible.windows.win_service_info: - name: IBXDashboard +- name: Check if the IBXDashboard service exists + win_shell: | + if (Get-Service -Name 'IBXDashboard' -ErrorAction SilentlyContinue) { + Write-Host "exists" + } register: service_info + changed_when: false - name: Stop the IBX Dashboard service if it exists - ansible.windows.win_service: + win_service: name: IBXDashboard state: stopped - when: service_info.exists + when: "'exists' in service_info.stdout" - name: Check if incredibuild.conf file exists win_stat: @@ -28,7 +31,7 @@ when: incredibuild_conf_file.stat.exists - name: Start the IBX Dashboard service if it exists - ansible.windows.win_service: + win_service: name: IBXDashboard state: started - when: service_info.exists + when: "'exists' in service_info.stdout" diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022_REDIST/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022_REDIST/tasks/main.yml index 853d3fa00c..f314e32047 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022_REDIST/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022_REDIST/tasks/main.yml @@ -19,13 +19,13 @@ tags: MSVS_2022_REDIST - name: Check if C:\openjdk\devkit exists - ansible.windows.win_stat: + win_stat: path: 'c:\openjdk\devkit' register: directory_status tags: MSVS_2022_REDIST - name: Create C:\openjdk\devkit if it does not exist - ansible.windows.win_file: + win_file: path: 'c:\openjdk\devkit\' state: directory when: not directory_status.stat.exists From 0ec841d233561ae53521038bcc2cbd1bb003132b Mon Sep 17 00:00:00 2001 From: Stewart X Addison Date: Wed, 8 Oct 2025 12:28:53 +0100 Subject: [PATCH 2/5] Update cygwin sha in windows build Dockerfile Signed-off-by: Stewart X Addison --- ansible/docker/Dockerfile.win2022 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/docker/Dockerfile.win2022 b/ansible/docker/Dockerfile.win2022 index 08eb089eb9..70535280ea 100644 --- a/ansible/docker/Dockerfile.win2022 +++ b/ansible/docker/Dockerfile.win2022 @@ -6,7 +6,7 @@ ARG PW=T3mp=Passwd # Download Cygwin Bootstrapper & Verify Its Checksum RUN powershell -Command \ "wget -UseBasicParsing https://cygwin.com/setup-x86_64.exe -OutFile setup-x86_64.exe; \ - $expectedChecksum = 'e7815d360ab098fdd1f03f10f43f363c73a632e8866e304c72573cf1e6a0dec8'; \ + $expectedChecksum = '46993d76d756bde18564f72a4ee07384cd82b447527ca406c8bfc034cb05c664'; \ $fileChecksum = CertUtil -hashfile setup-x86_64.exe SHA256 | Select-String -Pattern '([A-Fa-f0-9]{64})' | ForEach-Object { $_.Matches[0].Groups[1].Value }; \ if ($fileChecksum -ne $expectedChecksum) { \ Write-Host 'Checksum verification failed!' -ForegroundColor Red; \ From 609ee723965adb24d48e7cea18eb5a3ac93ba8f1 Mon Sep 17 00:00:00 2001 From: Stewart X Addison Date: Wed, 8 Oct 2025 12:30:23 +0100 Subject: [PATCH 3/5] Reinstate ant-contrib SHA checks Signed-off-by: Stewart X Addison --- .../roles/ANT/tasks/main.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml index c0d306f974..f4f716dbe6 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml @@ -64,8 +64,13 @@ tags: ANT - name: Download ant-contrib - win_shell: c:\cygwin64\bin\curl -L -o /cygdrive/c/temp/ant-contrib.zip https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.zip - when: (not ant_contrib_installed.stat.exists) + win_get_url: + url: https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.zip + dest: c:\temp\ant-contrib.zip + force: no + checksum: 22bae6c3ddf1a464b285784599eef8698f64dde24378c77e42522a536b88cbbc + checksum_algorithm: sha256 + when: (not ant_contrib_installed.stat.exists) tags: ANT - name: Unzip ant-contrib From b3413e5214e7c20bf0ff6e5b264e20750bcfeaae Mon Sep 17 00:00:00 2001 From: Stewart X Addison Date: Thu, 9 Oct 2025 11:04:55 +0100 Subject: [PATCH 4/5] Temporary fudge Signed-off-by: Stewart X Addison --- .github/workflows/build_windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_windows.yml b/.github/workflows/build_windows.yml index f863597109..6588249810 100644 --- a/.github/workflows/build_windows.yml +++ b/.github/workflows/build_windows.yml @@ -25,7 +25,7 @@ permissions: jobs: build: - if: startsWith(github.repository, 'adoptium/') + if: startsWith(github.repository, 'sxa/') runs-on: windows-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 From 0c9092570ddc5393a09583a084c6796ace7b7753 Mon Sep 17 00:00:00 2001 From: Stewart X Addison Date: Thu, 9 Oct 2025 11:41:38 +0100 Subject: [PATCH 5/5] Revert "Temporary fudge" This reverts commit b3413e5214e7c20bf0ff6e5b264e20750bcfeaae. --- .github/workflows/build_windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_windows.yml b/.github/workflows/build_windows.yml index 6588249810..f863597109 100644 --- a/.github/workflows/build_windows.yml +++ b/.github/workflows/build_windows.yml @@ -25,7 +25,7 @@ permissions: jobs: build: - if: startsWith(github.repository, 'sxa/') + if: startsWith(github.repository, 'adoptium/') runs-on: windows-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7