diff --git a/Jenkinsfile b/Jenkinsfile index 95b1a240ef..ff0960a0bc 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -12,8 +12,8 @@ pipeline { booleanParam(name: 'janky', defaultValue: true, description: 'x86 Build/Test') booleanParam(name: 'z', defaultValue: true, description: 'IBM Z (s390x) Build/Test') booleanParam(name: 'powerpc', defaultValue: true, description: 'PowerPC (ppc64le) Build/Test') - booleanParam(name: 'windowsRS1', defaultValue: false, description: 'Windows 2016 (RS1) Build/Test') - booleanParam(name: 'windowsRS5', defaultValue: false, description: 'Windows 2019 (RS5) Build/Test') + booleanParam(name: 'windowsRS1', defaultValue: true, description: 'Windows 2016 (RS1) Build/Test') + booleanParam(name: 'windowsRS5', defaultValue: true, description: 'Windows 2019 (RS5) Build/Test') booleanParam(name: 'skip_dco', defaultValue: false, description: 'Skip the DCO check') } environment { @@ -668,10 +668,20 @@ pipeline { beforeAgent true expression { params.windowsRS1 } } + environment { + DOCKER_BUILDKIT = '0' + SKIP_VALIDATION_TESTS = '1' + SOURCES_DRIVE = 'd' + SOURCES_SUBDIR = 'gopath' + TESTRUN_DRIVE = 'd' + TESTRUN_SUBDIR = "CI-$BUILD_NUMBER" + WINDOWS_BASE_IMAGE = 'mcr.microsoft.com/windows/servercore' + WINDOWS_BASE_IMAGE_TAG = 'ltsc2016' + } agent { node { - label 'windows-rs1' - customWorkspace 'c:\\gopath\\src\\github.com\\docker\\docker' + customWorkspace 'd:\\gopath\\src\\github.com\\docker\\docker' + label 'windows-2016' } } stages { @@ -685,7 +695,9 @@ pipeline { steps { powershell ''' $ErrorActionPreference = 'Stop' - .\\hack\\ci\\windows.ps1 + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + Invoke-WebRequest https://github.com/jhowardmsft/docker-ci-zap/blob/master/docker-ci-zap.exe?raw=true -OutFile C:/Windows/System32/docker-ci-zap.exe + ./hack/ci/windows.ps1 exit $LastExitCode ''' } @@ -697,10 +709,20 @@ pipeline { beforeAgent true expression { params.windowsRS5 } } + environment { + DOCKER_BUILDKIT = '0' + SKIP_VALIDATION_TESTS = '1' + SOURCES_DRIVE = 'd' + SOURCES_SUBDIR = 'gopath' + TESTRUN_DRIVE = 'd' + TESTRUN_SUBDIR = "CI-$BUILD_NUMBER" + WINDOWS_BASE_IMAGE = 'mcr.microsoft.com/windows/servercore' + WINDOWS_BASE_IMAGE_TAG = 'ltsc2019' + } agent { node { - label 'windows-rs5' - customWorkspace 'c:\\gopath\\src\\github.com\\docker\\docker' + customWorkspace 'd:\\gopath\\src\\github.com\\docker\\docker' + label 'windows-2019' } } stages { @@ -714,7 +736,8 @@ pipeline { steps { powershell ''' $ErrorActionPreference = 'Stop' - .\\hack\\ci\\windows.ps1 + Invoke-WebRequest https://github.com/jhowardmsft/docker-ci-zap/blob/master/docker-ci-zap.exe?raw=true -OutFile C:/Windows/System32/docker-ci-zap.exe + ./hack/ci/windows.ps1 exit $LastExitCode ''' } diff --git a/hack/ci/windows.ps1 b/hack/ci/windows.ps1 index 8828f73d01..dc2cd5246e 100644 --- a/hack/ci/windows.ps1 +++ b/hack/ci/windows.ps1 @@ -78,6 +78,9 @@ if ($env:BUILD_TAG -match "-WoW") { $env:LCOW_MODE="" } # docker integration tests are also coded to use the same # environment variable, and if no set, defaults to microsoft/windowsservercore # +# WINDOWS_BASE_IMAGE_TAG if defined, uses that as the tag name for the base image. +# if no set, defaults to latest +# # LCOW_BASIC_MODE if defined, does very basic LCOW verification. Ultimately we # want to run the entire CI suite from docker, but that's a way off. # @@ -139,7 +142,7 @@ Function Nuke-Everything { } $allImages = $(docker images --format "{{.Repository}}#{{.ID}}") - $toRemove = ($allImages | Select-String -NotMatch "windowsservercore","nanoserver","docker") + $toRemove = ($allImages | Select-String -NotMatch "servercore","nanoserver","docker") $imageCount = ($toRemove | Measure-Object -line).Lines if ($imageCount -gt 0) { @@ -261,6 +264,18 @@ Try { # Make sure docker-ci-zap is installed if ($null -eq (Get-Command "docker-ci-zap" -ErrorAction SilentlyContinue)) { Throw "ERROR: docker-ci-zap is not installed or not found on path" } + # Make sure Windows Defender is disabled + $defender = $false + Try { + $status = Get-MpComputerStatus + if ($status) { + if ($status.RealTimeProtectionEnabled) { + $defender = $true + } + } + } Catch {} + if ($defender) { Throw "ERROR: Windows Defender real time protection must be disabled for integration tests" } + # Make sure SOURCES_DRIVE is set if ($null -eq $env:SOURCES_DRIVE) { Throw "ERROR: Environment variable SOURCES_DRIVE is not set" } @@ -345,14 +360,16 @@ Try { Write-Host -ForegroundColor Green "INFO: docker load of"$ControlDaemonBaseImage" completed successfully" } else { # We need to docker pull it instead. It will come in directly as microsoft/imagename:latest - Write-Host -ForegroundColor Green $("INFO: Pulling microsoft/"+$ControlDaemonBaseImage+":latest from docker hub. This may take some time...") + Write-Host -ForegroundColor Green $("INFO: Pulling $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG from docker hub. This may take some time...") $ErrorActionPreference = "SilentlyContinue" - docker pull $("microsoft/"+$ControlDaemonBaseImage) + docker pull "$($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG" $ErrorActionPreference = "Stop" if (-not $LastExitCode -eq 0) { - Throw $("ERROR: Failed to docker pull microsoft/"+$ControlDaemonBaseImage+":latest.") + Throw $("ERROR: Failed to docker pull $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG.") } - Write-Host -ForegroundColor Green $("INFO: docker pull of microsoft/"+$ControlDaemonBaseImage+":latest completed successfully") + Write-Host -ForegroundColor Green $("INFO: docker pull of $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG completed successfully") + Write-Host -ForegroundColor Green $("INFO: Tagging $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG as microsoft/$ControlDaemonBaseImage") + docker tag "$($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG" microsoft/$ControlDaemonBaseImage } } else { Write-Host -ForegroundColor Green "INFO: Image"$("microsoft/"+$ControlDaemonBaseImage+":latest")"is already loaded in the control daemon" @@ -663,17 +680,20 @@ Try { if ($null -eq $env:WINDOWS_BASE_IMAGE) { $env:WINDOWS_BASE_IMAGE="microsoft/windowsservercore" } + if ($null -eq $env:WINDOWS_BASE_IMAGE_TAG) { + $env:WINDOWS_BASE_IMAGE_TAG="latest" + } # Lowercase and make sure it has a microsoft/ prefix $env:WINDOWS_BASE_IMAGE = $env:WINDOWS_BASE_IMAGE.ToLower() - if ($($env:WINDOWS_BASE_IMAGE -Split "/")[0] -ne "microsoft") { - Throw "ERROR: WINDOWS_BASE_IMAGE should start microsoft/" + if (! $($env:WINDOWS_BASE_IMAGE -Split "/")[0] -match "microsoft") { + Throw "ERROR: WINDOWS_BASE_IMAGE should start microsoft/ or mcr.microsoft.com/" } Write-Host -ForegroundColor Green "INFO: Base image for tests is $env:WINDOWS_BASE_IMAGE" $ErrorActionPreference = "SilentlyContinue" - if ($((& "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" images --format "{{.Repository}}:{{.Tag}}" | Select-String $($env:WINDOWS_BASE_IMAGE+":latest") | Measure-Object -Line).Lines) -eq 0) { + if ($((& "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" images --format "{{.Repository}}:{{.Tag}}" | Select-String "$($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG" | Measure-Object -Line).Lines) -eq 0) { # Try the internal azure CI image version or Microsoft internal corpnet where the base image is already pre-prepared on the disk, # either through Invoke-DockerCI or, in the case of Azure CI servers, baked into the VHD at the same location. if (Test-Path $("c:\baseimages\"+$($env:WINDOWS_BASE_IMAGE -Split "/")[1]+".tar")) { @@ -686,18 +706,20 @@ Try { } Write-Host -ForegroundColor Green "INFO: docker load of"$($env:WINDOWS_BASE_IMAGE -Split "/")[1]" into daemon under test completed successfully" } else { - # We need to docker pull it instead. It will come in directly as microsoft/imagename:latest - Write-Host -ForegroundColor Green $("INFO: Pulling "+$env:WINDOWS_BASE_IMAGE+":latest from docker hub into daemon under test. This may take some time...") + # We need to docker pull it instead. It will come in directly as microsoft/imagename:tagname + Write-Host -ForegroundColor Green $("INFO: Pulling "+$env:WINDOWS_BASE_IMAGE+":"+$env:WINDOWS_BASE_IMAGE_TAG+" from docker hub into daemon under test. This may take some time...") $ErrorActionPreference = "SilentlyContinue" - & "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" pull $($env:WINDOWS_BASE_IMAGE) + & "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" pull "$($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG" $ErrorActionPreference = "Stop" if (-not $LastExitCode -eq 0) { - Throw $("ERROR: Failed to docker pull "+$env:WINDOWS_BASE_IMAGE+":latest into daemon under test.") + Throw $("ERROR: Failed to docker pull $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG into daemon under test.") } - Write-Host -ForegroundColor Green $("INFO: docker pull of "+$env:WINDOWS_BASE_IMAGE+":latest into daemon under test completed successfully") + Write-Host -ForegroundColor Green $("INFO: docker pull of $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG into daemon under test completed successfully") + Write-Host -ForegroundColor Green $("INFO: Tagging $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG as microsoft/$ControlDaemonBaseImage in daemon under test") + & "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" tag "$($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG" microsoft/$ControlDaemonBaseImage } } else { - Write-Host -ForegroundColor Green "INFO: Image"$($env:WINDOWS_BASE_IMAGE+":latest")"is already loaded in the daemon under test" + Write-Host -ForegroundColor Green "INFO: Image $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG is already loaded in the daemon under test" } @@ -705,7 +727,7 @@ Try { $ErrorActionPreference = "SilentlyContinue" $dutimgVersion = $(&"$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" inspect $($env:WINDOWS_BASE_IMAGE) --format "{{.OsVersion}}") $ErrorActionPreference = "Stop" - Write-Host -ForegroundColor Green $("INFO: Version of "+$env:WINDOWS_BASE_IMAGE+":latest is '"+$dutimgVersion+"'") + Write-Host -ForegroundColor Green $("INFO: Version of $($env:WINDOWS_BASE_IMAGE):$env:WINDOWS_BASE_IMAGE_TAG is '"+$dutimgVersion+"'") } # Run the validation tests unless SKIP_VALIDATION_TESTS is defined. @@ -752,14 +774,7 @@ Try { #if ($bbCount -eq 0) { Write-Host -ForegroundColor Green "INFO: Building busybox" $ErrorActionPreference = "SilentlyContinue" - - # This is a temporary hack for nanoserver - if ($env:WINDOWS_BASE_IMAGE -ne "microsoft/windowsservercore") { - Write-Host -ForegroundColor Red "HACK HACK HACK - Building 64-bit nanoserver busybox image" - $(& "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" build -t busybox https://raw.githubusercontent.com/jhowardmsft/busybox64/v1.1/Dockerfile | Out-Host) - } else { - $(& "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" build -t busybox https://raw.githubusercontent.com/jhowardmsft/busybox/v1.1/Dockerfile | Out-Host) - } + $(& "$env:TEMP\binary\docker-$COMMITHASH" "-H=$($DASHH_CUT)" build -t busybox https://raw.githubusercontent.com/jhowardmsft/busybox/v1.1/Dockerfile | Out-Host) $ErrorActionPreference = "Stop" if (-not($LastExitCode -eq 0)) { Throw "ERROR: Failed to build busybox image" diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go index a1296d4210..6bbcb1145c 100644 --- a/integration-cli/docker_cli_run_test.go +++ b/integration-cli/docker_cli_run_test.go @@ -1706,7 +1706,7 @@ func (s *DockerSuite) TestRunCleanupCmdOnEntrypoint(c *check.C) { out = strings.TrimSpace(out) expected := "root" if testEnv.OSType == "windows" { - if strings.Contains(testEnv.PlatformDefaults.BaseImage, "windowsservercore") { + if strings.Contains(testEnv.PlatformDefaults.BaseImage, "servercore") { expected = `user manager\containeradministrator` } else { expected = `ContainerAdministrator` // nanoserver