example/dotnet-docker
12
0
Fork 0
Code Issues Pull Requests 4 Packages Projects Releases Wiki Activity

add dotnet-docker

Browse Source
This commit is contained in:
wenchao 2023-05-18 17:14:23 +08:00
commit f35c96ece1
678 changed files with 109374 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.config/tsaoptions.json Normal file
View File

@ -0,0 +1,10 @@
{
"instanceUrl": "https://devdiv.visualstudio.com/",
"template": "TFSDEVDIV",
"projectName": "DEVDIV",
"areaPath": "DevDiv\\NET Fundamentals\\.NET Acquisition\\Docker",
"iterationPath": "DevDiv",
"notificationAliases": [ "dotnetADTeam@microsoft.com" ],
"repositoryName":"dotnet-docker",
"codebaseName": "dotnet-docker"
}

7
.dockerignore Normal file
View File

@ -0,0 +1,7 @@
**/bin
**/obj
**/out
**/.vscode
**/.vs
.dotnet
.Microsoft.DotNet.ImageBuilder

190
.editorconfig Normal file
View File

@ -0,0 +1,190 @@
# editorconfig.org
# top-most EditorConfig file
root = true
# Default settings:
# A newline ending every file
# Use 4 spaces as indentation
[*]
insert_final_newline = true
indent_style = space
indent_size = 4
trim_trailing_whitespace = true
[project.json]
indent_size = 2
# C# files
[*.cs]
# New line preferences
csharp_new_line_before_open_brace = all
csharp_new_line_before_else = true
csharp_new_line_before_catch = true
csharp_new_line_before_finally = true
csharp_new_line_before_members_in_object_initializers = true
csharp_new_line_before_members_in_anonymous_types = true
csharp_new_line_between_query_expression_clauses = true
# Indentation preferences
csharp_indent_block_contents = true
csharp_indent_braces = false
csharp_indent_case_contents = true
csharp_indent_case_contents_when_block = true
csharp_indent_switch_labels = true
csharp_indent_labels = one_less_than_current
# Modifier preferences
csharp_preferred_modifier_order = public,private,protected,internal,static,extern,new,virtual,abstract,sealed,override,readonly,unsafe,volatile,async:suggestion
# avoid this. unless absolutely necessary
dotnet_style_qualification_for_field = false:suggestion
dotnet_style_qualification_for_property = false:suggestion
dotnet_style_qualification_for_method = false:suggestion
dotnet_style_qualification_for_event = false:suggestion
# Types: use keywords instead of BCL types, and permit var only when the type is clear
csharp_style_var_for_built_in_types = false:suggestion
csharp_style_var_when_type_is_apparent = false:none
csharp_style_var_elsewhere = false:suggestion
dotnet_style_predefined_type_for_locals_parameters_members = true:suggestion
dotnet_style_predefined_type_for_member_access = true:suggestion
# name all constant fields using PascalCase
dotnet_naming_rule.constant_fields_should_be_pascal_case.severity = suggestion
dotnet_naming_rule.constant_fields_should_be_pascal_case.symbols = constant_fields
dotnet_naming_rule.constant_fields_should_be_pascal_case.style = pascal_case_style
dotnet_naming_symbols.constant_fields.applicable_kinds = field
dotnet_naming_symbols.constant_fields.required_modifiers = const
dotnet_naming_style.pascal_case_style.capitalization = pascal_case
# static fields should have s_ prefix
dotnet_naming_rule.static_fields_should_have_prefix.severity = suggestion
dotnet_naming_rule.static_fields_should_have_prefix.symbols = static_fields
dotnet_naming_rule.static_fields_should_have_prefix.style = static_prefix_style
dotnet_naming_symbols.static_fields.applicable_kinds = field
dotnet_naming_symbols.static_fields.required_modifiers = static
dotnet_naming_symbols.static_fields.applicable_accessibilities = private, internal, private_protected
dotnet_naming_style.static_prefix_style.required_prefix = s_
dotnet_naming_style.static_prefix_style.capitalization = camel_case
# internal and private fields should be _camelCase
dotnet_naming_rule.camel_case_for_private_internal_fields.severity = suggestion
dotnet_naming_rule.camel_case_for_private_internal_fields.symbols = private_internal_fields
dotnet_naming_rule.camel_case_for_private_internal_fields.style = camel_case_underscore_style
dotnet_naming_symbols.private_internal_fields.applicable_kinds = field
dotnet_naming_symbols.private_internal_fields.applicable_accessibilities = private, internal
dotnet_naming_style.camel_case_underscore_style.required_prefix = _
dotnet_naming_style.camel_case_underscore_style.capitalization = camel_case
# Code style defaults
csharp_using_directive_placement = outside_namespace:suggestion
dotnet_sort_system_directives_first = true
csharp_prefer_braces = true:silent
csharp_preserve_single_line_blocks = true:none
csharp_preserve_single_line_statements = false:none
csharp_prefer_static_local_function = true:suggestion
csharp_prefer_simple_using_statement = false:none
csharp_style_prefer_switch_expression = true:suggestion
# Code quality
dotnet_style_readonly_field = true:suggestion
dotnet_code_quality_unused_parameters = non_public:suggestion
# Expression-level preferences
dotnet_style_object_initializer = true:suggestion
dotnet_style_collection_initializer = true:suggestion
dotnet_style_explicit_tuple_names = true:suggestion
dotnet_style_coalesce_expression = true:suggestion
dotnet_style_null_propagation = true:suggestion
dotnet_style_prefer_is_null_check_over_reference_equality_method = true:suggestion
dotnet_style_prefer_inferred_tuple_names = true:suggestion
dotnet_style_prefer_inferred_anonymous_type_member_names = true:suggestion
dotnet_style_prefer_auto_properties = true:suggestion
dotnet_style_prefer_conditional_expression_over_assignment = true:silent
dotnet_style_prefer_conditional_expression_over_return = true:silent
csharp_prefer_simple_default_expression = true:suggestion
# Expression-bodied members
csharp_style_expression_bodied_methods = true:silent
csharp_style_expression_bodied_constructors = true:silent
csharp_style_expression_bodied_operators = true:silent
csharp_style_expression_bodied_properties = true:silent
csharp_style_expression_bodied_indexers = true:silent
csharp_style_expression_bodied_accessors = true:silent
csharp_style_expression_bodied_lambdas = true:silent
csharp_style_expression_bodied_local_functions = true:silent
# Pattern matching
csharp_style_pattern_matching_over_is_with_cast_check = true:suggestion
csharp_style_pattern_matching_over_as_with_null_check = true:suggestion
csharp_style_inlined_variable_declaration = true:suggestion
# Null checking preferences
csharp_style_throw_expression = true:suggestion
csharp_style_conditional_delegate_call = true:suggestion
# Other features
csharp_style_prefer_index_operator = false:none
csharp_style_prefer_range_operator = false:none
csharp_style_pattern_local_over_anonymous_function = false:none
# Space preferences
csharp_space_after_cast = false
csharp_space_after_colon_in_inheritance_clause = true
csharp_space_after_comma = true
csharp_space_after_dot = false
csharp_space_after_keywords_in_control_flow_statements = true
csharp_space_after_semicolon_in_for_statement = true
csharp_space_around_binary_operators = before_and_after
csharp_space_around_declaration_statements = do_not_ignore
csharp_space_before_colon_in_inheritance_clause = true
csharp_space_before_comma = false
csharp_space_before_dot = false
csharp_space_before_open_square_brackets = false
csharp_space_before_semicolon_in_for_statement = false
csharp_space_between_empty_square_brackets = false
csharp_space_between_method_call_empty_parameter_list_parentheses = false
csharp_space_between_method_call_name_and_opening_parenthesis = false
csharp_space_between_method_call_parameter_list_parentheses = false
csharp_space_between_method_declaration_empty_parameter_list_parentheses = false
csharp_space_between_method_declaration_name_and_open_parenthesis = false
csharp_space_between_method_declaration_parameter_list_parentheses = false
csharp_space_between_parentheses = false
csharp_space_between_square_brackets = false
# Analyzers
dotnet_code_quality.ca1802.api_surface = private, internal
dotnet_code_quality.ca2208.api_surface = public
# License header
file_header_template = Licensed to the .NET Foundation under one or more agreements.\nThe .NET Foundation licenses this file to you under the MIT license.\n
# Xml project files
[*.{csproj,vbproj,vcxproj,vcxproj.filters,proj,nativeproj,locproj}]
indent_size = 2
[*.{csproj,vbproj,proj,nativeproj,locproj}]
charset = utf-8
# Xml build files
[*.builds]
indent_size = 2
# Xml files
[*.{xml,stylecop,resx,ruleset}]
indent_size = 2
# Xml config files
[*.{props,targets,config,nuspec}]
indent_size = 2
# YAML config files
[*.{yml,yaml}]
indent_size = 2
# Shell scripts
[*.sh]
end_of_line = lf
[*.{cmd, bat}]
end_of_line = crlf

80
.gitattributes vendored Normal file
View File

@ -0,0 +1,80 @@
# Set default behavior to automatically normalize line endings.
* text=auto
*.doc diff=astextplain
*.DOC diff=astextplain
*.docx diff=astextplain
*.DOCX diff=astextplain
*.dot diff=astextplain
*.DOT diff=astextplain
*.pdf diff=astextplain
*.PDF diff=astextplain
*.rtf diff=astextplain
*.RTF diff=astextplain
*.jpg binary
*.png binary
*.gif binary
# Force bash scripts to always use lf line endings so that if a repo is accessed
# in Unix via a file share from Windows, the scripts will work.
*.in text eol=lf
*.sh text eol=lf
# Likewise, force cmd and batch scripts to always use crlf
*.cmd text eol=crlf
*.bat text eol=crlf
*.cs text=auto diff=csharp
*.vb text=auto
*.resx text=auto
*.c text=auto
*.cpp text=auto
*.cxx text=auto
*.h text=auto
*.hxx text=auto
*.py text=auto
*.rb text=auto
*.java text=auto
*.html text=auto
*.htm text=auto
*.css text=auto
*.scss text=auto
*.sass text=auto
*.less text=auto
*.js text=auto
*.lisp text=auto
*.clj text=auto
*.sql text=auto
*.php text=auto
*.lua text=auto
*.m text=auto
*.asm text=auto
*.erl text=auto
*.fs text=auto
*.fsx text=auto
*.hs text=auto
*.csproj text=auto
*.vbproj text=auto
*.fsproj text=auto
*.dbproj text=auto
*.sln text=auto eol=crlf
# Set linguist language for .h files explicitly based on
# https://github.com/github/linguist/issues/1626#issuecomment-401442069
# this only affects the repo's language statistics
*.h linguist-language=C
# CLR specific
src/coreclr/src/pal/tests/palsuite/paltestlist.txt text eol=lf
src/coreclr/src/pal/tests/palsuite/paltestlist_to_be_reviewed.txt text eol=lf
src/coreclr/tests/src/JIT/Performance/CodeQuality/BenchmarksGame/regexdna/regexdna-input25.txt text eol=lf
src/coreclr/tests/src/JIT/Performance/CodeQuality/BenchmarksGame/regexdna/regexdna-input25000.txt text eol=lf
src/coreclr/tests/src/JIT/Performance/CodeQuality/BenchmarksGame/regex-redux/regexdna-input25.txt text eol=lf
src/coreclr/tests/src/JIT/Performance/CodeQuality/BenchmarksGame/regex-redux/regexdna-input25000.txt text eol=lf
src/coreclr/tests/src/JIT/Performance/CodeQuality/BenchmarksGame/reverse-complement/revcomp-input25.txt text eol=lf
src/coreclr/tests/src/JIT/Performance/CodeQuality/BenchmarksGame/reverse-complement/revcomp-input25000.txt text eol=lf
src/coreclr/tests/src/JIT/Performance/CodeQuality/BenchmarksGame/k-nucleotide/knucleotide-input.txt text eol=lf
src/coreclr/tests/src/JIT/Performance/CodeQuality/BenchmarksGame/k-nucleotide/knucleotide-input-big.txt text eol=lf
src/coreclr/tests/src/performance/Scenario/JitBench/Resources/word2vecnet.patch text eol=lf

47
.github/ISSUE_TEMPLATE/bug-report.md vendored Normal file
View File

@ -0,0 +1,47 @@
---
name: 🐞 Bug report
about: Create a report about something that is not working
labels: 'bug'
---
<!--
Please keep in mind that the GitHub issue tracker is not intended as a general support forum, but for reporting **non-security** bugs and feature requests.
If you're reporting the presence of an already disclosed security vulnerability, such as a CVE, you must follow the documented guidance on vulnerability reporting at https://github.com/dotnet/dotnet-docker/blob/main/documentation/vulnerability-reporting.md.
If you believe you have an issue that affects the security of .NET, please do NOT create an issue and instead email your issue details to secure@microsoft.com. Your report may be eligible for our bug bounty (https://www.microsoft.com/en-us/msrc/bounty-dot-net-core) but ONLY if it is reported through email.
For other types of questions, consider posting to Discussions (https://github.com/dotnet/dotnet-docker/discussions) or Stack Overflow (https://stackoverflow.com).
-->
### Describe the Bug
<!-- A clear and concise description of what the bug is. -->
### Steps to Reproduce
<!--
We ❤ code! Include minimal steps to reproduce the problem if possible or point us to a simple repro project hosted in a GitHub repo.
We will close this issue if:
- the repro project you share with us is complex. We can't investigate complex projects, so don't point us to such, please.
- if we are not able to repro the behavior you're reporting
-->
### Other Information
<!--
* Please include any relevant error messages. If possible please include text rather than images (so it shows up in searches).
* Does this issue consistently happen? Include the conditions which cause the problem to occur.
* Do you know of any workarounds?
-->
### Output of `docker version`
<!-- Paste the output of `docker version` here. -->
### Output of `docker info`
<!-- Paste the output of `docker info` here. -->
<!-- Thanks for taking the time to report this! -->

26
.github/ISSUE_TEMPLATE/config.yml vendored Normal file
View File

@ -0,0 +1,26 @@
blank_issues_enabled: true
contact_links:
- name: Discussions
url: https://github.com/dotnet/dotnet-docker/discussions
about: Is your issue perhaps more of a discussion or question? Please start a new discussion.
- name: Issue with .NET runtime or core .NET libraries
url: https://github.com/dotnet/runtime/issues/new/choose
about: Please open issues relating to the .NET runtime or core .NET libraries in dotnet/runtime.
- name: Issue with ASP.NET Core
url: https://github.com/dotnet/efcore/issues/new/choose
about: Please open issues relating to ASP.NET Core in dotnet/aspnetcore.
- name: Issue with .NET SDK
url: https://github.com/dotnet/sdk/issues/new/choose
about: Please open issues relating to the .NET SDK itself in dotnet/sdk.
- name: Issue with other .NET components
url: https://github.com/dotnet/core/blob/master/Documentation/core-repos.md
about: Having issues with other .NET components? Please find the correct location where to open an issue.
- name: Issue with Visual Studio Tools for Docker
url: https://github.com/microsoft/dockertools/issues
about: Please open issues relating to the Visual Studio Tools for Docker in microsoft/dockertools.
- name: Issue with Microsoft Container Registry (MCR)
url: https://github.com/microsoft/containerregistry/issues
about: Please open issues relating to the Microsoft Container Registry (MCR) in microsoft/containerregistry.
- name: Issue with Windows containers
url: https://github.com/Microsoft/Windows-Containers/issues
about: Please open issues relating to Windows containers in microsoft/Windows-Containers.

22
.github/ISSUE_TEMPLATE/feature-request.md vendored Normal file
View File

@ -0,0 +1,22 @@
---
name: 💡 Feature request
about: Suggest an idea for this project
labels: 'enhancement'
---
### Describe the Problem
<!--
A clear and concise description of what the problem is.
Example: I am trying to do [...] but [...]
-->
### Describe the Solution
<!-- A clear and concise description of what you want to happen. Include any alternative solutions you've considered. -->
### Additional Context
<!-- Add any other context or screenshots about the feature request here. -->
<!-- Thanks for taking the time to suggest this! -->

65
.github/ISSUE_TEMPLATE/releases/dotnet-release.md vendored Normal file
View File

@ -0,0 +1,65 @@
# .NET Release
## Release Versions
_The set of .NET versions that are being released as a unit._
* .NET &lt;major/minor version&gt;
* Runtime: &lt;full version&gt;
* ASP.NET Core: &lt;full version&gt;
* SDK: &lt;full version&gt;
* Monitor: &lt;full version&gt;
## 1. Main Branch Tasks
1. - [ ] Merge appropriate commits from nightly branch on local repo. Identify what to merge by checking [commit history](https://github.com/dotnet/dotnet-docker/commits/nightly) since the last release. Things to check:
- [ ] New/EOL distro
- [ ] Infrastructure changes
- [ ] PowerShell version
- [ ] Check for additional changes by diffing the main and nightly branches
- [ ] &lt;add link to PR/commit&gt;
1. - [ ] Check whether a change has been made to a Dockerfile that is shared by multiple .NET versions. If a change has been made and the .NET versions that share that file are not being released at the same time, define a separate Dockerfile to isolate the change to the .NET version that's being released. Conversely, after a shared Dockerfile has diverged in such a way, it should be combined again into a shared Dockerfile when the other other .NET version is released. Shared Dockerfiles to check:
- [ ] 6.0 runtime-deps shared with 7.0
1. - [ ] Run `update-dependencies` tool to update all the necessary files to reflect the specified .NET versions (run this command for each version being released):
- [ ] `./eng/Set-DotnetVersions.ps1 -ProductVersion <major/minor version> -SdkVersion <sdk> -RuntimeVersion <runtime> -AspnetVersion <aspnet>`
- [ ] .NET Monitor has its own major/minor versioning scheme, so it is updated separately:
- [ ] `./eng/Set-DotnetVersions.ps1 -ProductVersion <major/minor version> -MonitorVersion <version>`
1. - [ ] Wait for .NET archive files (.zip, .tar.gz) to be available at blob storage location
1. - [ ] Inspect generated changes for correctness
1. - [ ] Create PR
1. - [ ] Get PR approval
1. - [ ] Merge PR
1. - [ ] Wait for changes to be mirrored to internal [dotnet-docker repo](https://dev.azure.com/dnceng/internal/_git/dotnet-dotnet-docker) (internal MSFT link)
1. - [ ] Run [dotnet-docker pipeline](https://dev.azure.com/dnceng/internal/_build?definitionId=373) (internal MSFT link) with variables:
Servicing release:
noCache: true
If NuGet packages aren't published yet, you can split the pipeline up into two runs. First, run only the build stage with the variables:
stages: build
Then once NuGet packages are live, run the pipeline again with variables:
stages: test;publish
sourceBuildId: <Build ID from the build stage>
1. - [ ] Confirm successful pipeline run(s)
1. - [ ] Update [CBL Mariner docs on Engineering Hub](https://eng.ms/docs/products/mariner-linux/gettingstarted/containers/dotnet) with new Mariner tags by clicking the `Improve this Doc` button and editing the file in the repo.
## 2. Sample Images (Not needed for Preview-only release)
1. - [ ] Confirm run for [dotnet-docker-samples pipeline](https://dev.azure.com/dnceng/internal/_build?definitionId=376) (internal MSFT link) was queued. This will be queued automatically by [dotnet-docker-tools-check-base-image-updates](https://dev.azure.com/dnceng/internal/_build?definitionId=536) when it detects that the product images have been updated (detection runs on a schedule). Alternatively, you can manually queue the samples build.
1. - [ ] Confirm successful pipeline run
## 3. Nightly Branch Tasks (Not needed for Preview-only release)
1. - [ ] Merge main branch to nightly on local repo
1. - [ ] Run the same `Set-DotnetVersions.ps1` command(s) in nightly that were run for the main branch
1. - [ ] Inspect generated changes for correctness
1. - [ ] Create PR
1. - [ ] Get PR approval
1. - [ ] Merge PR
1. - [ ] Confirm CI build is automatically run for [dotnet-docker-nightly pipeline](https://dev.azure.com/dnceng/internal/_build?definitionId=359) (internal MSFT link)
1. - [ ] Confirm successful pipeline run
1. - [ ] If the release contains a preview, update the `channel` variable in the [dotnet-docker-update-dependencies pipeline](https://dev.azure.com/dnceng/internal/_apps/hub/ms.vss-build-web.ci-designer-hub?pipelineId=470) to point to the next release. You can see available channels and builds in [BarViz](https://maestro-prod.westus2.cloudapp.azure.com/). If there are no builds available for the next preview yet, drop the preview designation (e.g. `8.0.1xx`). When branding happens and dotnet/installer branches, then this variable will need to be updated again.

33
.github/ISSUE_TEMPLATE/releases/new-distro-release.md vendored Normal file
View File

@ -0,0 +1,33 @@
# New Linux Distro Version
Distro: &lt;name/version&gt;
## ImageBuilder Tasks
- [ ] Ensure that the ImageBuilder supports the new distro version in the [code](https://github.com/dotnet/docker-tools/blob/main/src/Microsoft.DotNet.ImageBuilder/src/McrTagsMetadataGenerator.cs) to generate the correct README display name from the version specified in the manifest
## Nightly Branch Tasks
1. - [ ] Copy the Dockerfiles of the most recent version of that distro (or author new ones for an entirely new distro) and place them in a version-specific folder under their respective variants (runtime-deps, runtime, aspnet, sdk). Note: not all variants have a corresponding runtime-deps image.
1. - [ ] Modify the Dockerfiles as appropriate for any specific changes related to the new distro version
1. - [ ] Update [manifest.json](https://github.com/dotnet/dotnet-docker/blob/nightly/manifest.json) to reference the new set of Dockerfiles with the appropriate tags
- [ ] Move any distro-specific floating tags to the newer version (e.g. `6.0-alpine`)
1. - [ ] Update the [test data](https://github.com/dotnet/dotnet-docker/blob/nightly/tests/Microsoft.DotNet.Docker.Tests/TestData.cs) to include the new distro version
1. - [ ] Update the [tags metadata templates](https://github.com/dotnet/dotnet-docker/tree/main/eng/mcr-tags-metadata-templates) to include the new distro version
1. - [ ] Run the command to update the READMEs: `.\eng\readme-templates\Get-GeneratedReadmes.ps1`
1. - [ ] Run the command to update the image size baseline file: `.\tests\performance\Validate-ImageSize.ps1 -UpdateBaselines`
1. - [ ] Inspect generated changes for correctness
1. - [ ] Consider whether sample Dockerfiles should be authored if this is a new distro and them to the [samples](https://github.com/dotnet/dotnet-docker/tree/main/samples)
1. - [ ] Run the command to build and test your changes: `.build-and-test.ps1 -OS <os>`
1. - [ ] Commit generated changes
1. - [ ] Create PR
1. - [ ] Get PR signoff
1. - [ ] Merge PR to nightly branch
1. - [ ] Wait for automatically queued CI build to finish on [dotnet-docker-nightly pipeline](https://dev.azure.com/dnceng/internal/_build?definitionId=359) (internal MSFT link)
1. - [ ] Confirm READMEs have been updated in [Docker Hub](https://hub.docker.com/_/microsoft-dotnet)
## Main Branch Tasks
1. - [ ] After the product teams have signed off on the new distro, merge these changes to the main branch as part of the [release process](dotnet-release.md) for the next .NET release
- [ ] For Alpine, follow the [policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md) to only update the floating `alpine` tag one month after the release of the new Alpine version. Since nightly will already have the floating tag updated, the initial release of the new Alpine version to main will need to account for this and keep it set to the older version for one month.
1. - [ ] Create an announcement (example: [Alpine 3.10](https://github.com/dotnet/dotnet-docker/issues/1418)) unless the new distro is added only for pre-release versions in which the announcement would be incorporated in the pre-release notes.

31
.github/ISSUE_TEMPLATE/releases/new-windows-release.md vendored Normal file
View File

@ -0,0 +1,31 @@
# New Windows Release
Windows version: &lt;version&gt;
## Main Branch Tasks
1. - [ ] Ensure a ["New Windows Release" issue](https://github.com/dotnet/docker-tools/blob/main/.github/ISSUE_TEMPLATE/releases/new-windows-release.md) exists for docker-tools repo
1. - [ ] Copy the Dockerfiles of the most recent published Windows version for all supported .NET versions and place them in a version-specific folder under their respective variants (runtime, aspnet, sdk)
1. - [ ] Modify the Dockerfile templates if there are any specific changes needed that are related to the new Windows version
1. - [ ] Update [manifest.json](https://github.com/dotnet/dotnet-docker/blob/nightly/manifest.json) to reference the new set of Dockerfiles with the appropriate tags
1. - [ ] Update the [test data](https://github.com/dotnet/dotnet-docker/blob/nightly/tests/Microsoft.DotNet.Docker.Tests/TestData.cs) to include the new Windows version
1. - [ ] Update the [tags metadata templates](https://github.com/dotnet/dotnet-docker/tree/main/eng/mcr-tags-metadata-templates) to include the new Windows version
1. - [ ] Run the command to update the READMEs: `.\eng\readme-templates\Get-GeneratedReadmes.ps1`
1. - [ ] Run the command to update the image size baseline file: `.\tests\performance\Validate-ImageSize.ps1 -UpdateBaselines`
1. - [ ] Inspect generated changes for correctness
1. - [ ] Test the images
1. - [ ] Create a local VM of the new Windows version
1. - [ ] Clone this repo with the above changes onto the VM
1. - [ ] Run `.\build-and-test.ps1 -OS nanoserver-<VERSION>` to build and test your changes for Nano Server
1. - [ ] Run `.\build-and-test.ps1 -OS windowsservercore-<VERSION>` to build and test your changes for Windows Server Core
1. - [ ] Create PR
1. - [ ] Get PR signoff
1. - [ ] Merge PR and build/publish as part of the main branch [release process](dotnet-release.md) for the next .NET release
1. - [ ] Create an announcement (example: [Nano Server, version 20H2](https://github.com/dotnet/dotnet-docker/issues/2322))
1. - [ ] Update the samples to reference the new Windows version:
- [ ] [Nano Server and Windows Server Core sample Dockerfiles](https://github.com/dotnet/dotnet-docker/tree/main/samples)
- [ ] [manifest.samples.json](https://github.com/dotnet/dotnet-docker/blob/main/manifest.samples.json)
## Nightly Branch Tasks
- [ ] Merge these changes to the nightly branch as part of the nightly branch [release process](dotnet-release.md) for the next .NET release.

17
.github/ISSUE_TEMPLATE/releases/patch-tuesday-release.md vendored Normal file
View File

@ -0,0 +1,17 @@
# Patch Tuesday Release
## Tasks
1. - [ ] Run the [`Get-BaseImageStatus.ps1`](https://github.com/dotnet/dotnet-docker/blob/main/eng/common/Get-BaseImageStatus.ps1) script and wait until the Windows images have been updated as part of the Windows Patch Tuesday release process. This script will display when the dependent Windows images were last updated. Wait until all the images show that they have been recently updated. "Recently updated" amounts to be having been updated within the past week or so; images from a month ago should be considered to be the old version.
./eng/common/Get-BaseImageStatus.ps1 -Continuous
1. - [ ] Run [dotnet-docker pipeline](https://dev.azure.com/dnceng/internal/_build?definitionId=373) (internal MSFT link) with the following parameters:
imageBuilder.pathArgs: --path '*nanoserver*' --path '*windowsservercore*'
1. - [ ] Confirm successful run of dotnet-docker pipeline
1. - [ ] Run [dotnet-docker-nightly pipeline](https://dev.azure.com/dnceng/internal/_build?definitionId=359) (internal MSFT link) with the following parameters:
imageBuilder.pathArgs: --path '*nanoserver*' --path '*windowsservercore*'
1. - [ ] Confirm successful run of dotnet-docker-nightly pipeline
1. - [ ] Confirm run for [dotnet-docker-samples](https://dev.azure.com/dnceng/internal/_build?definitionId=376) (internal MSFT link) was queued. This will be queued automatically by [dotnet-docker-tools-check-base-image-updates](https://dev.azure.com/dnceng/internal/_build?definitionId=536) when it detects that the product images have been updated (detection runs on a schedule). Alternatively, you can manually queue the samples build.
1. - [ ] Confirm successful run of dotnet-docker-samples pipeline

29
.gitignore vendored Normal file
View File

@ -0,0 +1,29 @@
# Build output
[Bb]in/
[Oo]bj/
[Oo]ut/
# cache for misc downloads
artifacts/
# dotnet install directory
.dotnet/
# Visual Studio 2015 cache/options directory
.vs/
# Visual Studio Code cache/options directory
.vscode/
# Visual Studio debug profile
**/launchSettings.json
# Test files
*.trx
# User-specific files
*.suo
*.user
# ImageBuilder directory
.Microsoft.DotNet.ImageBuilder

72
.mar/portal/README.aspnet.portal.md Normal file
View File

@ -0,0 +1,72 @@
## About
This image contains the ASP.NET Core and .NET runtimes and libraries and is optimized for running ASP.NET Core apps in production.
Watch [discussions](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) for Docker-related .NET announcements.
## Featured Tags
* `7.0` (Standard Support)
* `docker pull mcr.microsoft.com/dotnet/aspnet:7.0`
* `6.0` (Long-Term Support)
* `docker pull mcr.microsoft.com/dotnet/aspnet:6.0`
## Related Repositories
.NET:
* [dotnet/sdk](https://mcr.microsoft.com/product/dotnet/sdk/about): .NET SDK
* [dotnet/runtime](https://mcr.microsoft.com/product/dotnet/runtime/about): .NET Runtime
* [dotnet/runtime-deps](https://mcr.microsoft.com/product/dotnet/runtime-deps/about): .NET Runtime Dependencies
* [dotnet/monitor](https://mcr.microsoft.com/product/dotnet/monitor/about): .NET Monitor Tool
* [dotnet/samples](https://mcr.microsoft.com/product/dotnet/samples/about): .NET Samples
* [dotnet/nightly/aspnet](https://mcr.microsoft.com/product/dotnet/nightly/aspnet/about): ASP.NET Core Runtime (Preview)
.NET Framework:
* [dotnet/framework](https://mcr.microsoft.com/catalog?search=dotnet/framework): .NET Framework, ASP.NET and WCF
* [dotnet/framework/samples](https://mcr.microsoft.com/product/dotnet/framework/samples/about): .NET Framework, ASP.NET and WCF Samples
## Usage
The [.NET Docker samples](https://github.com/dotnet/dotnet-docker/blob/main/samples/README.md) show various ways to use .NET and Docker together. See [Building Docker Images for .NET Applications](https://docs.microsoft.com/dotnet/core/docker/building-net-docker-images) to learn more.
### Container sample: Run a web application
You can quickly run a container with a pre-built [.NET Docker image](https://mcr.microsoft.com/product/dotnet/samples/about), based on the [ASP.NET Core sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/README.md).
Type the following command to run a sample web application:
```console
docker run -it --rm -p 8000:80 --name aspnetcore_sample mcr.microsoft.com/dotnet/samples:aspnetapp
```
After the application starts, navigate to `http://localhost:8000` in your web browser.
See [Hosting ASP.NET Core Images with Docker over HTTPS](https://github.com/dotnet/dotnet-docker/blob/main/samples/host-aspnetcore-https.md) to use HTTPS with this image.
## Support
### Lifecycle
* [Microsoft Support for .NET](https://github.com/dotnet/core/blob/main/microsoft-support.md)
* [Supported Container Platforms Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-platforms.md)
* [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)
### Image Update Policy
* We update the supported .NET images within 12 hours of any updates to their base images (e.g. debian:buster-slim, windows/nanoserver:ltsc2022, buildpack-deps:bionic-scm, etc.).
* We publish .NET images as part of releasing new versions of .NET including major/minor and servicing.
### Feedback
* [File an issue](https://github.com/dotnet/dotnet-docker/issues/new/choose)
* [Contact Microsoft Support](https://support.microsoft.com/contactus/)
## License
* Legal Notice: [Container License Information](https://aka.ms/mcr/osslegalnotice)
* [.NET license](https://github.com/dotnet/dotnet-docker/blob/main/LICENSE)
* [Discover licensing for Linux image contents](https://github.com/dotnet/dotnet-docker/blob/main/documentation/image-artifact-details.md)
* [Windows base image license](https://docs.microsoft.com/virtualization/windowscontainers/images-eula) (only applies to Windows containers)
* [Pricing and licensing for Windows Server 2019](https://www.microsoft.com/cloud-platform/windows-server-pricing)

66
.mar/portal/README.monitor.portal.md Normal file
View File

@ -0,0 +1,66 @@
## About
This image contains the .NET Monitor tool.
Use this image as a sidecar container to collect diagnostic information from other containers running .NET Core 3.1 or later processes.
Watch [discussions](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) for Docker-related .NET announcements.
## Featured Tags
* `7` (Standard Support)
* `docker pull mcr.microsoft.com/dotnet/monitor:7`
* `6` (Long-Term Support)
* `docker pull mcr.microsoft.com/dotnet/monitor:6`
## Related Repositories
.NET:
* [dotnet/sdk](https://mcr.microsoft.com/product/dotnet/sdk/about): .NET SDK
* [dotnet/aspnet](https://mcr.microsoft.com/product/dotnet/aspnet/about): ASP.NET Core Runtime
* [dotnet/runtime](https://mcr.microsoft.com/product/dotnet/runtime/about): .NET Runtime
* [dotnet/runtime-deps](https://mcr.microsoft.com/product/dotnet/runtime-deps/about): .NET Runtime Dependencies
* [dotnet/samples](https://mcr.microsoft.com/product/dotnet/samples/about): .NET Samples
* [dotnet/nightly/monitor](https://mcr.microsoft.com/product/dotnet/nightly/monitor/about): .NET Monitor Tool (Preview)
.NET Framework:
* [dotnet/framework](https://mcr.microsoft.com/catalog?search=dotnet/framework): .NET Framework, ASP.NET and WCF
* [dotnet/framework/samples](https://mcr.microsoft.com/product/dotnet/framework/samples/about): .NET Framework, ASP.NET and WCF Samples
## Usage
The [.NET Docker samples](https://github.com/dotnet/dotnet-docker/blob/main/samples/README.md) show various ways to use .NET and Docker together. See [Building Docker Images for .NET Applications](https://docs.microsoft.com/dotnet/core/docker/building-net-docker-images) to learn more.
### Container sample: Run the tool
You can run a container with a pre-built [.NET Docker Image](https://mcr.microsoft.com/product/dotnet/monitor/about), based on the dotnet-monitor global tool.
See the [documentation](https://go.microsoft.com/fwlink/?linkid=2158052) for how to configure the image to be run in a Docker or Kubernetes environment, including how to configure authentication and certificates for https bindings.
## Support
### Lifecycle
* [Microsoft Support for .NET](https://github.com/dotnet/core/blob/main/microsoft-support.md)
* [Supported Container Platforms Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-platforms.md)
* [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)
### Image Update Policy
* We update the supported .NET images within 12 hours of any updates to their base images (e.g. debian:buster-slim, windows/nanoserver:ltsc2022, buildpack-deps:bionic-scm, etc.).
* We publish .NET images as part of releasing new versions of .NET including major/minor and servicing.
### Feedback
* [File an issue](https://github.com/dotnet/dotnet-docker/issues/new/choose)
* [Contact Microsoft Support](https://support.microsoft.com/contactus/)
## License
* Legal Notice: [Container License Information](https://aka.ms/mcr/osslegalnotice)
* [.NET license](https://github.com/dotnet/dotnet-docker/blob/main/LICENSE)
* [Discover licensing for Linux image contents](https://github.com/dotnet/dotnet-docker/blob/main/documentation/image-artifact-details.md)
* [Windows base image license](https://docs.microsoft.com/virtualization/windowscontainers/images-eula) (only applies to Windows containers)
* [Pricing and licensing for Windows Server 2019](https://www.microsoft.com/cloud-platform/windows-server-pricing)

60
.mar/portal/README.runtime-deps.portal.md Normal file
View File

@ -0,0 +1,60 @@
## About
This image contains the native dependencies needed by .NET. It does not include .NET. It is for [self-contained](https://docs.microsoft.com/dotnet/articles/core/deploying/index) applications.
Watch [discussions](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) for Docker-related .NET announcements.
## Featured Tags
* `7.0` (Standard Support)
* `docker pull mcr.microsoft.com/dotnet/runtime-deps:7.0`
* `6.0` (Long-Term Support)
* `docker pull mcr.microsoft.com/dotnet/runtime-deps:6.0`
## Related Repositories
.NET:
* [dotnet/sdk](https://mcr.microsoft.com/product/dotnet/sdk/about): .NET SDK
* [dotnet/aspnet](https://mcr.microsoft.com/product/dotnet/aspnet/about): ASP.NET Core Runtime
* [dotnet/runtime](https://mcr.microsoft.com/product/dotnet/runtime/about): .NET Runtime
* [dotnet/monitor](https://mcr.microsoft.com/product/dotnet/monitor/about): .NET Monitor Tool
* [dotnet/samples](https://mcr.microsoft.com/product/dotnet/samples/about): .NET Samples
* [dotnet/nightly/runtime-deps](https://mcr.microsoft.com/product/dotnet/nightly/runtime-deps/about): .NET Runtime Dependencies (Preview)
.NET Framework:
* [dotnet/framework](https://mcr.microsoft.com/catalog?search=dotnet/framework): .NET Framework, ASP.NET and WCF
* [dotnet/framework/samples](https://mcr.microsoft.com/product/dotnet/framework/samples/about): .NET Framework, ASP.NET and WCF Samples
## Usage
The [.NET Docker samples](https://github.com/dotnet/dotnet-docker/blob/main/samples/README.md) show various ways to use .NET and Docker together. See [Building Docker Images for .NET Applications](https://docs.microsoft.com/dotnet/core/docker/building-net-docker-images) to learn more.
* [.NET self-contained Sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/README.md) - This [sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/Dockerfile.debian-x64-slim) builds and runs an application as a self-contained application.
## Support
### Lifecycle
* [Microsoft Support for .NET](https://github.com/dotnet/core/blob/main/microsoft-support.md)
* [Supported Container Platforms Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-platforms.md)
* [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)
### Image Update Policy
* We update the supported .NET images within 12 hours of any updates to their base images (e.g. debian:buster-slim, windows/nanoserver:ltsc2022, buildpack-deps:bionic-scm, etc.).
* We publish .NET images as part of releasing new versions of .NET including major/minor and servicing.
### Feedback
* [File an issue](https://github.com/dotnet/dotnet-docker/issues/new/choose)
* [Contact Microsoft Support](https://support.microsoft.com/contactus/)
## License
* Legal Notice: [Container License Information](https://aka.ms/mcr/osslegalnotice)
* [.NET license](https://github.com/dotnet/dotnet-docker/blob/main/LICENSE)
* [Discover licensing for Linux image contents](https://github.com/dotnet/dotnet-docker/blob/main/documentation/image-artifact-details.md)
* [Windows base image license](https://docs.microsoft.com/virtualization/windowscontainers/images-eula) (only applies to Windows containers)
* [Pricing and licensing for Windows Server 2019](https://www.microsoft.com/cloud-platform/windows-server-pricing)

68
.mar/portal/README.runtime.portal.md Normal file
View File

@ -0,0 +1,68 @@
## About
This image contains the .NET runtimes and libraries and is optimized for running .NET apps in production.
Watch [discussions](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) for Docker-related .NET announcements.
## Featured Tags
* `7.0` (Standard Support)
* `docker pull mcr.microsoft.com/dotnet/runtime:7.0`
* `6.0` (Long-Term Support)
* `docker pull mcr.microsoft.com/dotnet/runtime:6.0`
## Related Repositories
.NET:
* [dotnet/sdk](https://mcr.microsoft.com/product/dotnet/sdk/about): .NET SDK
* [dotnet/aspnet](https://mcr.microsoft.com/product/dotnet/aspnet/about): ASP.NET Core Runtime
* [dotnet/runtime-deps](https://mcr.microsoft.com/product/dotnet/runtime-deps/about): .NET Runtime Dependencies
* [dotnet/monitor](https://mcr.microsoft.com/product/dotnet/monitor/about): .NET Monitor Tool
* [dotnet/samples](https://mcr.microsoft.com/product/dotnet/samples/about): .NET Samples
* [dotnet/nightly/runtime](https://mcr.microsoft.com/product/dotnet/nightly/runtime/about): .NET Runtime (Preview)
.NET Framework:
* [dotnet/framework](https://mcr.microsoft.com/catalog?search=dotnet/framework): .NET Framework, ASP.NET and WCF
* [dotnet/framework/samples](https://mcr.microsoft.com/product/dotnet/framework/samples/about): .NET Framework, ASP.NET and WCF Samples
## Usage
The [.NET Docker samples](https://github.com/dotnet/dotnet-docker/blob/main/samples/README.md) show various ways to use .NET and Docker together. See [Building Docker Images for .NET Applications](https://docs.microsoft.com/dotnet/core/docker/building-net-docker-images) to learn more.
### Container sample: Run a simple application
You can quickly run a container with a pre-built [.NET Docker image](https://mcr.microsoft.com/product/dotnet/samples/about), based on the [.NET console sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/README.md).
Type the following command to run a sample console application:
```console
docker run --rm mcr.microsoft.com/dotnet/samples
```
## Support
### Lifecycle
* [Microsoft Support for .NET](https://github.com/dotnet/core/blob/main/microsoft-support.md)
* [Supported Container Platforms Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-platforms.md)
* [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)
### Image Update Policy
* We update the supported .NET images within 12 hours of any updates to their base images (e.g. debian:buster-slim, windows/nanoserver:ltsc2022, buildpack-deps:bionic-scm, etc.).
* We publish .NET images as part of releasing new versions of .NET including major/minor and servicing.
### Feedback
* [File an issue](https://github.com/dotnet/dotnet-docker/issues/new/choose)
* [Contact Microsoft Support](https://support.microsoft.com/contactus/)
## License
* Legal Notice: [Container License Information](https://aka.ms/mcr/osslegalnotice)
* [.NET license](https://github.com/dotnet/dotnet-docker/blob/main/LICENSE)
* [Discover licensing for Linux image contents](https://github.com/dotnet/dotnet-docker/blob/main/documentation/image-artifact-details.md)
* [Windows base image license](https://docs.microsoft.com/virtualization/windowscontainers/images-eula) (only applies to Windows containers)
* [Pricing and licensing for Windows Server 2019](https://www.microsoft.com/cloud-platform/windows-server-pricing)

81
.mar/portal/README.samples.portal.md Normal file
View File

@ -0,0 +1,81 @@
## About
These images contain sample .NET and ASP.NET Core applications.
Watch [discussions](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) for Docker-related .NET announcements.
## Featured Tags
* `dotnetapp` [(*Dockerfile*)](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/Dockerfile)
* `docker pull mcr.microsoft.com/dotnet/samples:dotnetapp`
* `aspnetapp` [(*Dockerfile*)](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/Dockerfile)
* `docker pull mcr.microsoft.com/dotnet/samples:aspnetapp`
## Related Repositories
.NET:
* [dotnet/sdk](https://mcr.microsoft.com/product/dotnet/sdk/about): .NET SDK
* [dotnet/aspnet](https://mcr.microsoft.com/product/dotnet/aspnet/about): ASP.NET Core Runtime
* [dotnet/runtime](https://mcr.microsoft.com/product/dotnet/runtime/about): .NET Runtime
* [dotnet/runtime-deps](https://mcr.microsoft.com/product/dotnet/runtime-deps/about): .NET Runtime Dependencies
* [dotnet/monitor](https://mcr.microsoft.com/product/dotnet/monitor/about): .NET Monitor Tool
.NET Framework:
* [dotnet/framework](https://mcr.microsoft.com/catalog?search=dotnet/framework): .NET Framework, ASP.NET and WCF
* [dotnet/framework/samples](https://mcr.microsoft.com/product/dotnet/framework/samples/about): .NET Framework, ASP.NET and WCF Samples
## Usage
The [.NET Docker samples](https://github.com/dotnet/dotnet-docker/blob/main/samples/README.md) show various ways to use .NET and Docker together. See [Building Docker Images for .NET Applications](https://docs.microsoft.com/dotnet/core/docker/building-net-docker-images) to learn more.
### Container sample: Run a simple application
You can quickly run a container with a pre-built [.NET Docker image](https://mcr.microsoft.com/product/dotnet/samples/about), based on the [.NET console sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/README.md).
Type the following command to run a sample console application:
```console
docker run --rm mcr.microsoft.com/dotnet/samples
```
### Container sample: Run a web application
You can quickly run a container with a pre-built [.NET Docker image](https://mcr.microsoft.com/product/dotnet/samples/about), based on the [ASP.NET Core sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/README.md).
Type the following command to run a sample web application:
```console
docker run -it --rm -p 8000:80 --name aspnetcore_sample mcr.microsoft.com/dotnet/samples:aspnetapp
```
After the application starts, navigate to `http://localhost:8000` in your web browser.
See [Hosting ASP.NET Core Images with Docker over HTTPS](https://github.com/dotnet/dotnet-docker/blob/main/samples/host-aspnetcore-https.md) to use HTTPS with this image.
## Support
### Lifecycle
* [Microsoft Support for .NET](https://github.com/dotnet/core/blob/main/microsoft-support.md)
* [Supported Container Platforms Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-platforms.md)
* [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)
### Image Update Policy
* We update the supported .NET images within 12 hours of any updates to their base images (e.g. debian:buster-slim, windows/nanoserver:ltsc2022, buildpack-deps:bionic-scm, etc.).
* We publish .NET images as part of releasing new versions of .NET including major/minor and servicing.
### Feedback
* [File an issue](https://github.com/dotnet/dotnet-docker/issues/new/choose)
* [Contact Microsoft Support](https://support.microsoft.com/contactus/)
## License
* Legal Notice: [Container License Information](https://aka.ms/mcr/osslegalnotice)
* [.NET license](https://github.com/dotnet/dotnet-docker/blob/main/LICENSE)
* [Discover licensing for Linux image contents](https://github.com/dotnet/dotnet-docker/blob/main/documentation/image-artifact-details.md)
* [Windows base image license](https://docs.microsoft.com/virtualization/windowscontainers/images-eula) (only applies to Windows containers)
* [Pricing and licensing for Windows Server 2019](https://www.microsoft.com/cloud-platform/windows-server-pricing)

77
.mar/portal/README.sdk.portal.md Normal file
View File

@ -0,0 +1,77 @@
## About
This image contains the .NET SDK which is comprised of three parts:
1. .NET CLI
1. .NET runtime
1. ASP.NET Core
Use this image for your development process (developing, building and testing applications).
Watch [discussions](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) for Docker-related .NET announcements.
## Featured Tags
* `7.0` (Standard Support)
* `docker pull mcr.microsoft.com/dotnet/sdk:7.0`
* `6.0` (Long-Term Support)
* `docker pull mcr.microsoft.com/dotnet/sdk:6.0`
## Related Repositories
.NET:
* [dotnet/aspnet](https://mcr.microsoft.com/product/dotnet/aspnet/about): ASP.NET Core Runtime
* [dotnet/runtime](https://mcr.microsoft.com/product/dotnet/runtime/about): .NET Runtime
* [dotnet/runtime-deps](https://mcr.microsoft.com/product/dotnet/runtime-deps/about): .NET Runtime Dependencies
* [dotnet/monitor](https://mcr.microsoft.com/product/dotnet/monitor/about): .NET Monitor Tool
* [dotnet/samples](https://mcr.microsoft.com/product/dotnet/samples/about): .NET Samples
* [dotnet/nightly/sdk](https://mcr.microsoft.com/product/dotnet/nightly/sdk/about): .NET SDK (Preview)
.NET Framework:
* [dotnet/framework](https://mcr.microsoft.com/catalog?search=dotnet/framework): .NET Framework, ASP.NET and WCF
* [dotnet/framework/samples](https://mcr.microsoft.com/product/dotnet/framework/samples/about): .NET Framework, ASP.NET and WCF Samples
## Usage
The [.NET Docker samples](https://github.com/dotnet/dotnet-docker/blob/main/samples/README.md) show various ways to use .NET and Docker together. See [Building Docker Images for .NET Applications](https://docs.microsoft.com/dotnet/core/docker/building-net-docker-images) to learn more.
### Building .NET Apps with Docker
* [.NET Docker Sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/README.md) - This [sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/Dockerfile) builds, tests, and runs the sample. It includes and builds multiple projects.
* [ASP.NET Core Docker Sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/README.md) - This [sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/Dockerfile) demonstrates using Docker with an ASP.NET Core Web App.
### Develop .NET Apps in a Container
The following samples show how to develop, build and test .NET applications with Docker without the need to install the .NET SDK.
* [Build .NET Applications with SDK Container](https://github.com/dotnet/dotnet-docker/blob/main/samples/build-in-sdk-container.md)
* [Test .NET Applications with SDK Container](https://github.com/dotnet/dotnet-docker/blob/main/samples/run-tests-in-sdk-container.md)
* [Run .NET Applications with SDK Container](https://github.com/dotnet/dotnet-docker/blob/main/samples/run-in-sdk-container.md)
## Support
### Lifecycle
* [Microsoft Support for .NET](https://github.com/dotnet/core/blob/main/microsoft-support.md)
* [Supported Container Platforms Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-platforms.md)
* [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)
### Image Update Policy
* We update the supported .NET images within 12 hours of any updates to their base images (e.g. debian:buster-slim, windows/nanoserver:ltsc2022, buildpack-deps:bionic-scm, etc.).
* We publish .NET images as part of releasing new versions of .NET including major/minor and servicing.
### Feedback
* [File an issue](https://github.com/dotnet/dotnet-docker/issues/new/choose)
* [Contact Microsoft Support](https://support.microsoft.com/contactus/)
## License
* Legal Notice: [Container License Information](https://aka.ms/mcr/osslegalnotice)
* [.NET license](https://github.com/dotnet/dotnet-docker/blob/main/LICENSE)
* [Discover licensing for Linux image contents](https://github.com/dotnet/dotnet-docker/blob/main/documentation/image-artifact-details.md)
* [Windows base image license](https://docs.microsoft.com/virtualization/windowscontainers/images-eula) (only applies to Windows containers)
* [Pricing and licensing for Windows Server 2019](https://www.microsoft.com/cloud-platform/windows-server-pricing)

193
.woodpecker/build.yml Normal file
View File

@ -0,0 +1,193 @@
platform: linux/amd64
# pipeline:
# build:
# image: docker
# commands:
# - sleep 15
# # - until docker info; do sleep 1; done
# - docker --tls=false ps
# # - docker buildx create --use --name mybuilder
# - docker build --tls=false --rm -t samples/aspnetapp:latest -f samples/dotnetapp/Dockerfile .
# environment:
# - DOCKER_HOST=tcp://docker:2376
# - DOCKER_TLS_VERIFY=0
# - DOCKER_TLS_CERTDIR="/certs"
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock
# - /etc/ssl/certs:/etc/ssl/certs
# build_aspnet:
# image: docker
# settings:
# dockerfile: samples/aspnetapp/Dockerfile
# context: samples/aspnetapp
# environment:
# - DOCKER_HOST=tcp://docker:2376
# services:
# docker:
# image: docker:dind
# command: [ "--storage-driver=vfs", "--tls=false"]
# privileged: true
pipeline:
publish-docker-image:
image: plugins/kaniko
settings:
registry: harbor.tdology.com
repo: harbor.tdology.com/sztest/aspnetapp
tags: latest,v1-${CI_COMMIT_SHA:0:8}
dockerfile: samples/aspnetapp/Dockerfile
context: samples/aspnetapp
username:
from_secret: username
password:
from_secret: pwd
# environment:
# - KUBERNETES_SERVER=https://kubernetes
# - KUBERNETES_CERT=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUyTnpjNE1UWXdNREl3SGhjTk1qTXdNekF6TURRd01EQXlXaGNOTXpNd01qSTRNRFF3TURBeQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUyTnpjNE1UWXdNREl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTZnY5ZjlWcElORlBHRDJ3TWx1VnlVRENoc043d2I0SlhweldWMlZKMDMKQU10M2pqaE5lTHVtYnYrZW1uRWVtdnpJRnBxcUd5REFDVTJmNUhwUE9qRUFvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVTlNV3cyTCtXemV2eWNMQ3UwRHh3CjZGMks5Z0l3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUk3VTRXL2h1VEdOSlpPZDVHNW1nOUFDeHhYTEJVd0kKR2VocFlpS2lWS2pZQWlBWVNpSjdmc1RoTW02QTJ1YS9UdVArMFdnZmVacjJidjZpbW5GcEY1K3RPUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
# - KUBERNETES_TOKEN=eyJhbGciOiJSUzI1NiIsImtpZCI6InNRZ200MzJRVVBVWEdWNUY1VjhjSzlOdjd0dFpoMVc4VERiR2Y5d3EtUjQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJ3dWtvbmciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoid3Vrb25nLXNlY3JldCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJ3dWtvbmctc2EiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhNmZkZWFkMy0wYjdiLTQ4YjUtOWM0OS03MzkwYzAyOTAwZjEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6d3Vrb25nOnd1a29uZy1zYSJ9.Mn0X2myPuTKQ-9UOaWMy6Mh2TtED_FNs_2RafE1vaoqRSwpiSW2Gs7wxR8xAawPyg1m9G9pOTdgqR70V4eLNmHX3pGgCuEvj4-1ZPQEgTTyIqqOXlw_y1MrhrGx1mRbJuoe6N6Hs_wZZYtl3M1nym-lC4zSsOGgSt5c8sXM7CcchED_aKydhHybGUj21wZ-5mmM3BNvOHSIDvQy4r44pwXDMc8y3CkXfos5hpAS9DkrktQq1_o-TsKg5XrGS-w5oGPRND2j7-EmbJRa7JpsQL5dJc1V4ZT8WYsBlP5nhrdroVT_k-11-OVOTEwRGsq-SvQwK9GxNiGXt4Ci4U9YTgQ
# services:
# kubectl:
# image: harbor.tdology.com/drone/plugins/kubectl
# settings:
# kubernetes_server:
# from_secret: test_server
# kubernetes_cert:
# from_secret: test_cert
# kubernetes_token:
# from_secret: test_token
# ---
# kind: pipeline
# name: arm64
# name: dotnet-arm64
# platform:
# os: linux
# arch: arm64
# steps:
# - name: build_dotnet
# image: plugins/docker
# pull: if-not-exists
# settings:
# registry: gitea.td.com
# username: gitea_admin
# insecure: true
# mirror: https://harbor.tdology.com
# password: r8sA8CPHD9!bt6d
# mtu: 1400
# tags:
# - dotnet-linux-arm64
# buildkit_config: |
# [registry."gitea.td.com"]
# http = true
# insecure = true
# repo: gitea.td.com/gitea_admin/dotnet-docker
# insecure: true
# mirror: https://harbor.tdology.com
# dockerfile: samples/dotnetapp/Dockerfile
# context: samples/dotnetapp
# - name: build_aspnet
# image: plugins/docker
# pull: if-not-exists
# settings:
# registry: gitea.td.com
# username: gitea_admin
# insecure: true
# mirror: https://harbor.tdology.com
# password: r8sA8CPHD9!bt6d
# mtu: 1400
# tags:
# - aspnet-linux-arm64
# buildkit_config: |
# [registry."gitea.td.com"]
# http = true
# insecure = true
# repo: gitea.td.com/gitea_admin/dotnet-docker
# insecure: true
# mirror: https://harbor.tdology.com
# dockerfile: samples/aspnetapp/Dockerfile
# context: samples/aspnetapp
# ---
# kind: pipeline
# name: manifest
# depends_on:
# - dotnet-amd64
# - dotnet-arm64
# steps:
# - name: manifestdotnet
# image: plugins/manifest
# pull: if-not-exists
# settings:
# username: gitea_admin
# password: r8sA8CPHD9!bt6d
# insecure: true
# platforms:
# - linux/amd64
# - linux/arm64
# target: gitea.td.com/gitea_admin/dotnet-docker:dotnet
# template: gitea.td.com/gitea_admin/dotnet-docker:dotnet-OS-ARCH
# - name: manifestaspnet
# image: plugins/manifest
# pull: if-not-exists
# settings:
# username: gitea_admin
# password: r8sA8CPHD9!bt6d
# insecure: true
# platforms:
# - linux/amd64
# - linux/arm64
# target: gitea.td.com/gitea_admin/dotnet-docker:aspnet
# template: gitea.td.com/gitea_admin/dotnet-docker:aspnet-OS-ARCH
# ---
# kind: pipeline
# name: deploy
# depends_on:
# - manifest
# steps:
# - name: deploy
# image: harbor.tdology.com/drone/plugins/kubectl
# pull: if-not-exists
# settings:
# username: admin
# password:
# from_secret: harbot_sec
# kubernetes_server:
# from_secret: test_server
# kubernetes_cert:
# from_secret: test_cert
# kubernetes_token:
# from_secret: test_token
# commands:
# - kubectl apply -f k8s/deploy.yaml
# - kubectl apply -f k8s/service.yaml
# - kubectl -n wukong rollout restart deployment aspnet-amd64
# - kubectl -n wukong rollout status deployment aspnet-amd64
# - kubectl -n wukong rollout restart deployment aspnet-arm64
# - kubectl -n wukong rollout status deployment aspnet-arm64
# - kubectl -n wukong rollout restart deployment dotnet-amd64
# - kubectl -n wukong rollout status deployment dotnet-amd64
# - kubectl -n wukong rollout restart deployment dotnet-arm64
# - kubectl -n wukong rollout status deployment dotnet-arm64

20
.woodpecker/deploy.yml Normal file
View File

@ -0,0 +1,20 @@
depends_on:
- build
# skip_clone: true
pipeline:
deploy:
image: harbor.tdology.com/drone/plugins/kubectl
commands:
- kubectl apply -f k8s/deploy.yaml
- kubectl apply -f k8s/service.yaml
secrets:
- source: test_server
target: kubernetes_server
- source: test_cert
target: kubernetes_cert
- source: test_token
target: kubernetes_token

6
CODE-OF-CONDUCT.md Normal file
View File

@ -0,0 +1,6 @@
# Code of Conduct
This project has adopted the code of conduct defined by the Contributor Covenant
to clarify expected behavior in our community.
For more information, see the [.NET Foundation Code of Conduct](https://dotnetfoundation.org/code-of-conduct).

4
CODEOWNERS Normal file
View File

@ -0,0 +1,4 @@
# Users referenced in this file will automatically be requested as reviewers for PRs that modify the given paths.
# See https://help.github.com/articles/about-code-owners/
* @MichaelSimons @mthalman @lbussell

95
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,95 @@
# Contributing
See [dotnet/runtime Contributing](https://github.com/dotnet/runtime/blob/master/CONTRIBUTING.md) for information about coding styles, source structure, making pull requests, and more.
## Branches
When making PRs, all source code changes (e.g. Dockerfiles, tests, and infrastructure) should be made in the [nightly branch](https://github.com/dotnet/dotnet-docker/tree/nightly). Only changes to the samples and documentation will be accepted against the [main branch](https://github.com/dotnet/dotnet-docker/tree/main).
## Workflow Instructions
### Building
The [`build-and-test.ps1`](https://github.com/dotnet/dotnet-docker/blob/main/build-and-test.ps1) script will build and test the .NET Docker images. Given the matrix of supported .NET versions, distros, and architectures there are numerous Dockerfiles and building can take a while. To make this manageable, the script supports several options for filtering down what images get built and tested.
- Build and test all of the .NET 6.0 images for the Docker platform your machine is targeting (e.g. linux/x64, linux/arm, linux/arm64, windows/x64).
``` console
> ./build-and-test.ps1 -Version 6.0
```
- Build the 6.0 Nano Server 1809 images
``` console
> ./build-and-test.ps1 -Version 6.0 -OS nanoserver-1809 -Mode Build
```
- Build and test the samples
``` console
> ./build-and-test.ps1 -Path *samples* -TestCategories sample
```
- Test the 6.0 Ubuntu Jammy images for the current architecture (e.g. x64, arm, arm64).
``` console
> ./build-and-test.ps1 -Version 6.0 -OS jammy -Mode Test
```
### Editing Dockerfiles
The [Dockerfiles](https://github.com/search?q=repo%3Adotnet%2Fdotnet-docker+filename%3ADockerfile&type=Code&ref=advsearch&l=&l=) contained in this repo are generated from a set of [Cottle](https://cottle.readthedocs.io/en/stable/page/01-overview.html) based [templates](https://github.com/dotnet/dotnet-docker/tree/main/eng/dockerfile-templates). A single template generates the set of Dockerfiles that are similar (e.g. all Windows sdk Dockerfiles for a particular .NET version). This ensures consistency across the various Dockerfiles and eases the burden of making changes to the Dockerfiles. Instead of editing the Dockerfiles directly, the templates should be updated and then the Dockerfiles should get regenerated by running the [generate Dockerfiles script](https://github.com/dotnet/dotnet-docker/blob/main/eng/dockerfile-templates/Get-GeneratedDockerfiles.ps1).
### Editing READMEs
The [READMEs](https://github.com/search?q=repo%3Adotnet%2Fdotnet-docker+filename%3AREADME+path%3A%2F&type=Code&ref=advsearch&l=&l=) contained in this repo are used as the descriptions for the Docker repositories the images are published to. Just like the Dockerfiles, the READMEs are generated from a set of [Cottle](https://cottle.readthedocs.io/en/stable/page/01-overview.html) based [templates](https://github.com/dotnet/dotnet-docker/tree/main/eng/readme-templates). This ensures consistency across the various READMEs and eases the burden of making changes. Instead of editing the READMEs directly, the templates should be updated and then the READMEs should get regenerated by running the [generate READMEs script](https://github.com/dotnet/dotnet-docker/blob/main/eng/readme-templates/Get-GeneratedReadmes.ps1).
### Tests
There are two basic types of [tests](https://github.com/dotnet/dotnet-docker/tree/main/tests) for each of the images produced from this repo.
1. Unit tests that validate the static state of images. This includes things like verifing which environment variables are defined.
1. Scenario tests that validate basic usage scenarios. For example the SDK image is used to create, build and run a new console app.
When editing Dockerfiles, please ensure the appropriate test changes are also made.
### Metadata Changes
The [`manifest.json`](https://github.com/dotnet/dotnet-docker/blob/main/manifest.json) contains metadata used by the engineering infrastructure to build and publish the images. It includes information such as:
- Dockerfiles to build
- Image Tags
- Manifest/shared tags to create and which images they reference
- Docker repositories to publish the images to
- Dockerfile templates used to generate the Dockerfiles
- etc.
When adding or removing Dockerfiles, it is important to update the `manifest.json` accordingly.
### Updating Product Versions
Updating the product versions (e.g. .NET runtime, ASP.NET runtime, PowerShell, etc.) contained within the images is typically performed by automation. All of the product version information is stored in the [`manifest.versions.json`](https://github.com/dotnet/dotnet-docker/blob/main/manifest.versions.json) file. The Dockerfile templates reference the product versions numbers and checksums from this file. Updating a product version involves updating the `manifest.versions.json` and regenerating the Dockerfiles. If there are cases where you need to update a product version, you can use the [update-dependencies](https://github.com/dotnet/dotnet-docker/tree/main/eng/update-dependencies) tool. The tool will do the following:
1. Update the product versions and checksums stored in `manifest.versions.json`
1. Regenerate the Dockerfiles
1. Update the tags listing in the readmes
The following examples illustrate how to run `update-dependencies`:
- Update the 6.0 product versions (uses a helper script for running update-dependencies)
``` console
> ./eng/Set-DotnetVersions.ps1 -ProductVersion 6.0 -SdkVersion 6.0.404 -RuntimeVersion 6.0.12 -AspnetVersion 6.0.12
```
- Update the .NET Monitor version (uses a helper script for running update-dependencies)
``` console
> ./eng/Set-DotnetVersions.ps1 -ProductVersion 6.3 -MonitorVersion 6.3.1
```
- Update the PowerShell version used in the 6.0 images
``` console
> dotnet run --project .\eng\update-dependencies\ -- 6.0 --product-version powershell=7.2.7 --compute-shas
```

21
LICENSE Normal file
View File

@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2016 .NET Foundation
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

8
NuGet.config Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="dotnet-eng" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json" />
<add key="dotnet-public" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public/nuget/v3/index.json" />
</packageSources>
</configuration>

183
README.aspnet.md Normal file
View File

@ -0,0 +1,183 @@
# Featured Tags
* `7.0` (Standard Support)
* `docker pull mcr.microsoft.com/dotnet/aspnet:7.0`
* `6.0` (Long-Term Support)
* `docker pull mcr.microsoft.com/dotnet/aspnet:6.0`
# About
This image contains the ASP.NET Core and .NET runtimes and libraries and is optimized for running ASP.NET Core apps in production.
Watch [discussions](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) for Docker-related .NET announcements.
# Usage
The [.NET Docker samples](https://github.com/dotnet/dotnet-docker/blob/main/samples/README.md) show various ways to use .NET and Docker together. See [Building Docker Images for .NET Applications](https://docs.microsoft.com/dotnet/core/docker/building-net-docker-images) to learn more.
## Container sample: Run a web application
You can quickly run a container with a pre-built [.NET Docker image](https://hub.docker.com/_/microsoft-dotnet-samples/), based on the [ASP.NET Core sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/README.md).
Type the following command to run a sample web application:
```console
docker run -it --rm -p 8000:80 --name aspnetcore_sample mcr.microsoft.com/dotnet/samples:aspnetapp
```
After the application starts, navigate to `http://localhost:8000` in your web browser.
See [Hosting ASP.NET Core Images with Docker over HTTPS](https://github.com/dotnet/dotnet-docker/blob/main/samples/host-aspnetcore-https.md) to use HTTPS with this image.
# Related Repositories
.NET:
* [dotnet](https://hub.docker.com/_/microsoft-dotnet/): .NET
* [dotnet/sdk](https://hub.docker.com/_/microsoft-dotnet-sdk/): .NET SDK
* [dotnet/runtime](https://hub.docker.com/_/microsoft-dotnet-runtime/): .NET Runtime
* [dotnet/runtime-deps](https://hub.docker.com/_/microsoft-dotnet-runtime-deps/): .NET Runtime Dependencies
* [dotnet/monitor](https://hub.docker.com/_/microsoft-dotnet-monitor/): .NET Monitor Tool
* [dotnet/samples](https://hub.docker.com/_/microsoft-dotnet-samples/): .NET Samples
* [dotnet/nightly/aspnet](https://hub.docker.com/_/microsoft-dotnet-nightly-aspnet/): ASP.NET Core Runtime (Preview)
.NET Framework:
* [dotnet/framework](https://hub.docker.com/_/microsoft-dotnet-framework/): .NET Framework, ASP.NET and WCF
* [dotnet/framework/samples](https://hub.docker.com/_/microsoft-dotnet-framework-samples/): .NET Framework, ASP.NET and WCF Samples
# Full Tag Listing
## Linux amd64 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
7.0.5-bullseye-slim-amd64, 7.0-bullseye-slim-amd64, 7.0.5-bullseye-slim, 7.0-bullseye-slim, 7.0.5, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/7.0/bullseye-slim/amd64/Dockerfile) | Debian 11
7.0.5-alpine3.17-amd64, 7.0-alpine3.17-amd64, 7.0-alpine-amd64, 7.0.5-alpine3.17, 7.0-alpine3.17, 7.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/7.0/alpine3.17/amd64/Dockerfile) | Alpine 3.17
7.0.5-jammy-amd64, 7.0-jammy-amd64, 7.0.5-jammy, 7.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/7.0/jammy/amd64/Dockerfile) | Ubuntu 22.04
6.0.16-bullseye-slim-amd64, 6.0-bullseye-slim-amd64, 6.0.16-bullseye-slim, 6.0-bullseye-slim, 6.0.16, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/bullseye-slim/amd64/Dockerfile) | Debian 11
6.0.16-alpine3.17-amd64, 6.0-alpine3.17-amd64, 6.0-alpine-amd64, 6.0.16-alpine3.17, 6.0-alpine3.17, 6.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/alpine3.17/amd64/Dockerfile) | Alpine 3.17
6.0.16-jammy-amd64, 6.0-jammy-amd64, 6.0.16-jammy, 6.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/jammy/amd64/Dockerfile) | Ubuntu 22.04
6.0.16-focal-amd64, 6.0-focal-amd64, 6.0.16-focal, 6.0-focal | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/focal/amd64/Dockerfile) | Ubuntu 20.04
##### .NET 8 Preview Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
8.0.0-preview.3-bookworm-slim-amd64, 8.0-preview-bookworm-slim-amd64, 8.0.0-preview.3-bookworm-slim, 8.0-preview-bookworm-slim, 8.0.0-preview.3, 8.0-preview | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/bookworm-slim/amd64/Dockerfile) | Debian 12
8.0.0-preview.3-alpine3.17-amd64, 8.0-preview-alpine3.17-amd64, 8.0-preview-alpine-amd64, 8.0.0-preview.3-alpine3.17, 8.0-preview-alpine3.17, 8.0-preview-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/alpine3.17/amd64/Dockerfile) | Alpine 3.17
8.0.0-preview.3-jammy-amd64, 8.0-preview-jammy-amd64, 8.0.0-preview.3-jammy, 8.0-preview-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/jammy/amd64/Dockerfile) | Ubuntu 22.04
8.0.0-preview.3-jammy-chiseled-amd64, 8.0-preview-jammy-chiseled-amd64, 8.0.0-preview.3-jammy-chiseled, 8.0-preview-jammy-chiseled | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/jammy-chiseled/amd64/Dockerfile) | Ubuntu 22.04
## Linux arm64 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
7.0.5-bullseye-slim-arm64v8, 7.0-bullseye-slim-arm64v8, 7.0.5-bullseye-slim, 7.0-bullseye-slim, 7.0.5, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/7.0/bullseye-slim/arm64v8/Dockerfile) | Debian 11
7.0.5-alpine3.17-arm64v8, 7.0-alpine3.17-arm64v8, 7.0-alpine-arm64v8, 7.0.5-alpine3.17, 7.0-alpine3.17, 7.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/7.0/alpine3.17/arm64v8/Dockerfile) | Alpine 3.17
7.0.5-jammy-arm64v8, 7.0-jammy-arm64v8, 7.0.5-jammy, 7.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/7.0/jammy/arm64v8/Dockerfile) | Ubuntu 22.04
6.0.16-bullseye-slim-arm64v8, 6.0-bullseye-slim-arm64v8, 6.0.16-bullseye-slim, 6.0-bullseye-slim, 6.0.16, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/bullseye-slim/arm64v8/Dockerfile) | Debian 11
6.0.16-alpine3.17-arm64v8, 6.0-alpine3.17-arm64v8, 6.0-alpine-arm64v8, 6.0.16-alpine3.17, 6.0-alpine3.17, 6.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/alpine3.17/arm64v8/Dockerfile) | Alpine 3.17
6.0.16-jammy-arm64v8, 6.0-jammy-arm64v8, 6.0.16-jammy, 6.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/jammy/arm64v8/Dockerfile) | Ubuntu 22.04
6.0.16-focal-arm64v8, 6.0-focal-arm64v8, 6.0.16-focal, 6.0-focal | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/focal/arm64v8/Dockerfile) | Ubuntu 20.04
##### .NET 8 Preview Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
8.0.0-preview.3-bookworm-slim-arm64v8, 8.0-preview-bookworm-slim-arm64v8, 8.0.0-preview.3-bookworm-slim, 8.0-preview-bookworm-slim, 8.0.0-preview.3, 8.0-preview | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/bookworm-slim/arm64v8/Dockerfile) | Debian 12
8.0.0-preview.3-alpine3.17-arm64v8, 8.0-preview-alpine3.17-arm64v8, 8.0-preview-alpine-arm64v8, 8.0.0-preview.3-alpine3.17, 8.0-preview-alpine3.17, 8.0-preview-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/alpine3.17/arm64v8/Dockerfile) | Alpine 3.17
8.0.0-preview.3-jammy-arm64v8, 8.0-preview-jammy-arm64v8, 8.0.0-preview.3-jammy, 8.0-preview-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/jammy/arm64v8/Dockerfile) | Ubuntu 22.04
8.0.0-preview.3-jammy-chiseled-arm64v8, 8.0-preview-jammy-chiseled-arm64v8, 8.0.0-preview.3-jammy-chiseled, 8.0-preview-jammy-chiseled | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/jammy-chiseled/arm64v8/Dockerfile) | Ubuntu 22.04
## Linux arm32 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
7.0.5-bullseye-slim-arm32v7, 7.0-bullseye-slim-arm32v7, 7.0.5-bullseye-slim, 7.0-bullseye-slim, 7.0.5, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/7.0/bullseye-slim/arm32v7/Dockerfile) | Debian 11
7.0.5-alpine3.17-arm32v7, 7.0-alpine3.17-arm32v7, 7.0-alpine-arm32v7, 7.0.5-alpine3.17, 7.0-alpine3.17, 7.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/7.0/alpine3.17/arm32v7/Dockerfile) | Alpine 3.17
7.0.5-jammy-arm32v7, 7.0-jammy-arm32v7, 7.0.5-jammy, 7.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/7.0/jammy/arm32v7/Dockerfile) | Ubuntu 22.04
6.0.16-bullseye-slim-arm32v7, 6.0-bullseye-slim-arm32v7, 6.0.16-bullseye-slim, 6.0-bullseye-slim, 6.0.16, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/bullseye-slim/arm32v7/Dockerfile) | Debian 11
6.0.16-alpine3.17-arm32v7, 6.0-alpine3.17-arm32v7, 6.0-alpine-arm32v7, 6.0.16-alpine3.17, 6.0-alpine3.17, 6.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/alpine3.17/arm32v7/Dockerfile) | Alpine 3.17
6.0.16-jammy-arm32v7, 6.0-jammy-arm32v7, 6.0.16-jammy, 6.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/jammy/arm32v7/Dockerfile) | Ubuntu 22.04
6.0.16-focal-arm32v7, 6.0-focal-arm32v7, 6.0.16-focal, 6.0-focal | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/focal/arm32v7/Dockerfile) | Ubuntu 20.04
##### .NET 8 Preview Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
8.0.0-preview.3-bookworm-slim-arm32v7, 8.0-preview-bookworm-slim-arm32v7, 8.0.0-preview.3-bookworm-slim, 8.0-preview-bookworm-slim, 8.0.0-preview.3, 8.0-preview | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/bookworm-slim/arm32v7/Dockerfile) | Debian 12
8.0.0-preview.3-alpine3.17-arm32v7, 8.0-preview-alpine3.17-arm32v7, 8.0-preview-alpine-arm32v7, 8.0.0-preview.3-alpine3.17, 8.0-preview-alpine3.17, 8.0-preview-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/alpine3.17/arm32v7/Dockerfile) | Alpine 3.17
8.0.0-preview.3-jammy-arm32v7, 8.0-preview-jammy-arm32v7, 8.0.0-preview.3-jammy, 8.0-preview-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/jammy/arm32v7/Dockerfile) | Ubuntu 22.04
8.0.0-preview.3-jammy-chiseled-arm32v7, 8.0-preview-jammy-chiseled-arm32v7, 8.0.0-preview.3-jammy-chiseled, 8.0-preview-jammy-chiseled | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/jammy-chiseled/arm32v7/Dockerfile) | Ubuntu 22.04
## Nano Server 2022 amd64 Tags
Tag | Dockerfile
---------| ---------------
7.0.5-nanoserver-ltsc2022, 7.0-nanoserver-ltsc2022, 7.0.5, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/7.0/nanoserver-ltsc2022/amd64/Dockerfile)
6.0.16-nanoserver-ltsc2022, 6.0-nanoserver-ltsc2022, 6.0.16, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/nanoserver-ltsc2022/amd64/Dockerfile)
##### .NET 8 Preview Tags
Tag | Dockerfile
---------| ---------------
8.0.0-preview.3-nanoserver-ltsc2022, 8.0-preview-nanoserver-ltsc2022 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/nanoserver-ltsc2022/amd64/Dockerfile)
## Windows Server Core 2022 amd64 Tags
Tag | Dockerfile
---------| ---------------
7.0.5-windowsservercore-ltsc2022, 7.0-windowsservercore-ltsc2022 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/7.0/windowsservercore-ltsc2022/amd64/Dockerfile)
6.0.16-windowsservercore-ltsc2022, 6.0-windowsservercore-ltsc2022 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/windowsservercore-ltsc2022/amd64/Dockerfile)
##### .NET 8 Preview Tags
Tag | Dockerfile
---------| ---------------
8.0.0-preview.3-windowsservercore-ltsc2022, 8.0-preview-windowsservercore-ltsc2022 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/windowsservercore-ltsc2022/amd64/Dockerfile)
## Nano Server, version 1809 amd64 Tags
Tag | Dockerfile
---------| ---------------
7.0.5-nanoserver-1809, 7.0-nanoserver-1809, 7.0.5, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/7.0/nanoserver-1809/amd64/Dockerfile)
6.0.16-nanoserver-1809, 6.0-nanoserver-1809, 6.0.16, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/nanoserver-1809/amd64/Dockerfile)
##### .NET 8 Preview Tags
Tag | Dockerfile
---------| ---------------
8.0.0-preview.3-nanoserver-1809, 8.0-preview-nanoserver-1809 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/nanoserver-1809/amd64/Dockerfile)
## Windows Server Core 2019 amd64 Tags
Tag | Dockerfile
---------| ---------------
7.0.5-windowsservercore-ltsc2019, 7.0-windowsservercore-ltsc2019 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/7.0/windowsservercore-ltsc2019/amd64/Dockerfile)
6.0.16-windowsservercore-ltsc2019, 6.0-windowsservercore-ltsc2019 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/6.0/windowsservercore-ltsc2019/amd64/Dockerfile)
##### .NET 8 Preview Tags
Tag | Dockerfile
---------| ---------------
8.0.0-preview.3-windowsservercore-ltsc2019, 8.0-preview-windowsservercore-ltsc2019 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/aspnet/8.0/windowsservercore-ltsc2019/amd64/Dockerfile)
You can retrieve a list of all available tags for dotnet/aspnet at https://mcr.microsoft.com/v2/dotnet/aspnet/tags/list.
<!--End of generated tags-->
For tags contained in the old dotnet/core/aspnet repository, you can retrieve a list of those tags at https://mcr.microsoft.com/v2/dotnet/core/aspnet/tags/list.
*Tags not listed in the table above are not supported. See the [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)*
# Support
## Lifecycle
* [Microsoft Support for .NET](https://github.com/dotnet/core/blob/main/microsoft-support.md)
* [Supported Container Platforms Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-platforms.md)
* [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)
## Image Update Policy
* We update the supported .NET images within 12 hours of any updates to their base images (e.g. debian:buster-slim, windows/nanoserver:ltsc2022, buildpack-deps:bionic-scm, etc.).
* We publish .NET images as part of releasing new versions of .NET including major/minor and servicing.
## Feedback
* [File an issue](https://github.com/dotnet/dotnet-docker/issues/new/choose)
* [Contact Microsoft Support](https://support.microsoft.com/contactus/)
# License
* Legal Notice: [Container License Information](https://aka.ms/mcr/osslegalnotice)
* [.NET license](https://github.com/dotnet/dotnet-docker/blob/main/LICENSE)
* [Discover licensing for Linux image contents](https://github.com/dotnet/dotnet-docker/blob/main/documentation/image-artifact-details.md)
* [Windows base image license](https://docs.microsoft.com/virtualization/windowscontainers/images-eula) (only applies to Windows containers)
* [Pricing and licensing for Windows Server 2019](https://www.microsoft.com/cloud-platform/windows-server-pricing)

92
README.md Normal file
View File

@ -0,0 +1,92 @@
# Featured Repos
* [dotnet/sdk](https://hub.docker.com/_/microsoft-dotnet-sdk/): .NET SDK
* [dotnet/aspnet](https://hub.docker.com/_/microsoft-dotnet-aspnet/): ASP.NET Core Runtime
* [dotnet/runtime](https://hub.docker.com/_/microsoft-dotnet-runtime/): .NET Runtime
* [dotnet/runtime-deps](https://hub.docker.com/_/microsoft-dotnet-runtime-deps/): .NET Runtime Dependencies
* [dotnet/monitor](https://hub.docker.com/_/microsoft-dotnet-monitor/): .NET Monitor Tool
* [dotnet/samples](https://hub.docker.com/_/microsoft-dotnet-samples/): .NET Samples
# About
[.NET](https://docs.microsoft.com/dotnet/core/) is a general purpose development platform maintained by Microsoft and the .NET community on [GitHub](https://github.com/dotnet/core). It is cross-platform, supports Windows, macOS, and Linux, and can be used in device, cloud, and embedded/IoT scenarios.
.NET has several capabilities that make development productive, including automatic memory management, (runtime) generic types, reflection, [asynchronous constructs](https://learn.microsoft.com/dotnet/csharp/async), concurrency, and native interop. Millions of developers take advantage of these capabilities to efficiently build high-quality applications.
You can use C# or F# to write .NET apps.
- [C#](https://docs.microsoft.com/dotnet/csharp/) is powerful, type-safe, and object-oriented while retaining the expressiveness and elegance of C-style languages. Anyone familiar with C and similar languages will find it straightforward to write in C#.
- [F#](https://docs.microsoft.com/dotnet/fsharp/) is a cross-platform, open-source, functional programming language for .NET. It also includes object-oriented and imperative programming.
[.NET](https://github.com/dotnet/core) is open source (MIT and Apache 2 licenses) and was contributed to the [.NET Foundation](http://dotnetfoundation.org) by Microsoft in 2014. It can be freely adopted by individuals and companies, including for personal, academic or commercial purposes. Multiple companies use .NET as part of apps, tools, new platforms and hosting services.
You are invited to [contribute new features](https://github.com/dotnet/core/blob/master/CONTRIBUTING.md), fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.
> https://docs.microsoft.com/dotnet/core/
Watch [discussions](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) for Docker-related .NET announcements.
# Usage
The [.NET Docker samples](https://github.com/dotnet/dotnet-docker/blob/main/samples/README.md) show various ways to use .NET and Docker together. See [Building Docker Images for .NET Applications](https://docs.microsoft.com/dotnet/core/docker/building-net-docker-images) to learn more.
## Container sample: Run a simple application
Enter the following command to run a console app in a container with a pre-built [.NET Docker image](https://hub.docker.com/_/microsoft-dotnet-samples/):
```console
docker run --rm mcr.microsoft.com/dotnet/samples
```
## Container sample: Run a web app
Enter the following command to run a console app in a container with a pre-built [.NET Docker image](https://hub.docker.com/_/microsoft-dotnet-samples/):
```console
docker run -it --rm -p 8000:80 --name aspnetcore_sample mcr.microsoft.com/dotnet/samples:aspnetapp
```
When the app starts, navigate to `http://localhost:8000` in a browser.
See [Hosting ASP.NET Core Images with Docker over HTTPS](https://github.com/dotnet/dotnet-docker/blob/main/samples/host-aspnetcore-https.md) to use HTTPS with this image.
# Related Repositories
.NET:
* [dotnet/nightly/sdk](https://hub.docker.com/_/microsoft-dotnet-nightly-sdk/): .NET SDK (Preview)
* [dotnet/nightly/aspnet](https://hub.docker.com/_/microsoft-dotnet-nightly-aspnet/): ASP.NET Core Runtime (Preview)
* [dotnet/nightly/runtime](https://hub.docker.com/_/microsoft-dotnet-nightly-runtime/): .NET Runtime (Preview)
* [dotnet/nightly/runtime-deps](https://hub.docker.com/_/microsoft-dotnet-nightly-runtime-deps/): .NET Runtime Dependencies (Preview)
* [dotnet/nightly/monitor](https://hub.docker.com/_/microsoft-dotnet-nightly-monitor/): .NET Monitor Tool (Preview)
.NET Framework:
* [dotnet/framework](https://hub.docker.com/_/microsoft-dotnet-framework/): .NET Framework, ASP.NET and WCF
* [dotnet/framework/samples](https://hub.docker.com/_/microsoft-dotnet-framework-samples/): .NET Framework, ASP.NET and WCF Samples
# Support
## Lifecycle
* [Microsoft Support for .NET](https://github.com/dotnet/core/blob/main/microsoft-support.md)
* [Supported Container Platforms Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-platforms.md)
* [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)
## Image Update Policy
* We update the supported .NET images within 12 hours of any updates to their base images (e.g. debian:buster-slim, windows/nanoserver:ltsc2022, buildpack-deps:bionic-scm, etc.).
* We publish .NET images as part of releasing new versions of .NET including major/minor and servicing.
## Feedback
* [File an issue](https://github.com/dotnet/dotnet-docker/issues/new/choose)
* [Contact Microsoft Support](https://support.microsoft.com/contactus/)
# License
* Legal Notice: [Container License Information](https://aka.ms/mcr/osslegalnotice)
* [.NET license](https://github.com/dotnet/dotnet-docker/blob/main/LICENSE)
* [Discover licensing for Linux image contents](https://github.com/dotnet/dotnet-docker/blob/main/documentation/image-artifact-details.md)
* [Windows base image license](https://docs.microsoft.com/virtualization/windowscontainers/images-eula) (only applies to Windows containers)
* [Pricing and licensing for Windows Server 2019](https://www.microsoft.com/cloud-platform/windows-server-pricing)

98
README.monitor.md Normal file
View File

@ -0,0 +1,98 @@
# Featured Tags
* `7` (Standard Support)
* `docker pull mcr.microsoft.com/dotnet/monitor:7`
* `6` (Long-Term Support)
* `docker pull mcr.microsoft.com/dotnet/monitor:6`
# About
This image contains the .NET Monitor tool.
Use this image as a sidecar container to collect diagnostic information from other containers running .NET Core 3.1 or later processes.
Watch [discussions](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) for Docker-related .NET announcements.
# Usage
The [.NET Docker samples](https://github.com/dotnet/dotnet-docker/blob/main/samples/README.md) show various ways to use .NET and Docker together. See [Building Docker Images for .NET Applications](https://docs.microsoft.com/dotnet/core/docker/building-net-docker-images) to learn more.
## Container sample: Run the tool
You can run a container with a pre-built [.NET Docker Image](https://hub.docker.com/_/microsoft-dotnet-monitor/), based on the dotnet-monitor global tool.
See the [documentation](https://go.microsoft.com/fwlink/?linkid=2158052) for how to configure the image to be run in a Docker or Kubernetes environment, including how to configure authentication and certificates for https bindings.
# Related Repositories
.NET:
* [dotnet](https://hub.docker.com/_/microsoft-dotnet/): .NET
* [dotnet/sdk](https://hub.docker.com/_/microsoft-dotnet-sdk/): .NET SDK
* [dotnet/aspnet](https://hub.docker.com/_/microsoft-dotnet-aspnet/): ASP.NET Core Runtime
* [dotnet/runtime](https://hub.docker.com/_/microsoft-dotnet-runtime/): .NET Runtime
* [dotnet/runtime-deps](https://hub.docker.com/_/microsoft-dotnet-runtime-deps/): .NET Runtime Dependencies
* [dotnet/samples](https://hub.docker.com/_/microsoft-dotnet-samples/): .NET Samples
* [dotnet/nightly/monitor](https://hub.docker.com/_/microsoft-dotnet-nightly-monitor/): .NET Monitor Tool (Preview)
.NET Framework:
* [dotnet/framework](https://hub.docker.com/_/microsoft-dotnet-framework/): .NET Framework, ASP.NET and WCF
* [dotnet/framework/samples](https://hub.docker.com/_/microsoft-dotnet-framework-samples/): .NET Framework, ASP.NET and WCF Samples
# Full Tag Listing
## Linux amd64 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
7.1.1-alpine-amd64, 7.1-alpine-amd64, 7-alpine-amd64, 7.1.1-alpine, 7.1-alpine, 7-alpine, 7.1.1, 7.1, 7, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/monitor/7.1/alpine/amd64/Dockerfile) | Alpine 3.17
7.0.2-alpine-amd64, 7.0-alpine-amd64, 7.0.2-alpine, 7.0-alpine, 7.0.2, 7.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/monitor/7.0/alpine/amd64/Dockerfile) | Alpine 3.17
6.3.2-alpine-amd64, 6.3-alpine-amd64, 6-alpine-amd64, 6.3.2-alpine, 6.3-alpine, 6-alpine, 6.3.2, 6.3, 6 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/monitor/6.3/alpine/amd64/Dockerfile) | Alpine 3.17
##### .NET Monitor 8 Preview Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
8.0.0-preview.3-ubuntu-chiseled-amd64, 8.0-preview-ubuntu-chiseled-amd64, 8-preview-ubuntu-chiseled-amd64, 8.0.0-preview.3-ubuntu-chiseled, 8.0-preview-ubuntu-chiseled, 8-preview-ubuntu-chiseled, 8.0.0-preview.3, 8.0-preview, 8-preview | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/monitor/8.0/ubuntu-chiseled/amd64/Dockerfile) | Ubuntu 22.04
## Linux arm64 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
7.1.1-alpine-arm64v8, 7.1-alpine-arm64v8, 7-alpine-arm64v8, 7.1.1-alpine, 7.1-alpine, 7-alpine, 7.1.1, 7.1, 7, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/monitor/7.1/alpine/arm64v8/Dockerfile) | Alpine 3.17
7.0.2-alpine-arm64v8, 7.0-alpine-arm64v8, 7.0.2-alpine, 7.0-alpine, 7.0.2, 7.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/monitor/7.0/alpine/arm64v8/Dockerfile) | Alpine 3.17
6.3.2-alpine-arm64v8, 6.3-alpine-arm64v8, 6-alpine-arm64v8, 6.3.2-alpine, 6.3-alpine, 6-alpine, 6.3.2, 6.3, 6 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/monitor/6.3/alpine/arm64v8/Dockerfile) | Alpine 3.17
##### .NET Monitor 8 Preview Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
8.0.0-preview.3-ubuntu-chiseled-arm64v8, 8.0-preview-ubuntu-chiseled-arm64v8, 8-preview-ubuntu-chiseled-arm64v8, 8.0.0-preview.3-ubuntu-chiseled, 8.0-preview-ubuntu-chiseled, 8-preview-ubuntu-chiseled, 8.0.0-preview.3, 8.0-preview, 8-preview | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/monitor/8.0/ubuntu-chiseled/arm64v8/Dockerfile) | Ubuntu 22.04
You can retrieve a list of all available tags for dotnet/monitor at https://mcr.microsoft.com/v2/dotnet/monitor/tags/list.
<!--End of generated tags-->
*Tags not listed in the table above are not supported. See the [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)*
# Support
## Lifecycle
* [Microsoft Support for .NET](https://github.com/dotnet/core/blob/main/microsoft-support.md)
* [Supported Container Platforms Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-platforms.md)
* [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)
## Image Update Policy
* We update the supported .NET images within 12 hours of any updates to their base images (e.g. debian:buster-slim, windows/nanoserver:ltsc2022, buildpack-deps:bionic-scm, etc.).
* We publish .NET images as part of releasing new versions of .NET including major/minor and servicing.
## Feedback
* [File an issue](https://github.com/dotnet/dotnet-docker/issues/new/choose)
* [Contact Microsoft Support](https://support.microsoft.com/contactus/)
# License
* Legal Notice: [Container License Information](https://aka.ms/mcr/osslegalnotice)
* [.NET license](https://github.com/dotnet/dotnet-docker/blob/main/LICENSE)
* [Discover licensing for Linux image contents](https://github.com/dotnet/dotnet-docker/blob/main/documentation/image-artifact-details.md)
* [Windows base image license](https://docs.microsoft.com/virtualization/windowscontainers/images-eula) (only applies to Windows containers)
* [Pricing and licensing for Windows Server 2019](https://www.microsoft.com/cloud-platform/windows-server-pricing)

127
README.runtime-deps.md Normal file
View File

@ -0,0 +1,127 @@
# Featured Tags
* `7.0` (Standard Support)
* `docker pull mcr.microsoft.com/dotnet/runtime-deps:7.0`
* `6.0` (Long-Term Support)
* `docker pull mcr.microsoft.com/dotnet/runtime-deps:6.0`
# About
This image contains the native dependencies needed by .NET. It does not include .NET. It is for [self-contained](https://docs.microsoft.com/dotnet/articles/core/deploying/index) applications.
Watch [discussions](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) for Docker-related .NET announcements.
# Usage
The [.NET Docker samples](https://github.com/dotnet/dotnet-docker/blob/main/samples/README.md) show various ways to use .NET and Docker together. See [Building Docker Images for .NET Applications](https://docs.microsoft.com/dotnet/core/docker/building-net-docker-images) to learn more.
* [.NET self-contained Sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/README.md) - This [sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/Dockerfile.debian-x64-slim) builds and runs an application as a self-contained application.
# Related Repositories
.NET:
* [dotnet](https://hub.docker.com/_/microsoft-dotnet/): .NET
* [dotnet/sdk](https://hub.docker.com/_/microsoft-dotnet-sdk/): .NET SDK
* [dotnet/aspnet](https://hub.docker.com/_/microsoft-dotnet-aspnet/): ASP.NET Core Runtime
* [dotnet/runtime](https://hub.docker.com/_/microsoft-dotnet-runtime/): .NET Runtime
* [dotnet/monitor](https://hub.docker.com/_/microsoft-dotnet-monitor/): .NET Monitor Tool
* [dotnet/samples](https://hub.docker.com/_/microsoft-dotnet-samples/): .NET Samples
* [dotnet/nightly/runtime-deps](https://hub.docker.com/_/microsoft-dotnet-nightly-runtime-deps/): .NET Runtime Dependencies (Preview)
.NET Framework:
* [dotnet/framework](https://hub.docker.com/_/microsoft-dotnet-framework/): .NET Framework, ASP.NET and WCF
* [dotnet/framework/samples](https://hub.docker.com/_/microsoft-dotnet-framework-samples/): .NET Framework, ASP.NET and WCF Samples
# Full Tag Listing
## Linux amd64 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
7.0.5-bullseye-slim-amd64, 7.0-bullseye-slim-amd64, 7.0.5, 7.0.5-bullseye-slim, 7.0, 7.0-bullseye-slim, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/bullseye-slim/amd64/Dockerfile) | Debian 11
7.0.5-alpine3.17-amd64, 7.0-alpine3.17-amd64, 7.0-alpine-amd64, 7.0.5-alpine3.17, 7.0-alpine3.17, 7.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/alpine3.17/amd64/Dockerfile) | Alpine 3.17
7.0.5-jammy-amd64, 7.0-jammy-amd64, 7.0.5-jammy, 7.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/jammy/amd64/Dockerfile) | Ubuntu 22.04
6.0.16-bullseye-slim-amd64, 6.0-bullseye-slim-amd64, 6.0.16, 6.0.16-bullseye-slim, 6.0, 6.0-bullseye-slim | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/bullseye-slim/amd64/Dockerfile) | Debian 11
6.0.16-alpine3.17-amd64, 6.0-alpine3.17-amd64, 6.0-alpine-amd64, 6.0.16-alpine3.17, 6.0-alpine3.17, 6.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/alpine3.17/amd64/Dockerfile) | Alpine 3.17
6.0.16-jammy-amd64, 6.0-jammy-amd64, 6.0.16-jammy, 6.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/jammy/amd64/Dockerfile) | Ubuntu 22.04
6.0.16-focal-amd64, 6.0-focal-amd64, 6.0.16-focal, 6.0-focal | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/focal/amd64/Dockerfile) | Ubuntu 20.04
##### .NET 8 Preview Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
8.0.0-preview.3-bookworm-slim-amd64, 8.0-preview-bookworm-slim-amd64, 8.0.0-preview.3, 8.0.0-preview.3-bookworm-slim, 8.0-preview, 8.0-preview-bookworm-slim | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/bookworm-slim/amd64/Dockerfile) | Debian 12
8.0.0-preview.3-alpine3.17-amd64, 8.0-preview-alpine3.17-amd64, 8.0-preview-alpine-amd64, 8.0.0-preview.3-alpine3.17, 8.0-preview-alpine3.17, 8.0-preview-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/alpine3.17/amd64/Dockerfile) | Alpine 3.17
8.0.0-preview.3-jammy-amd64, 8.0-preview-jammy-amd64, 8.0.0-preview.3-jammy, 8.0-preview-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/jammy/amd64/Dockerfile) | Ubuntu 22.04
8.0.0-preview.3-jammy-chiseled-amd64, 8.0-preview-jammy-chiseled-amd64, 8.0.0-preview.3-jammy-chiseled, 8.0-preview-jammy-chiseled | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile) | Ubuntu 22.04
## Linux arm64 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
7.0.5-bullseye-slim-arm64v8, 7.0-bullseye-slim-arm64v8, 7.0.5, 7.0.5-bullseye-slim, 7.0, 7.0-bullseye-slim, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/bullseye-slim/arm64v8/Dockerfile) | Debian 11
7.0.5-alpine3.17-arm64v8, 7.0-alpine3.17-arm64v8, 7.0-alpine-arm64v8, 7.0.5-alpine3.17, 7.0-alpine3.17, 7.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/alpine3.17/arm64v8/Dockerfile) | Alpine 3.17
7.0.5-jammy-arm64v8, 7.0-jammy-arm64v8, 7.0.5-jammy, 7.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/jammy/arm64v8/Dockerfile) | Ubuntu 22.04
6.0.16-bullseye-slim-arm64v8, 6.0-bullseye-slim-arm64v8, 6.0.16, 6.0.16-bullseye-slim, 6.0, 6.0-bullseye-slim | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/bullseye-slim/arm64v8/Dockerfile) | Debian 11
6.0.16-alpine3.17-arm64v8, 6.0-alpine3.17-arm64v8, 6.0-alpine-arm64v8, 6.0.16-alpine3.17, 6.0-alpine3.17, 6.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/alpine3.17/arm64v8/Dockerfile) | Alpine 3.17
6.0.16-jammy-arm64v8, 6.0-jammy-arm64v8, 6.0.16-jammy, 6.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/jammy/arm64v8/Dockerfile) | Ubuntu 22.04
6.0.16-focal-arm64v8, 6.0-focal-arm64v8, 6.0.16-focal, 6.0-focal | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/focal/arm64v8/Dockerfile) | Ubuntu 20.04
##### .NET 8 Preview Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
8.0.0-preview.3-bookworm-slim-arm64v8, 8.0-preview-bookworm-slim-arm64v8, 8.0.0-preview.3, 8.0.0-preview.3-bookworm-slim, 8.0-preview, 8.0-preview-bookworm-slim | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/bookworm-slim/arm64v8/Dockerfile) | Debian 12
8.0.0-preview.3-alpine3.17-arm64v8, 8.0-preview-alpine3.17-arm64v8, 8.0-preview-alpine-arm64v8, 8.0.0-preview.3-alpine3.17, 8.0-preview-alpine3.17, 8.0-preview-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/alpine3.17/arm64v8/Dockerfile) | Alpine 3.17
8.0.0-preview.3-jammy-arm64v8, 8.0-preview-jammy-arm64v8, 8.0.0-preview.3-jammy, 8.0-preview-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/jammy/arm64v8/Dockerfile) | Ubuntu 22.04
8.0.0-preview.3-jammy-chiseled-arm64v8, 8.0-preview-jammy-chiseled-arm64v8, 8.0.0-preview.3-jammy-chiseled, 8.0-preview-jammy-chiseled | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/jammy-chiseled/arm64v8/Dockerfile) | Ubuntu 22.04
## Linux arm32 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
7.0.5-bullseye-slim-arm32v7, 7.0-bullseye-slim-arm32v7, 7.0.5, 7.0.5-bullseye-slim, 7.0, 7.0-bullseye-slim, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/bullseye-slim/arm32v7/Dockerfile) | Debian 11
7.0.5-alpine3.17-arm32v7, 7.0-alpine3.17-arm32v7, 7.0-alpine-arm32v7, 7.0.5-alpine3.17, 7.0-alpine3.17, 7.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/alpine3.17/arm32v7/Dockerfile) | Alpine 3.17
7.0.5-jammy-arm32v7, 7.0-jammy-arm32v7, 7.0.5-jammy, 7.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/jammy/arm32v7/Dockerfile) | Ubuntu 22.04
6.0.16-bullseye-slim-arm32v7, 6.0-bullseye-slim-arm32v7, 6.0.16, 6.0.16-bullseye-slim, 6.0, 6.0-bullseye-slim | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/bullseye-slim/arm32v7/Dockerfile) | Debian 11
6.0.16-alpine3.17-arm32v7, 6.0-alpine3.17-arm32v7, 6.0-alpine-arm32v7, 6.0.16-alpine3.17, 6.0-alpine3.17, 6.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/alpine3.17/arm32v7/Dockerfile) | Alpine 3.17
6.0.16-jammy-arm32v7, 6.0-jammy-arm32v7, 6.0.16-jammy, 6.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/jammy/arm32v7/Dockerfile) | Ubuntu 22.04
6.0.16-focal-arm32v7, 6.0-focal-arm32v7, 6.0.16-focal, 6.0-focal | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/focal/arm32v7/Dockerfile) | Ubuntu 20.04
##### .NET 8 Preview Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
8.0.0-preview.3-bookworm-slim-arm32v7, 8.0-preview-bookworm-slim-arm32v7, 8.0.0-preview.3, 8.0.0-preview.3-bookworm-slim, 8.0-preview, 8.0-preview-bookworm-slim | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/bookworm-slim/arm32v7/Dockerfile) | Debian 12
8.0.0-preview.3-alpine3.17-arm32v7, 8.0-preview-alpine3.17-arm32v7, 8.0-preview-alpine-arm32v7, 8.0.0-preview.3-alpine3.17, 8.0-preview-alpine3.17, 8.0-preview-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/alpine3.17/arm32v7/Dockerfile) | Alpine 3.17
8.0.0-preview.3-jammy-arm32v7, 8.0-preview-jammy-arm32v7, 8.0.0-preview.3-jammy, 8.0-preview-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/jammy/arm32v7/Dockerfile) | Ubuntu 22.04
8.0.0-preview.3-jammy-chiseled-arm32v7, 8.0-preview-jammy-chiseled-arm32v7, 8.0.0-preview.3-jammy-chiseled, 8.0-preview-jammy-chiseled | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/jammy-chiseled/arm32v7/Dockerfile) | Ubuntu 22.04
You can retrieve a list of all available tags for dotnet/runtime-deps at https://mcr.microsoft.com/v2/dotnet/runtime-deps/tags/list.
<!--End of generated tags-->
For tags contained in the old dotnet/core/runtime-deps repository, you can retrieve a list of those tags at https://mcr.microsoft.com/v2/dotnet/core/runtime-deps/tags/list.
*Tags not listed in the table above are not supported. See the [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)*
# Support
## Lifecycle
* [Microsoft Support for .NET](https://github.com/dotnet/core/blob/main/microsoft-support.md)
* [Supported Container Platforms Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-platforms.md)
* [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)
## Image Update Policy
* We update the supported .NET images within 12 hours of any updates to their base images (e.g. debian:buster-slim, windows/nanoserver:ltsc2022, buildpack-deps:bionic-scm, etc.).
* We publish .NET images as part of releasing new versions of .NET including major/minor and servicing.
## Feedback
* [File an issue](https://github.com/dotnet/dotnet-docker/issues/new/choose)
* [Contact Microsoft Support](https://support.microsoft.com/contactus/)
# License
* Legal Notice: [Container License Information](https://aka.ms/mcr/osslegalnotice)
* [.NET license](https://github.com/dotnet/dotnet-docker/blob/main/LICENSE)
* [Discover licensing for Linux image contents](https://github.com/dotnet/dotnet-docker/blob/main/documentation/image-artifact-details.md)
* [Windows base image license](https://docs.microsoft.com/virtualization/windowscontainers/images-eula) (only applies to Windows containers)
* [Pricing and licensing for Windows Server 2019](https://www.microsoft.com/cloud-platform/windows-server-pricing)

179
README.runtime.md Normal file
View File

@ -0,0 +1,179 @@
# Featured Tags
* `7.0` (Standard Support)
* `docker pull mcr.microsoft.com/dotnet/runtime:7.0`
* `6.0` (Long-Term Support)
* `docker pull mcr.microsoft.com/dotnet/runtime:6.0`
# About
This image contains the .NET runtimes and libraries and is optimized for running .NET apps in production.
Watch [discussions](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) for Docker-related .NET announcements.
# Usage
The [.NET Docker samples](https://github.com/dotnet/dotnet-docker/blob/main/samples/README.md) show various ways to use .NET and Docker together. See [Building Docker Images for .NET Applications](https://docs.microsoft.com/dotnet/core/docker/building-net-docker-images) to learn more.
## Container sample: Run a simple application
You can quickly run a container with a pre-built [.NET Docker image](https://hub.docker.com/_/microsoft-dotnet-samples/), based on the [.NET console sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/README.md).
Type the following command to run a sample console application:
```console
docker run --rm mcr.microsoft.com/dotnet/samples
```
# Related Repositories
.NET:
* [dotnet](https://hub.docker.com/_/microsoft-dotnet/): .NET
* [dotnet/sdk](https://hub.docker.com/_/microsoft-dotnet-sdk/): .NET SDK
* [dotnet/aspnet](https://hub.docker.com/_/microsoft-dotnet-aspnet/): ASP.NET Core Runtime
* [dotnet/runtime-deps](https://hub.docker.com/_/microsoft-dotnet-runtime-deps/): .NET Runtime Dependencies
* [dotnet/monitor](https://hub.docker.com/_/microsoft-dotnet-monitor/): .NET Monitor Tool
* [dotnet/samples](https://hub.docker.com/_/microsoft-dotnet-samples/): .NET Samples
* [dotnet/nightly/runtime](https://hub.docker.com/_/microsoft-dotnet-nightly-runtime/): .NET Runtime (Preview)
.NET Framework:
* [dotnet/framework](https://hub.docker.com/_/microsoft-dotnet-framework/): .NET Framework, ASP.NET and WCF
* [dotnet/framework/samples](https://hub.docker.com/_/microsoft-dotnet-framework-samples/): .NET Framework, ASP.NET and WCF Samples
# Full Tag Listing
## Linux amd64 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
7.0.5-bullseye-slim-amd64, 7.0-bullseye-slim-amd64, 7.0.5-bullseye-slim, 7.0-bullseye-slim, 7.0.5, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/bullseye-slim/amd64/Dockerfile) | Debian 11
7.0.5-alpine3.17-amd64, 7.0-alpine3.17-amd64, 7.0-alpine-amd64, 7.0.5-alpine3.17, 7.0-alpine3.17, 7.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/alpine3.17/amd64/Dockerfile) | Alpine 3.17
7.0.5-jammy-amd64, 7.0-jammy-amd64, 7.0.5-jammy, 7.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/jammy/amd64/Dockerfile) | Ubuntu 22.04
6.0.16-bullseye-slim-amd64, 6.0-bullseye-slim-amd64, 6.0.16-bullseye-slim, 6.0-bullseye-slim, 6.0.16, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/bullseye-slim/amd64/Dockerfile) | Debian 11
6.0.16-alpine3.17-amd64, 6.0-alpine3.17-amd64, 6.0-alpine-amd64, 6.0.16-alpine3.17, 6.0-alpine3.17, 6.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/alpine3.17/amd64/Dockerfile) | Alpine 3.17
6.0.16-jammy-amd64, 6.0-jammy-amd64, 6.0.16-jammy, 6.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/jammy/amd64/Dockerfile) | Ubuntu 22.04
6.0.16-focal-amd64, 6.0-focal-amd64, 6.0.16-focal, 6.0-focal | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/focal/amd64/Dockerfile) | Ubuntu 20.04
##### .NET 8 Preview Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
8.0.0-preview.3-bookworm-slim-amd64, 8.0-preview-bookworm-slim-amd64, 8.0.0-preview.3-bookworm-slim, 8.0-preview-bookworm-slim, 8.0.0-preview.3, 8.0-preview | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/bookworm-slim/amd64/Dockerfile) | Debian 12
8.0.0-preview.3-alpine3.17-amd64, 8.0-preview-alpine3.17-amd64, 8.0-preview-alpine-amd64, 8.0.0-preview.3-alpine3.17, 8.0-preview-alpine3.17, 8.0-preview-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/alpine3.17/amd64/Dockerfile) | Alpine 3.17
8.0.0-preview.3-jammy-amd64, 8.0-preview-jammy-amd64, 8.0.0-preview.3-jammy, 8.0-preview-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/jammy/amd64/Dockerfile) | Ubuntu 22.04
8.0.0-preview.3-jammy-chiseled-amd64, 8.0-preview-jammy-chiseled-amd64, 8.0.0-preview.3-jammy-chiseled, 8.0-preview-jammy-chiseled | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/jammy-chiseled/amd64/Dockerfile) | Ubuntu 22.04
## Linux arm64 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
7.0.5-bullseye-slim-arm64v8, 7.0-bullseye-slim-arm64v8, 7.0.5-bullseye-slim, 7.0-bullseye-slim, 7.0.5, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/bullseye-slim/arm64v8/Dockerfile) | Debian 11
7.0.5-alpine3.17-arm64v8, 7.0-alpine3.17-arm64v8, 7.0-alpine-arm64v8, 7.0.5-alpine3.17, 7.0-alpine3.17, 7.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/alpine3.17/arm64v8/Dockerfile) | Alpine 3.17
7.0.5-jammy-arm64v8, 7.0-jammy-arm64v8, 7.0.5-jammy, 7.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/jammy/arm64v8/Dockerfile) | Ubuntu 22.04
6.0.16-bullseye-slim-arm64v8, 6.0-bullseye-slim-arm64v8, 6.0.16-bullseye-slim, 6.0-bullseye-slim, 6.0.16, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/bullseye-slim/arm64v8/Dockerfile) | Debian 11
6.0.16-alpine3.17-arm64v8, 6.0-alpine3.17-arm64v8, 6.0-alpine-arm64v8, 6.0.16-alpine3.17, 6.0-alpine3.17, 6.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/alpine3.17/arm64v8/Dockerfile) | Alpine 3.17
6.0.16-jammy-arm64v8, 6.0-jammy-arm64v8, 6.0.16-jammy, 6.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/jammy/arm64v8/Dockerfile) | Ubuntu 22.04
6.0.16-focal-arm64v8, 6.0-focal-arm64v8, 6.0.16-focal, 6.0-focal | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/focal/arm64v8/Dockerfile) | Ubuntu 20.04
##### .NET 8 Preview Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
8.0.0-preview.3-bookworm-slim-arm64v8, 8.0-preview-bookworm-slim-arm64v8, 8.0.0-preview.3-bookworm-slim, 8.0-preview-bookworm-slim, 8.0.0-preview.3, 8.0-preview | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/bookworm-slim/arm64v8/Dockerfile) | Debian 12
8.0.0-preview.3-alpine3.17-arm64v8, 8.0-preview-alpine3.17-arm64v8, 8.0-preview-alpine-arm64v8, 8.0.0-preview.3-alpine3.17, 8.0-preview-alpine3.17, 8.0-preview-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/alpine3.17/arm64v8/Dockerfile) | Alpine 3.17
8.0.0-preview.3-jammy-arm64v8, 8.0-preview-jammy-arm64v8, 8.0.0-preview.3-jammy, 8.0-preview-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/jammy/arm64v8/Dockerfile) | Ubuntu 22.04
8.0.0-preview.3-jammy-chiseled-arm64v8, 8.0-preview-jammy-chiseled-arm64v8, 8.0.0-preview.3-jammy-chiseled, 8.0-preview-jammy-chiseled | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/jammy-chiseled/arm64v8/Dockerfile) | Ubuntu 22.04
## Linux arm32 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
7.0.5-bullseye-slim-arm32v7, 7.0-bullseye-slim-arm32v7, 7.0.5-bullseye-slim, 7.0-bullseye-slim, 7.0.5, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/bullseye-slim/arm32v7/Dockerfile) | Debian 11
7.0.5-alpine3.17-arm32v7, 7.0-alpine3.17-arm32v7, 7.0-alpine-arm32v7, 7.0.5-alpine3.17, 7.0-alpine3.17, 7.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/alpine3.17/arm32v7/Dockerfile) | Alpine 3.17
7.0.5-jammy-arm32v7, 7.0-jammy-arm32v7, 7.0.5-jammy, 7.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/jammy/arm32v7/Dockerfile) | Ubuntu 22.04
6.0.16-bullseye-slim-arm32v7, 6.0-bullseye-slim-arm32v7, 6.0.16-bullseye-slim, 6.0-bullseye-slim, 6.0.16, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/bullseye-slim/arm32v7/Dockerfile) | Debian 11
6.0.16-alpine3.17-arm32v7, 6.0-alpine3.17-arm32v7, 6.0-alpine-arm32v7, 6.0.16-alpine3.17, 6.0-alpine3.17, 6.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/alpine3.17/arm32v7/Dockerfile) | Alpine 3.17
6.0.16-jammy-arm32v7, 6.0-jammy-arm32v7, 6.0.16-jammy, 6.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/jammy/arm32v7/Dockerfile) | Ubuntu 22.04
6.0.16-focal-arm32v7, 6.0-focal-arm32v7, 6.0.16-focal, 6.0-focal | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/focal/arm32v7/Dockerfile) | Ubuntu 20.04
##### .NET 8 Preview Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
8.0.0-preview.3-bookworm-slim-arm32v7, 8.0-preview-bookworm-slim-arm32v7, 8.0.0-preview.3-bookworm-slim, 8.0-preview-bookworm-slim, 8.0.0-preview.3, 8.0-preview | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/bookworm-slim/arm32v7/Dockerfile) | Debian 12
8.0.0-preview.3-alpine3.17-arm32v7, 8.0-preview-alpine3.17-arm32v7, 8.0-preview-alpine-arm32v7, 8.0.0-preview.3-alpine3.17, 8.0-preview-alpine3.17, 8.0-preview-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/alpine3.17/arm32v7/Dockerfile) | Alpine 3.17
8.0.0-preview.3-jammy-arm32v7, 8.0-preview-jammy-arm32v7, 8.0.0-preview.3-jammy, 8.0-preview-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/jammy/arm32v7/Dockerfile) | Ubuntu 22.04
8.0.0-preview.3-jammy-chiseled-arm32v7, 8.0-preview-jammy-chiseled-arm32v7, 8.0.0-preview.3-jammy-chiseled, 8.0-preview-jammy-chiseled | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/jammy-chiseled/arm32v7/Dockerfile) | Ubuntu 22.04
## Nano Server 2022 amd64 Tags
Tag | Dockerfile
---------| ---------------
7.0.5-nanoserver-ltsc2022, 7.0-nanoserver-ltsc2022, 7.0.5, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/nanoserver-ltsc2022/amd64/Dockerfile)
6.0.16-nanoserver-ltsc2022, 6.0-nanoserver-ltsc2022, 6.0.16, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/nanoserver-ltsc2022/amd64/Dockerfile)
##### .NET 8 Preview Tags
Tag | Dockerfile
---------| ---------------
8.0.0-preview.3-nanoserver-ltsc2022, 8.0-preview-nanoserver-ltsc2022 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/nanoserver-ltsc2022/amd64/Dockerfile)
## Windows Server Core 2022 amd64 Tags
Tag | Dockerfile
---------| ---------------
7.0.5-windowsservercore-ltsc2022, 7.0-windowsservercore-ltsc2022 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/windowsservercore-ltsc2022/amd64/Dockerfile)
6.0.16-windowsservercore-ltsc2022, 6.0-windowsservercore-ltsc2022 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/windowsservercore-ltsc2022/amd64/Dockerfile)
##### .NET 8 Preview Tags
Tag | Dockerfile
---------| ---------------
8.0.0-preview.3-windowsservercore-ltsc2022, 8.0-preview-windowsservercore-ltsc2022 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/windowsservercore-ltsc2022/amd64/Dockerfile)
## Nano Server, version 1809 amd64 Tags
Tag | Dockerfile
---------| ---------------
7.0.5-nanoserver-1809, 7.0-nanoserver-1809, 7.0.5, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/nanoserver-1809/amd64/Dockerfile)
6.0.16-nanoserver-1809, 6.0-nanoserver-1809, 6.0.16, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/nanoserver-1809/amd64/Dockerfile)
##### .NET 8 Preview Tags
Tag | Dockerfile
---------| ---------------
8.0.0-preview.3-nanoserver-1809, 8.0-preview-nanoserver-1809 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/nanoserver-1809/amd64/Dockerfile)
## Windows Server Core 2019 amd64 Tags
Tag | Dockerfile
---------| ---------------
7.0.5-windowsservercore-ltsc2019, 7.0-windowsservercore-ltsc2019 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/windowsservercore-ltsc2019/amd64/Dockerfile)
6.0.16-windowsservercore-ltsc2019, 6.0-windowsservercore-ltsc2019 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/windowsservercore-ltsc2019/amd64/Dockerfile)
##### .NET 8 Preview Tags
Tag | Dockerfile
---------| ---------------
8.0.0-preview.3-windowsservercore-ltsc2019, 8.0-preview-windowsservercore-ltsc2019 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/8.0/windowsservercore-ltsc2019/amd64/Dockerfile)
You can retrieve a list of all available tags for dotnet/runtime at https://mcr.microsoft.com/v2/dotnet/runtime/tags/list.
<!--End of generated tags-->
For tags contained in the old dotnet/core/runtime repository, you can retrieve a list of those tags at https://mcr.microsoft.com/v2/dotnet/core/runtime/tags/list.
*Tags not listed in the table above are not supported. See the [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)*
# Support
## Lifecycle
* [Microsoft Support for .NET](https://github.com/dotnet/core/blob/main/microsoft-support.md)
* [Supported Container Platforms Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-platforms.md)
* [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)
## Image Update Policy
* We update the supported .NET images within 12 hours of any updates to their base images (e.g. debian:buster-slim, windows/nanoserver:ltsc2022, buildpack-deps:bionic-scm, etc.).
* We publish .NET images as part of releasing new versions of .NET including major/minor and servicing.
## Feedback
* [File an issue](https://github.com/dotnet/dotnet-docker/issues/new/choose)
* [Contact Microsoft Support](https://support.microsoft.com/contactus/)
# License
* Legal Notice: [Container License Information](https://aka.ms/mcr/osslegalnotice)
* [.NET license](https://github.com/dotnet/dotnet-docker/blob/main/LICENSE)
* [Discover licensing for Linux image contents](https://github.com/dotnet/dotnet-docker/blob/main/documentation/image-artifact-details.md)
* [Windows base image license](https://docs.microsoft.com/virtualization/windowscontainers/images-eula) (only applies to Windows containers)
* [Pricing and licensing for Windows Server 2019](https://www.microsoft.com/cloud-platform/windows-server-pricing)

121
README.samples.md Normal file
View File

@ -0,0 +1,121 @@
# Featured Tags
* `dotnetapp` [(*Dockerfile*)](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/Dockerfile)
* `docker pull mcr.microsoft.com/dotnet/samples:dotnetapp`
* `aspnetapp` [(*Dockerfile*)](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/Dockerfile)
* `docker pull mcr.microsoft.com/dotnet/samples:aspnetapp`
# About
These images contain sample .NET and ASP.NET Core applications.
Watch [discussions](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) for Docker-related .NET announcements.
# Usage
The [.NET Docker samples](https://github.com/dotnet/dotnet-docker/blob/main/samples/README.md) show various ways to use .NET and Docker together. See [Building Docker Images for .NET Applications](https://docs.microsoft.com/dotnet/core/docker/building-net-docker-images) to learn more.
## Container sample: Run a simple application
You can quickly run a container with a pre-built [.NET Docker image](https://hub.docker.com/_/microsoft-dotnet-samples/), based on the [.NET console sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/README.md).
Type the following command to run a sample console application:
```console
docker run --rm mcr.microsoft.com/dotnet/samples
```
## Container sample: Run a web application
You can quickly run a container with a pre-built [.NET Docker image](https://hub.docker.com/_/microsoft-dotnet-samples/), based on the [ASP.NET Core sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/README.md).
Type the following command to run a sample web application:
```console
docker run -it --rm -p 8000:80 --name aspnetcore_sample mcr.microsoft.com/dotnet/samples:aspnetapp
```
After the application starts, navigate to `http://localhost:8000` in your web browser.
See [Hosting ASP.NET Core Images with Docker over HTTPS](https://github.com/dotnet/dotnet-docker/blob/main/samples/host-aspnetcore-https.md) to use HTTPS with this image.
# Related Repositories
.NET:
* [dotnet](https://hub.docker.com/_/microsoft-dotnet/): .NET
* [dotnet/sdk](https://hub.docker.com/_/microsoft-dotnet-sdk/): .NET SDK
* [dotnet/aspnet](https://hub.docker.com/_/microsoft-dotnet-aspnet/): ASP.NET Core Runtime
* [dotnet/runtime](https://hub.docker.com/_/microsoft-dotnet-runtime/): .NET Runtime
* [dotnet/runtime-deps](https://hub.docker.com/_/microsoft-dotnet-runtime-deps/): .NET Runtime Dependencies
* [dotnet/monitor](https://hub.docker.com/_/microsoft-dotnet-monitor/): .NET Monitor Tool
.NET Framework:
* [dotnet/framework](https://hub.docker.com/_/microsoft-dotnet-framework/): .NET Framework, ASP.NET and WCF
* [dotnet/framework/samples](https://hub.docker.com/_/microsoft-dotnet-framework-samples/): .NET Framework, ASP.NET and WCF Samples
# Full Tag Listing
## Linux amd64 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
dotnetapp-alpine-slim-amd64, dotnetapp, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/Dockerfile.alpine-slim) | Alpine
aspnetapp-alpine-slim-amd64, aspnetapp | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/Dockerfile.alpine-slim) | Alpine
## Linux arm32 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
dotnetapp-alpine-slim-arm32v7, dotnetapp, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/Dockerfile.alpine-slim) | Alpine
aspnetapp-alpine-slim-arm32v7, aspnetapp | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/Dockerfile.alpine-slim) | Alpine
## Linux arm64 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
dotnetapp-alpine-slim-arm64v8, dotnetapp, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/Dockerfile.alpine-slim) | Alpine
aspnetapp-alpine-slim-arm64v8, aspnetapp | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/Dockerfile.alpine-slim) | Alpine
## Nano Server 2022 amd64 Tags
Tag | Dockerfile
---------| ---------------
dotnetapp-nanoserver-ltsc2022, dotnetapp, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/Dockerfile)
aspnetapp-nanoserver-ltsc2022, aspnetapp | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/Dockerfile.nanoserver-slim)
## Nano Server, version 1809 amd64 Tags
Tag | Dockerfile
---------| ---------------
dotnetapp-nanoserver-1809, dotnetapp, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/Dockerfile)
aspnetapp-nanoserver-1809, aspnetapp | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/Dockerfile.nanoserver-slim)
You can retrieve a list of all available tags for dotnet/samples at https://mcr.microsoft.com/v2/dotnet/samples/tags/list.
<!--End of generated tags-->
For tags contained in the old dotnet/core/samples repository, you can retrieve a list of those tags at https://mcr.microsoft.com/v2/dotnet/core/samples/tags/list.
*Tags not listed in the table above are not supported. See the [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)*
# Support
## Lifecycle
* [Microsoft Support for .NET](https://github.com/dotnet/core/blob/main/microsoft-support.md)
* [Supported Container Platforms Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-platforms.md)
* [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)
## Image Update Policy
* We update the supported .NET images within 12 hours of any updates to their base images (e.g. debian:buster-slim, windows/nanoserver:ltsc2022, buildpack-deps:bionic-scm, etc.).
* We publish .NET images as part of releasing new versions of .NET including major/minor and servicing.
## Feedback
* [File an issue](https://github.com/dotnet/dotnet-docker/issues/new/choose)
* [Contact Microsoft Support](https://support.microsoft.com/contactus/)
# License
* Legal Notice: [Container License Information](https://aka.ms/mcr/osslegalnotice)
* [.NET license](https://github.com/dotnet/dotnet-docker/blob/main/LICENSE)
* [Discover licensing for Linux image contents](https://github.com/dotnet/dotnet-docker/blob/main/documentation/image-artifact-details.md)
* [Windows base image license](https://docs.microsoft.com/virtualization/windowscontainers/images-eula) (only applies to Windows containers)
* [Pricing and licensing for Windows Server 2019](https://www.microsoft.com/cloud-platform/windows-server-pricing)

185
README.sdk.md Normal file
View File

@ -0,0 +1,185 @@
# Featured Tags
* `7.0` (Standard Support)
* `docker pull mcr.microsoft.com/dotnet/sdk:7.0`
* `6.0` (Long-Term Support)
* `docker pull mcr.microsoft.com/dotnet/sdk:6.0`
# About
This image contains the .NET SDK which is comprised of three parts:
1. .NET CLI
1. .NET runtime
1. ASP.NET Core
Use this image for your development process (developing, building and testing applications).
Watch [discussions](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) for Docker-related .NET announcements.
# Usage
The [.NET Docker samples](https://github.com/dotnet/dotnet-docker/blob/main/samples/README.md) show various ways to use .NET and Docker together. See [Building Docker Images for .NET Applications](https://docs.microsoft.com/dotnet/core/docker/building-net-docker-images) to learn more.
## Building .NET Apps with Docker
* [.NET Docker Sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/README.md) - This [sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/Dockerfile) builds, tests, and runs the sample. It includes and builds multiple projects.
* [ASP.NET Core Docker Sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/README.md) - This [sample](https://github.com/dotnet/dotnet-docker/blob/main/samples/aspnetapp/Dockerfile) demonstrates using Docker with an ASP.NET Core Web App.
## Develop .NET Apps in a Container
The following samples show how to develop, build and test .NET applications with Docker without the need to install the .NET SDK.
* [Build .NET Applications with SDK Container](https://github.com/dotnet/dotnet-docker/blob/main/samples/build-in-sdk-container.md)
* [Test .NET Applications with SDK Container](https://github.com/dotnet/dotnet-docker/blob/main/samples/run-tests-in-sdk-container.md)
* [Run .NET Applications with SDK Container](https://github.com/dotnet/dotnet-docker/blob/main/samples/run-in-sdk-container.md)
# Related Repositories
.NET:
* [dotnet](https://hub.docker.com/_/microsoft-dotnet/): .NET
* [dotnet/aspnet](https://hub.docker.com/_/microsoft-dotnet-aspnet/): ASP.NET Core Runtime
* [dotnet/runtime](https://hub.docker.com/_/microsoft-dotnet-runtime/): .NET Runtime
* [dotnet/runtime-deps](https://hub.docker.com/_/microsoft-dotnet-runtime-deps/): .NET Runtime Dependencies
* [dotnet/monitor](https://hub.docker.com/_/microsoft-dotnet-monitor/): .NET Monitor Tool
* [dotnet/samples](https://hub.docker.com/_/microsoft-dotnet-samples/): .NET Samples
* [dotnet/nightly/sdk](https://hub.docker.com/_/microsoft-dotnet-nightly-sdk/): .NET SDK (Preview)
.NET Framework:
* [dotnet/framework](https://hub.docker.com/_/microsoft-dotnet-framework/): .NET Framework, ASP.NET and WCF
* [dotnet/framework/samples](https://hub.docker.com/_/microsoft-dotnet-framework-samples/): .NET Framework, ASP.NET and WCF Samples
# Full Tag Listing
## Linux amd64 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
7.0.203-bullseye-slim-amd64, 7.0-bullseye-slim-amd64, 7.0.203-bullseye-slim, 7.0-bullseye-slim, 7.0.203, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/7.0/bullseye-slim/amd64/Dockerfile) | Debian 11
7.0.203-alpine3.17-amd64, 7.0-alpine3.17-amd64, 7.0-alpine-amd64, 7.0.203-alpine3.17, 7.0-alpine3.17, 7.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/7.0/alpine3.17/amd64/Dockerfile) | Alpine 3.17
7.0.203-jammy-amd64, 7.0-jammy-amd64, 7.0.203-jammy, 7.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/7.0/jammy/amd64/Dockerfile) | Ubuntu 22.04
6.0.408-bullseye-slim-amd64, 6.0-bullseye-slim-amd64, 6.0.408-bullseye-slim, 6.0-bullseye-slim, 6.0.408, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/bullseye-slim/amd64/Dockerfile) | Debian 11
6.0.408-alpine3.17-amd64, 6.0-alpine3.17-amd64, 6.0-alpine-amd64, 6.0.408-alpine3.17, 6.0-alpine3.17, 6.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/alpine3.17/amd64/Dockerfile) | Alpine 3.17
6.0.408-jammy-amd64, 6.0-jammy-amd64, 6.0.408-jammy, 6.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/jammy/amd64/Dockerfile) | Ubuntu 22.04
6.0.408-focal-amd64, 6.0-focal-amd64, 6.0.408-focal, 6.0-focal | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/focal/amd64/Dockerfile) | Ubuntu 20.04
##### .NET 8 Preview Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
8.0.100-preview.3-bookworm-slim-amd64, 8.0-preview-bookworm-slim-amd64, 8.0.100-preview.3-bookworm-slim, 8.0-preview-bookworm-slim, 8.0.100-preview.3, 8.0-preview | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/8.0/bookworm-slim/amd64/Dockerfile) | Debian 12
8.0.100-preview.3-alpine3.17-amd64, 8.0-preview-alpine3.17-amd64, 8.0-preview-alpine-amd64, 8.0.100-preview.3-alpine3.17, 8.0-preview-alpine3.17, 8.0-preview-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/8.0/alpine3.17/amd64/Dockerfile) | Alpine 3.17
8.0.100-preview.3-jammy-amd64, 8.0-preview-jammy-amd64, 8.0.100-preview.3-jammy, 8.0-preview-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/8.0/jammy/amd64/Dockerfile) | Ubuntu 22.04
## Linux arm64 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
7.0.203-bullseye-slim-arm64v8, 7.0-bullseye-slim-arm64v8, 7.0.203-bullseye-slim, 7.0-bullseye-slim, 7.0.203, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/7.0/bullseye-slim/arm64v8/Dockerfile) | Debian 11
7.0.203-alpine3.17-arm64v8, 7.0-alpine3.17-arm64v8, 7.0-alpine-arm64v8, 7.0.203-alpine3.17, 7.0-alpine3.17, 7.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/7.0/alpine3.17/arm64v8/Dockerfile) | Alpine 3.17
7.0.203-jammy-arm64v8, 7.0-jammy-arm64v8, 7.0.203-jammy, 7.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/7.0/jammy/arm64v8/Dockerfile) | Ubuntu 22.04
6.0.408-bullseye-slim-arm64v8, 6.0-bullseye-slim-arm64v8, 6.0.408-bullseye-slim, 6.0-bullseye-slim, 6.0.408, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/bullseye-slim/arm64v8/Dockerfile) | Debian 11
6.0.408-alpine3.17-arm64v8, 6.0-alpine3.17-arm64v8, 6.0-alpine-arm64v8, 6.0.408-alpine3.17, 6.0-alpine3.17, 6.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/alpine3.17/arm64v8/Dockerfile) | Alpine 3.17
6.0.408-jammy-arm64v8, 6.0-jammy-arm64v8, 6.0.408-jammy, 6.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/jammy/arm64v8/Dockerfile) | Ubuntu 22.04
6.0.408-focal-arm64v8, 6.0-focal-arm64v8, 6.0.408-focal, 6.0-focal | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/focal/arm64v8/Dockerfile) | Ubuntu 20.04
##### .NET 8 Preview Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
8.0.100-preview.3-bookworm-slim-arm64v8, 8.0-preview-bookworm-slim-arm64v8, 8.0.100-preview.3-bookworm-slim, 8.0-preview-bookworm-slim, 8.0.100-preview.3, 8.0-preview | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/8.0/bookworm-slim/arm64v8/Dockerfile) | Debian 12
8.0.100-preview.3-alpine3.17-arm64v8, 8.0-preview-alpine3.17-arm64v8, 8.0-preview-alpine-arm64v8, 8.0.100-preview.3-alpine3.17, 8.0-preview-alpine3.17, 8.0-preview-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/8.0/alpine3.17/arm64v8/Dockerfile) | Alpine 3.17
8.0.100-preview.3-jammy-arm64v8, 8.0-preview-jammy-arm64v8, 8.0.100-preview.3-jammy, 8.0-preview-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/8.0/jammy/arm64v8/Dockerfile) | Ubuntu 22.04
## Linux arm32 Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
7.0.203-bullseye-slim-arm32v7, 7.0-bullseye-slim-arm32v7, 7.0.203-bullseye-slim, 7.0-bullseye-slim, 7.0.203, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/7.0/bullseye-slim/arm32v7/Dockerfile) | Debian 11
7.0.203-alpine3.17-arm32v7, 7.0-alpine3.17-arm32v7, 7.0-alpine-arm32v7, 7.0.203-alpine3.17, 7.0-alpine3.17, 7.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/7.0/alpine3.17/arm32v7/Dockerfile) | Alpine 3.17
7.0.203-jammy-arm32v7, 7.0-jammy-arm32v7, 7.0.203-jammy, 7.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/7.0/jammy/arm32v7/Dockerfile) | Ubuntu 22.04
6.0.408-bullseye-slim-arm32v7, 6.0-bullseye-slim-arm32v7, 6.0.408-bullseye-slim, 6.0-bullseye-slim, 6.0.408, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/bullseye-slim/arm32v7/Dockerfile) | Debian 11
6.0.408-alpine3.17-arm32v7, 6.0-alpine3.17-arm32v7, 6.0-alpine-arm32v7, 6.0.408-alpine3.17, 6.0-alpine3.17, 6.0-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/alpine3.17/arm32v7/Dockerfile) | Alpine 3.17
6.0.408-jammy-arm32v7, 6.0-jammy-arm32v7, 6.0.408-jammy, 6.0-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/jammy/arm32v7/Dockerfile) | Ubuntu 22.04
6.0.408-focal-arm32v7, 6.0-focal-arm32v7, 6.0.408-focal, 6.0-focal | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/focal/arm32v7/Dockerfile) | Ubuntu 20.04
##### .NET 8 Preview Tags
Tags | Dockerfile | OS Version
-----------| -------------| -------------
8.0.100-preview.3-bookworm-slim-arm32v7, 8.0-preview-bookworm-slim-arm32v7, 8.0.100-preview.3-bookworm-slim, 8.0-preview-bookworm-slim, 8.0.100-preview.3, 8.0-preview | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/8.0/bookworm-slim/arm32v7/Dockerfile) | Debian 12
8.0.100-preview.3-alpine3.17-arm32v7, 8.0-preview-alpine3.17-arm32v7, 8.0-preview-alpine-arm32v7, 8.0.100-preview.3-alpine3.17, 8.0-preview-alpine3.17, 8.0-preview-alpine | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/8.0/alpine3.17/arm32v7/Dockerfile) | Alpine 3.17
8.0.100-preview.3-jammy-arm32v7, 8.0-preview-jammy-arm32v7, 8.0.100-preview.3-jammy, 8.0-preview-jammy | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/8.0/jammy/arm32v7/Dockerfile) | Ubuntu 22.04
## Nano Server 2022 amd64 Tags
Tag | Dockerfile
---------| ---------------
7.0.203-nanoserver-ltsc2022, 7.0-nanoserver-ltsc2022, 7.0.203, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/7.0/nanoserver-ltsc2022/amd64/Dockerfile)
6.0.408-nanoserver-ltsc2022, 6.0-nanoserver-ltsc2022, 6.0.408, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/nanoserver-ltsc2022/amd64/Dockerfile)
##### .NET 8 Preview Tags
Tag | Dockerfile
---------| ---------------
8.0.100-preview.3-nanoserver-ltsc2022, 8.0-preview-nanoserver-ltsc2022 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/8.0/nanoserver-ltsc2022/amd64/Dockerfile)
## Windows Server Core 2022 amd64 Tags
Tag | Dockerfile
---------| ---------------
7.0.203-windowsservercore-ltsc2022, 7.0-windowsservercore-ltsc2022 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/7.0/windowsservercore-ltsc2022/amd64/Dockerfile)
6.0.408-windowsservercore-ltsc2022, 6.0-windowsservercore-ltsc2022 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/windowsservercore-ltsc2022/amd64/Dockerfile)
##### .NET 8 Preview Tags
Tag | Dockerfile
---------| ---------------
8.0.100-preview.3-windowsservercore-ltsc2022, 8.0-preview-windowsservercore-ltsc2022 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/8.0/windowsservercore-ltsc2022/amd64/Dockerfile)
## Nano Server, version 1809 amd64 Tags
Tag | Dockerfile
---------| ---------------
7.0.203-nanoserver-1809, 7.0-nanoserver-1809, 7.0.203, 7.0, latest | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/7.0/nanoserver-1809/amd64/Dockerfile)
6.0.408-nanoserver-1809, 6.0-nanoserver-1809, 6.0.408, 6.0 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/nanoserver-1809/amd64/Dockerfile)
##### .NET 8 Preview Tags
Tag | Dockerfile
---------| ---------------
8.0.100-preview.3-nanoserver-1809, 8.0-preview-nanoserver-1809 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/8.0/nanoserver-1809/amd64/Dockerfile)
## Windows Server Core 2019 amd64 Tags
Tag | Dockerfile
---------| ---------------
7.0.203-windowsservercore-ltsc2019, 7.0-windowsservercore-ltsc2019 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/7.0/windowsservercore-ltsc2019/amd64/Dockerfile)
6.0.408-windowsservercore-ltsc2019, 6.0-windowsservercore-ltsc2019 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/6.0/windowsservercore-ltsc2019/amd64/Dockerfile)
##### .NET 8 Preview Tags
Tag | Dockerfile
---------| ---------------
8.0.100-preview.3-windowsservercore-ltsc2019, 8.0-preview-windowsservercore-ltsc2019 | [Dockerfile](https://github.com/dotnet/dotnet-docker/blob/main/src/sdk/8.0/windowsservercore-ltsc2019/amd64/Dockerfile)
You can retrieve a list of all available tags for dotnet/sdk at https://mcr.microsoft.com/v2/dotnet/sdk/tags/list.
<!--End of generated tags-->
For tags contained in the old dotnet/core/sdk repository, you can retrieve a list of those tags at https://mcr.microsoft.com/v2/dotnet/core/sdk/tags/list.
*Tags not listed in the table above are not supported. See the [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)*
# Support
## Lifecycle
* [Microsoft Support for .NET](https://github.com/dotnet/core/blob/main/microsoft-support.md)
* [Supported Container Platforms Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-platforms.md)
* [Supported Tags Policy](https://github.com/dotnet/dotnet-docker/blob/main/documentation/supported-tags.md)
## Image Update Policy
* We update the supported .NET images within 12 hours of any updates to their base images (e.g. debian:buster-slim, windows/nanoserver:ltsc2022, buildpack-deps:bionic-scm, etc.).
* We publish .NET images as part of releasing new versions of .NET including major/minor and servicing.
## Feedback
* [File an issue](https://github.com/dotnet/dotnet-docker/issues/new/choose)
* [Contact Microsoft Support](https://support.microsoft.com/contactus/)
# License
* Legal Notice: [Container License Information](https://aka.ms/mcr/osslegalnotice)
* [.NET license](https://github.com/dotnet/dotnet-docker/blob/main/LICENSE)
* [Discover licensing for Linux image contents](https://github.com/dotnet/dotnet-docker/blob/main/documentation/image-artifact-details.md)
* [Windows base image license](https://docs.microsoft.com/virtualization/windowscontainers/images-eula) (only applies to Windows containers)
* [Pricing and licensing for Windows Server 2019](https://www.microsoft.com/cloud-platform/windows-server-pricing)

15
SECURITY.md Normal file
View File

@ -0,0 +1,15 @@
# Security Policy
## Supported Versions
The .NET Core and ASP.NET Core support policy, including supported versions can be found at the [.NET Core Support Policy Page](https://dotnet.microsoft.com/platform/support/policy/dotnet-core).
## Reporting a Vulnerability
Security issues and bugs should be reported privately to the Microsoft Security Response Center (MSRC), either by emailing secure@microsoft.com or via the portal at https://msrc.microsoft.com.
You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your
original message. Further information, including the MSRC PGP key, can be found in the [MSRC Report an Issue FAQ](https://www.microsoft.com/en-us/msrc/faqs-report-an-issue).
Reports via MSRC may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at [https://aka.ms/corebounty](https://aka.ms/corebounty).
Please do not open issues for anything you think might have a security implication.

83
build-and-test.ps1 Normal file
View File

@ -0,0 +1,83 @@
#!/usr/bin/env pwsh
param(
# Version of .NET Core to filter by
[string]$Version = "*",
# Name of OS to filter by
[string]$OS,
# Type of architecture to filter by
[string]$Architecture,
# Additional custom path filters (overrides Version)
[string[]]$Paths,
# Additional args to pass to ImageBuilder
[string]$OptionalImageBuilderArgs,
# Execution mode of the script
[ValidateSet("BuildAndTest", "Build", "Test")]
[string]$Mode = "BuildAndTest",
# Categories of tests to run
[ValidateSet("runtime", "runtime-deps", "aspnet", "sdk", "pre-build", "sample", "image-size", "monitor")]
[string[]]$TestCategories = @("runtime", "runtime-deps", "aspnet", "sdk", "pre-build", "sample", "image-size", "monitor")
)
if ($Version -notmatch '^\d+\.\d+(\.[\d*])?|\*$') {
Write-Error "Error: Input version is not in the expected format of X.Y or X.Y.*"
exit 1
# If we call the script with a format like "8.0", add the trailing ".*" that ImageBuilder expects
if ($Version.Split('.').Count -lt 3) {
$Version += ".*"
}
}
if (($Mode -eq "BuildAndTest" -or $Mode -eq "Test") -and $TestCategories.Contains("pre-build")) {
& ./tests/run-tests.ps1 -TestCategories "pre-build" -Version "*"
}
if ($Mode -eq "BuildAndTest" -or $Mode -eq "Build") {
# Build the product images
& ./eng/common/build.ps1 `
-Version $Version `
-OS $OS `
-Architecture $Architecture `
-Paths $Paths `
-OptionalImageBuilderArgs $OptionalImageBuilderArgs
$activeOS = docker version -f "{{ .Server.Os }}"
if ($activeOS -eq "windows" -and -not $OS) {
Write-Host "Setting OS to match local Windows host version"
$windowsReleaseId = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ReleaseId
$OS = "nanoserver-$windowsReleaseId"
}
# Build the sample images
& ./eng/common/build.ps1 `
-Version $Version `
-OS @($OS) `
-Architecture $Architecture `
-Paths $Paths `
-OptionalImageBuilderArgs $OptionalImageBuilderArgs `
-Manifest manifest.samples.json
}
if ($Mode -eq "BuildAndTest" -or $Mode -eq "Test") {
$VersionParts = $Version.Split('.')
$TestVersion = $VersionParts[0] + "." + $VersionParts[1]
$localTestCategories = $TestCategories
if ($Version -ne "*" -and $TestCategories.Contains("sample")) {
$localTestCategories = $TestCategories | where { $_ -ne "sample" }
Write-Warning "Skipping sample image testing since Version was set"
}
& ./tests/run-tests.ps1 `
-Version $TestVersion `
-OSVersions @($OS) `
-Architecture $Architecture `
-TestCategories $localTestCategories
}

46
documentation/guiding-principles.md Normal file
View File

@ -0,0 +1,46 @@
# Guiding Principles
These are the guiding principles for the content, tagging and production of the official .NET Docker images. They establish a framework for the behavior customers can expect and the decision-making process when making changes to the images. They are not hard rules which are stringently enforced as there will be occasions where it is sensible to make special exceptions.
## Image Content
1. Images are intended to satisfy the common usage scenarios. They are not intended to satisfy every possible usage scenario. As a result of this, decisions will be made (e.g. components excluded, configurations made, etc.) in order to keep the image size manageable.
It is expected there will be scenarios in which customers will need to create derived images that add the required components/settings. A few examples include:
1. Alpine images have the .NET Invariant Mode enabled by default ([details](https://github.com/dotnet/dotnet-docker/issues/371)). Use cases that cannot tolerate the globalization invariant mode can reset the `DOTNET_SYSTEM_GLOBALIZATION_INVARIANT` environment variable.
1. The System.Drawing.Common native dependencies are not included by default. If System.Drawing.Common is being used, the native dependencies will need to be added.
Component authors can package their bits in ways which make them more easily consumable from Docker without including them within the .NET images. Examples include:
1. Support xcopy installs
1. Package as a .NET global tool
1. Ship within their own Docker image
1. Support standalone execution and multi-stage builds
1. Support running within a side car image
1. Components installed within the images are required to have the same or longer support lifecycle as [.NET](https://dotnet.microsoft.com/platform/support/policy/dotnet-core). For example, if a component is included with an LTSC release of .NET, then that `major.minor` component version will need to be supported for the life of the LTSC release. Components are expected to be serviced over their lifetime as appropriate.
1. Breaking changes are not allowed within a release. This includes changes such as adding/removing components, adding/removing ENVs, and major/minor version changes to included components.
1. There should be parity within the supported image matrix. Examples include:
1. If support for a new distro is added for a particular .NET version, then new `runtime-deps`, `runtime`, `aspnet`, and `sdk` images should all be added for the new distro.
1. If a new component is added, it should be available across all supported OS types and architectures.
1. The matrix of [supported container operating systems and versions](supported-platforms.md) will evolve on a continuous basis.
## Image Tagging
See the [supported tags](supported-tags.md) for the tagging practices and policies used by the .NET team.
## Engineering
1. Images will be included as part of the .NET release process. The Docker images will be released at the same time as the core product.
1. Images will be rebuilt within hours of base image changes. For example, suppose a particular version of Alpine is patched. The .NET images based on this version of Alpine will be rebuilt with this new base image within hours of its release.
1. Images will never be deleted from the [official Docker repositories](https://hub.docker.com/_/microsoft-dotnet/). This does not apply to the [nightly repositories](https://github.com/dotnet/dotnet-docker/blob/nightly/README.md).
1. The [Dockerfiles](https://github.com/dotnet/dotnet-docker/search?q=filename%3ADockerfile) used to produce all of the images will be publicly available. Customers will be able to take the Dockerfiles and build them to produce their own equivalent images. No special build steps or permissions should be needed to build the Dockerfiles.
1. No experimental Docker features will be utilized within the infrastructure used to produce the images. Utilizing experimental features can negatively affect the reliability of image production and introduces a risk to the integrity of the resulting artifacts.

BIN
documentation/image-artifact-details-alpine-package-details.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 89 KiB

BIN
documentation/image-artifact-details-alpine-package-search.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

84
documentation/image-artifact-details.md Normal file
View File

@ -0,0 +1,84 @@
# Determining License and Source Pedigree for .NET Container Images
This document is intended to be complimentary to the [Instructions for Finding Linux Legal Metadata](https://aka.ms/mcr/osslinuxmetadata). This document describes how to interrogate the .NET images to determine licensing and version information for .NET and other components.
## .NET and Other Components
.NET and other components are carried in .NET images, all of which are from Microsoft or the .NET Foundation. The following list describes the complete set of other software (beyond base images and packages):
* .NET Runtime
* ASP.NET Core Runtime
* .NET SDK
* PowerShell
You can see these components installed in the [runtime](https://github.com/dotnet/dotnet-docker/blob/d4a9e799d047f3e86cd2730f48b689c371d38480/3.1/runtime/buster-slim/amd64/Dockerfile#L9-L17), [aspnet](https://github.com/dotnet/dotnet-docker/blob/d4a9e799d047f3e86cd2730f48b689c371d38480/3.1/aspnet/buster-slim/amd64/Dockerfile#L4-10), and [sdk](https://github.com/dotnet/dotnet-docker/blob/d4a9e799d047f3e86cd2730f48b689c371d38480/3.1/sdk/buster/amd64/Dockerfile#L26-L49) Dockerfiles.
You can discover the licenses for these components using the following pattern.
### .NET Runtime Image
The [.NET runtime image](https://hub.docker.com/_/microsoft-dotnet-runtime/) includes the .NET runtime, with an associated license and third party notice file.
```console
$ docker run --rm mcr.microsoft.com/dotnet/runtime:6.0-bullseye-slim /bin/sh -c "find ./usr/share/dotnet | grep LICENSE"
./usr/share/dotnet/LICENSE.txt
```
The license can be printed out, as follows.
```console
$ docker run --rm mcr.microsoft.com/dotnet/runtime:6.0-bullseye-slim cat ./usr/share/dotnet/LICENSE.txt
The MIT License (MIT)
Copyright (c) .NET Foundation and Contributors
All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
...
```
Third party notices can also be found, as demonstrated below.
```console
$ docker run --rm mcr.microsoft.com/dotnet/runtime:6.0-bullseye-slim /bin/sh -c "find ./usr/share/dotnet | grep -i third"
./usr/share/dotnet/ThirdPartyNotices.txt
```
### ASP.NET Core Image
The [ASP.NET Core image](https://hub.docker.com/_/microsoft-dotnet-aspnet/) includes ASP.NET Core in addition to .NET, with associated licenses and third party notice files.
```console
$ docker run --rm mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim /bin/sh -c "find ./usr/share/dotnet | grep LICENSE"
./usr/share/dotnet/LICENSE.txt
$ docker run --rm mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim /bin/sh -c "find ./usr/share/dotnet | grep -i third"
./usr/share/dotnet/ThirdPartyNotices.txt
./usr/share/dotnet/shared/Microsoft.AspNetCore.App/6.0.0/THIRD-PARTY-NOTICES.txt
```
### .NET SDK Image
The [SDK image](https://hub.docker.com/_/microsoft-dotnet-sdk/) includes the .NET SDK, which includes various .NET components, with associated licenses and third party notice files.
```console
$ docker run --rm mcr.microsoft.com/dotnet/sdk:6.0-bullseye-slim /bin/sh -c "find ./usr/share/dotnet ./usr/share/powershell | grep LICENSE"
./usr/share/dotnet/LICENSE.txt
./usr/share/dotnet/sdk/6.0.100/Sdks/Microsoft.NET.Sdk.WindowsDesktop/LICENSE.TXT
./usr/share/powershell/.store/powershell.linux.x64/7.2.0-preview.10/powershell.linux.x64/7.2.0-preview.10/tools/net6.0/any/LICENSE.txt
$ docker run --rm mcr.microsoft.com/dotnet/sdk:6.0-bullseye-slim /bin/sh -c "find ./usr/share/dotnet | grep -i third"
./usr/share/dotnet/ThirdPartyNotices.txt
./usr/share/dotnet/shared/Microsoft.AspNetCore.App/6.0.0/THIRD-PARTY-NOTICES.txt
./usr/share/dotnet/sdk/6.0.100/Sdks/Microsoft.NET.Sdk.WindowsDesktop/THIRD-PARTY-NOTICES.TXT
$ docker run --rm mcr.microsoft.com/dotnet/sdk:6.0-bullseye-slim /bin/sh -c "find ./usr/share/dotnet ./usr/share/powershell | grep -i third"
./usr/share/dotnet/ThirdPartyNotices.txt
./usr/share/dotnet/shared/Microsoft.AspNetCore.App/6.0.0/THIRD-PARTY-NOTICES.txt
./usr/share/dotnet/sdk/6.0.100/Sdks/Microsoft.NET.Sdk.WindowsDesktop/THIRD-PARTY-NOTICES.TXT
./usr/share/powershell/.store/powershell.linux.x64/7.2.0-preview.10/powershell.linux.x64/7.2.0-preview.10/tools/net6.0/any/ThirdPartyNotices.txt
```

15
documentation/scenarios/README.md Normal file
View File

@ -0,0 +1,15 @@
# .NET with Docker Scenarios
These scenarios contain tips and tricks, best practices, and samples of commonly used technology. They provide helpful demonstrations of solving commonly encountered issues.
## Scenarios
* [Managing NuGet Credentials in Docker Scenarios](nuget-credentials.md)
* [Installing .NET in a Dockerfile](installing-dotnet.md)
* [Using the System.Drawing.Common Package in a Docker Container](using-system-drawing-common.md)
## Community
You are invited to contribute new scenarios, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.
Before you start to code, please read the [.NET contribution guidelines](https://github.com/dotnet/coreclr/blob/master/CONTRIBUTING.md).

185
documentation/scenarios/installing-dotnet.md Normal file
View File

@ -0,0 +1,185 @@
# Installing .NET in a Dockerfile
There can be times where you need .NET installed on a base image that is unavailable amongst the set of official [.NET Docker images](https://hub.docker.com/_/microsoft-dotnet), such as a different Linux distro version or a Windows Server Core image. In that case, you'll need to author your own Dockerfile which installs .NET. The snippets below describe how to do this.
There are two scenarios you should consider depending on how your Docker image is to be consumed: [general platform images](#general-platform-images) and [custom application images](#custom-application-images). But before getting to that, let's first consider whether you actually need to go down this road.
## Determine whether a different base image is needed
Before doing all the work of authoring and maintaining a Dockerfile that installs .NET, it's worthwhile to stop and thoroughly analyze whether you actually do need a different base image than those provided as part of the set of official [.NET Docker images](https://hub.docker.com/_/microsoft-dotnet).
If there's a platform that you require that is available in its own Docker image, ask yourself whether it would be better to use that image and add .NET to it or would it be better to use the .NET image as the base and add the platform to it. An example scenario is using the .NET runtime with PowerShell Core; determine whether you would prefer to start with a [PowerShell Core](https://hub.docker.com/_/microsoft-powershell) image and install .NET runtime onto it or start with a [.NET runtime image](https://hub.docker.com/_/microsoft-dotnet-runtime) and install PowerShell Core onto it.
In some cases, you can workaround dependencies by publishing your .NET application as a [self-contained app](https://docs.microsoft.com/en-us/dotnet/core/deploying) in which case all of your app's dependencies are packaged with the app. This reduces the dependencies that need to be installed separately on the base image. For example, a Windows app may require dependencies that only exist in Windows Server Core but only .NET (pre-5.0) images on Nano Server are available. In that case, the app could be deployed as a self-contained app and operate just fine using the [windows/servercore](https://hub.docker.com/_/microsoft-windows-servercore) image as the base image. Example Dockerfiles that demonstrate publishing a self-contained app are available in the samples for [Linux](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/Dockerfile.debian-x64-slim) and [Windows](https://github.com/dotnet/dotnet-docker/blob/main/samples/dotnetapp/Dockerfile.nanoserver-x64-slim).
## Image Purposes
### General Platform Images
If you're building an image for a platform that is intended to be publicly consumed, you should strongly consider following the Docker [guidelines](https://github.com/docker-library/official-images) for official images. Those guidelines will inject a high level of quality in your images and instill trust and confidence by those consuming it. One of the guidelines is on [clarity](https://github.com/docker-library/official-images#clarity) which states that a Dockerfile should be easy to understand/read and avoid the use of scripts that obscure the steps that are taken to produce the image.
For general platform images, it is recommended that you install .NET by [binary archive](#installing-from-a-binary-archive) (Linux/Windows) or [package manager](#installing-from-a-linux-package-manager) (Linux only). Both of those options can be used in a way that conforms to the Docker guidelines for official images.
### Custom Application Images
If you're building an image for a custom application that is not to be intended to be publicly consumed as a platform for other applications, you can get by with a simpler Dockerfile implementation compared to [general platform images](#general-platform-images) if you choose. Because the image is only intended for your own organization's purposes, the need for transparency in the Dockerfile is lessened. Convenience can trump clarity in this case.
For custom application images, it is recommended that you install .NET by [package manager](#installing-from-a-linux-package-manager) (Linux only) or [dotnet-install script](#installing-from-dotnet-install-script) (Linux/Windows).
## Ways to Install .NET
### Installing from a Binary Archive
When authoring your Dockerfiles, you can look to the official [.NET Dockerfiles](https://github.com/dotnet/dotnet-docker) as a template for the install steps. There are several variations depending on the .NET version, OS type, and architecture being used.
In addition to installing .NET, you'll also need to ensure that the [prerequisites](https://github.com/dotnet/core/blob/master/Documentation/prereqs.md) are installed. The [.NET Dockerfiles](https://github.com/dotnet/dotnet-docker) also demonstrate how that can be done.
In the spirit of [clarity](https://github.com/docker-library/official-images#clarity), the Dockerfiles for the official .NET Docker images do not use a general purpose script for installing .NET. Rather, they explicitly provide each step of the installation process and reference the exact URL of the binary archive.
Example (Linux):
```Dockerfile
FROM amd64/ubuntu:focal
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
ca-certificates \
\
# .NET dependencies
libc6 \
libgcc1 \
libgssapi-krb5-2 \
libicu66 \
libssl1.1 \
libstdc++6 \
zlib1g \
&& rm -rf /var/lib/apt/lists/*
# Install .NET
ENV DOTNET_VERSION=6.0.0
RUN curl -fSL --output dotnet.tar.gz https://dotnetcli.azureedge.net/dotnet/Runtime/$DOTNET_VERSION/dotnet-runtime-$DOTNET_VERSION-linux-x64.tar.gz \
&& dotnet_sha512='6a1ae878efdc9f654e1914b0753b710c3780b646ac160fb5a68850b2fd1101675dc71e015dbbea6b4fcf1edac0822d3f7d470e9ed533dd81d0cfbcbbb1745c6c' \
&& echo "$dotnet_sha512 dotnet.tar.gz" | sha512sum -c - \
&& mkdir -p /usr/share/dotnet \
&& tar -zxf dotnet.tar.gz -C /usr/share/dotnet \
&& rm dotnet.tar.gz \
&& ln -s /usr/share/dotnet/dotnet /usr/bin/dotnet
```
Example (Windows):
```Dockerfile
FROM mcr.microsoft.com/windows/servercore:ltsc2022
# Install .NET
ENV DOTNET_VERSION=6.0.0
RUN powershell -Command `
$ErrorActionPreference = 'Stop'; `
$ProgressPreference = 'SilentlyContinue'; `
Invoke-WebRequest -OutFile dotnet.zip https://dotnetcli.azureedge.net/dotnet/Runtime/$Env:DOTNET_VERSION/dotnet-runtime-$Env:DOTNET_VERSION-win-x64.zip; `
$dotnet_sha512 = '2b6b630b4f0d86f4decfd1a8c2186f14322c792bafb024a8e71919ac8918e29dec99004a5cdf8b22479e0f16af582a90ed521d312a0a67a75ed5bd4adbb7594a'; `
if ((Get-FileHash dotnet.zip -Algorithm sha512).Hash -ne $dotnet_sha512) { `
Write-Host 'CHECKSUM VERIFICATION FAILED!'; `
exit 1; `
}; `
`
Expand-Archive dotnet.zip -DestinationPath dotnet; `
Remove-Item -Force dotnet.zip
```
This provides full transparency to consumers of the image in regard to where the content is coming from and whether it can be trusted; it's not hiding somewhere buried within a script. It also ensures [repeatability](https://github.com/docker-library/official-images#repeatability), another guideline of official Docker images.
#### Servicing Maintenance
By having the version of .NET you're installing explicitly defined in the Dockerfile, as should be done for clarity reasons, it means the Dockerfile must be regularly maintained to account for servicing releases of .NET. There are two parts of the install steps that will need to updated in order to reference a new release:
* Version environment variable that is referenced in the download URL (e.g. `ENV DOTNET_VERSION=6.0.0`)
* SHA value (e.g. `dotnet_sha512='d4d67df5ff5f6dde0d865a6e87559955bd57429df396cf7d05fe77f09e6220c67dc5e66439b1801ca4d301a62f81f666122bf4b623b31a46b861677dcafc62a4'`)
You can track these values by making use of the information contained in the `releases.json` of the relevant release. For example, the [`releases.json`](https://dotnetcli.azureedge.net/dotnet/release-metadata/6.0/releases.json) for 6.0 contains all the metadata for the 6.0 releases including download links of the binary archives as well as their hash values. The release information is described on the main [release notes](https://github.com/dotnet/core/blob/master/release-notes/README.md) page.
### Installing from a Linux Package Manager
For Linux, you may prefer to use your Linux distro's package manager to install .NET rather than directly from a binary archive. See the [Install .NET on Linux](https://docs.microsoft.com/en-us/dotnet/core/install/linux) guideance on how to install .NET from the various distro package managers.
Using a package manager allows for easier maintenance since you only have to reference the major/minor version of the release and you'll get servicing releases "for free". This is true as long as you are mindful of Docker's caching functionality. You may need to build with the `--no-cache` option to force the build to re-execute the commands that install .NET in order to get an updated servicing release. Alternatively, you can specify the full version (major/minor/build) and increment that with each service release.
Another benefit of installing via a package manager is that all of .NET's dependencies are installed by the package manager for you. You don't have to manually list the prerequisites to be installed like you do when using [binary archives](#installing-from-a-binary-archive) or the [dotnet-install script](#installing-from-dotnet-install-script).
Example:
```Dockerfile
FROM ubuntu:focal
RUN export DEBIAN_FRONTEND=noninteractive \
apt-get update \
# Install prerequisites
&& apt-get install -y --no-install-recommends \
wget \
ca-certificates \
\
# Install Microsoft package feed
&& wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb \
&& dpkg -i packages-microsoft-prod.deb \
&& rm packages-microsoft-prod.deb \
\
# Install .NET
&& apt-get update \
&& apt-get install -y --no-install-recommends \
dotnet-runtime-6.0 \
\
# Cleanup
&& rm -rf /var/lib/apt/lists/*
```
### Installing from dotnet-install script
A set of [installation scripts](https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-install-script) are provided to conveniently install .NET on Linux with Bash or Windows with PowerShell. These scripts can be thought of as a happy medium between the two previously mentioned approaches (binary archive link and package manager). They fill a gap on systems where the desired .NET release is not available through a package manager and you don't want to deal with the cost of maintaining a direct link to a binary package. With the installation script, you have flexibility in specifying which version gets installed. You can install a specific version such as 6.0.0, the latest of a release channel such as the latest 6.0 patch, etc.
In addition to installing .NET, you'll also need to ensure that the [prerequisites](https://github.com/dotnet/core/blob/master/Documentation/prereqs.md) are installed. The [.NET Dockerfiles](https://github.com/dotnet/dotnet-docker) also demonstrate how that can be done.
Example (Linux):
```Dockerfile
FROM ubuntu:focal
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
curl \
ca-certificates \
\
# .NET dependencies
libc6 \
libgcc1 \
libgssapi-krb5-2 \
libicu66 \
libssl1.1 \
libstdc++6 \
zlib1g \
&& rm -rf /var/lib/apt/lists/*
RUN curl -sSL https://dot.net/v1/dotnet-install.sh | bash /dev/stdin -Channel 6.0 -Runtime dotnet -InstallDir /usr/share/dotnet \
&& ln -s /usr/share/dotnet/dotnet /usr/bin/dotnet
```
Example (Windows):
```Dockerfile
# escape=`
FROM mcr.microsoft.com/windows/servercore:ltsc2022
RUN powershell -Command `
$ErrorActionPreference = 'Stop'; `
$ProgressPreference = 'SilentlyContinue'; `
Invoke-WebRequest `
-UseBasicParsing `
-Uri https://dot.net/v1/dotnet-install.ps1 `
-OutFile dotnet-install.ps1; `
./dotnet-install.ps1 `
-InstallDir '/Program Files/dotnet' `
-Channel 6.0 `
-Runtime dotnet; `
Remove-Item -Force dotnet-install.ps1 `
&& setx /M PATH "%PATH%;C:\Program Files\dotnet"
```

324
documentation/scenarios/nuget-credentials.md Normal file
View File

@ -0,0 +1,324 @@
# Managing NuGet Credentials in Docker Scenarios
There are often cases when your Dockerfile needs to build a .NET project that make use of a NuGet package located in a private feed. How do you properly provide your Docker build access to that private feed in a secure manner? The options below provide recommended approaches you can take.
There are two aspects to be aware of when it comes to protecting credentials:
1. _Exposing credentials in an image that is published to a registry._ This is the most obvious scenario. You don't want consumers of your image to have access to data they should not have. The options listed below demonstrate how to prevent this from happening.
2. _Exposing secrets locally on the Docker host machine._ This isn't necessarily an issue; it depends on your build processes. Just be aware that while your published image may not be exposing sensitive data, there can be sensitive data stored on the Docker host machine that you may want to clean up depending on how the machine is managed in your build workflow. For example, when using Azure DevOps pipelines with a hosted agent, there's no need to clean up data because the virtual machine of the build agent is automatically deleted at the end of the build. But if you manage your own agent, you're in charge of cleaning any leftover state should it be necessary. Because some environments log command lines, it is a security best-practice to avoid putting secrets on the command line. To avoid this with `docker build`, store the secret in an enviornment variable with the name you want the build argument to have. Then, on the `docker build` command line, refer to [just the name of the environment variable](https://docs.docker.com/engine/reference/commandline/build/#set-build-time-variables---build-arg) without the `=` or the value.
## Use a multi-stage build to protect nuget.config passed by build context
By using multi-stage builds, you can use the build context to pass a set of files to the Docker build that are used just for building the application and avoid having all of those files end up in the final image. If your `nuget.config` file contains credentials and is already stored on the Docker host machine, then you may want to consider passing it via the build context for the Docker build (also see [Passing secrets by file with Docker BuildKit](#passing-secrets-by-file-with-buildkit) for a related pattern). *Be careful when storing credentials on disk. Make sure that the machine and file are properly secured.*
Even though using a multi-stage build is a good technique to help avoid exposing credentials in the final image, it should be known that the intermediate layers produced by the build can still expose those secrets locally on the Docker host machine.
Here's an example `nuget.config` file containing the credentials:
```XML
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<packageSources>
<add key="public" value="https://api.nuget.org/v3/index.json" />
<add key="customfeed" value="https://mycustomfeedurl" />
</packageSources>
<packageSourceCredentials>
<customfeed>
<add key="Username" value="<username>" />
<add key="ClearTextPassword" value="<password>" />
</customfeed>
</packageSourceCredentials>
</configuration>
```
In the Dockerfile, the `nuget.config` file is copied via the build context and stored in the file system only for the `build` stage. In the `runtime` stage, only the binaries of the application are copied, not the `nuget.config` file so the credentials are not exposed in the final image.
```Dockerfile
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /app
# Copy csproj and restore as distinct layers
COPY *.csproj .
COPY ./nuget.config .
RUN dotnet restore
# Copy and publish app and libraries
COPY . .
RUN dotnet publish -c Release -o out --no-restore
FROM mcr.microsoft.com/dotnet/runtime:6.0 AS runtime
WORKDIR /app/
COPY --from=build /app/out ./
ENTRYPOINT ["dotnet", "dotnetapp.dll"]
```
This Dockerfile would be built using this command:
```bash
docker build .
```
## Using environment variables in nuget.config
If you do not store your credentials in the nuget.config file and instead retrieve them in some manner through a build process, you can use this environment variable with multi-stage build pattern. This pattern involves using the [`ARG` instruction](https://docs.docker.com/engine/reference/builder/#arg) to pass in the NuGet feed credentials to a `docker build` command. Care must be taken here to ensure that the `ARG` instructions are only used for intermediate stages and never the final stage to avoid the leaking the credentials in the final image.
Even though using a multi-stage build is a good technique to help avoid exposing credentials in the final image, it should be known that the intermediate layers produced by the build can still expose those secrets locally on the Docker host machine.
For this pattern, we're going to rely on a `nuget.config` file that makes use of NuGet's support for [environment variables](https://docs.microsoft.com/en-us/nuget/reference/nuget-config-file#using-environment-variables):
```XML
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<packageSources>
<add key="public" value="https://api.nuget.org/v3/index.json" />
<add key="customfeed" value="https://mycustomfeedurl" />
</packageSources>
<packageSourceCredentials>
<customfeed>
<add key="Username" value="%Nuget_CustomFeedUserName%" />
<add key="ClearTextPassword" value="%Nuget_CustomFeedPassword%" />
</customfeed>
</packageSourceCredentials>
</configuration>
```
When making use of the `ARG` instruction, the name of the argument is made available as an environment variable during the scope of the `docker build`. This aligns nicely with our use of environment variables in the `nuget.config` file.
In the Dockerfile below, there are two stages: build and runtime. The build stage is responsible for building the application project. It defines two `ARG` values which match the names of the environment variables used in the the `nuget.config` file. But the build stage is not the final stage of the Dockerfile so the `--build-arg` values that are passed to the `docker build` command do not get exposed in the resulting image. All the final stage is really doing is copying the built output of the application from the build stage since that's all that's needed to run the application.
```Dockerfile
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
ARG Nuget_CustomFeedUserName
ARG Nuget_CustomFeedPassword
WORKDIR /app
# Copy csproj and restore as distinct layers
COPY *.csproj .
COPY ./nuget.config .
RUN dotnet restore
# Copy and publish app and libraries
COPY . .
RUN dotnet publish -c Release -o out --no-restore
FROM mcr.microsoft.com/dotnet/runtime:6.0 AS runtime
WORKDIR /app/
COPY --from=build /app/out ./
ENTRYPOINT ["dotnet", "dotnetapp.dll"]
```
Before running `docker build`, first populate the `Nuget_CustomFeedUserName` and `Nuget_CustomFeedPassword` environment variables with appropriate secrets. Then, this Dockerfile would be built using this command:
```bash
docker build --build-arg Nuget_CustomFeedUserName --build-arg Nuget_CustomFeedPassword .
```
Passing the username and password values to the `docker build` command in this manner can be useful in automated scenarios when those values are stored as environment variables on the Docker host machine or can be retrieved from an external secrets storage location and passed to the `docker build` command.
## Using the Azure Artifact Credential Provider
NuGet has support for [custom credential providers](https://docs.microsoft.com/en-us/nuget/reference/extensibility/nuget-cross-platform-authentication-plugin) that provide a mechanism to authenticate to feeds both interactively and non-interactively. One such implementation of this is [Azure Artifact Credential Provider](https://github.com/Microsoft/artifacts-credprovider) which provides a mechanism to acquire credentials for restoring NuGet packages from Azure Artifacts feeds. In unattended build agent scenarios, like building Docker images, a `VSS_NUGET_EXTERNAL_FEED_ENDPOINTS` [environment variable](https://github.com/Microsoft/artifacts-credprovider#environment-variables) is used to supply an access token.
If you're using Azure Artifacts for your private NuGet feeds, this scenario is for you since it provides a compatible experience between interactive developer machines and automated scenarios like Docker image builds. This allows you to use the same `nuget.config` file in either scenario. In this pattern, we'll use the environment variables and multi-stage build along with Credential Provider to pass the credentials for a private NuGet feed.
Even though using a multi-stage build is a good technique to help avoid exposing credentials in the final image, it should be known that the intermediate layers produced by the build can still expose those secrets locally on the Docker host machine.
The `VSS_NUGET_EXTERNAL_FEED_ENDPOINTS` environment variable is a well-known variable that is meant to be an extension of the `nuget.config` file, allowing both to be used together where `VSS_NUGET_EXTERNAL_FEED_ENDPOINTS` simply supplies the access token. The `nuget.config` file used here does not define any `packageSourceCredentials` element for `customfeed`:
```XML
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<packageSources>
<add key="public" value="https://api.nuget.org/v3/index.json" />
<add key="customfeed" value="https://fabrikam.pkgs.visualstudio.com/_packaging/MyGreatFeed/nuget/v3/index.json" />
</packageSources>
</configuration>
```
Instead, the credentials for `customfeed` are defined in the Dockerfile by making use of an `ARG` for the access token:
*Linux*
```Dockerfile
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /app
RUN curl -L https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | sh
# Copy csproj and restore as distinct layers
COPY *.csproj .
COPY ./nuget.config .
ARG FEED_ACCESSTOKEN
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"https://fabrikam.pkgs.visualstudio.com/_packaging/MyGreatFeed/nuget/v3/index.json\", \"username\":\"docker\", \"password\":\"${FEED_ACCESSTOKEN}\"}]}"
RUN dotnet restore
# Copy and publish app and libraries
COPY . .
RUN dotnet publish -c Release -o out --no-restore
FROM mcr.microsoft.com/dotnet/runtime:6.0 AS runtime
WORKDIR /app/
COPY --from=build /app/out ./
ENTRYPOINT ["dotnet", "dotnetapp.dll"]
```
*Windows*
```Dockerfile
# escape=`
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
SHELL ["pwsh", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
# Change user to workaround https://github.com/microsoft/artifacts-credprovider/issues/201
USER ContainerAdministrator
# Install the cred provider
RUN Invoke-WebRequest https://raw.githubusercontent.com/microsoft/artifacts-credprovider/master/helpers/installcredprovider.ps1 -OutFile installcredprovider.ps1; `
.\installcredprovider.ps1; `
del installcredprovider.ps1
USER ContainerUser
WORKDIR /app
# Copy csproj and restore as distinct layers
COPY *.csproj .
COPY nuget.config .
ARG FEED_ACCESSTOKEN
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{`"endpointCredentials`": [{`"endpoint`":`"https://fabrikam.pkgs.visualstudio.com/_packaging/MyGreatFeed/nuget/v3/index.json`", `"username`":`"docker`", `"password`":`"${FEED_ACCESSTOKEN}`"}]}"
RUN dotnet restore
# Copy and publish app and libraries
COPY . .
RUN dotnet publish -c Release -o out --no-restore
FROM mcr.microsoft.com/dotnet/runtime:6.0 AS runtime
WORKDIR /app/
COPY --from=build /app/out ./
ENTRYPOINT ["dotnet", "dotnetapp.dll"]
```
_Note that a script is called to install the Credential Provider. When `dotnet restore` is run, the Credential Provider is invoked to resolve the credentials and it retrieves them from the `VSS_NUGET_EXTERNAL_FEED_ENDPOINTS` environment variable._
Before running `docker build`, first populate the `FEED_ACCESSTOKEN` environment variable with a [personal access token](https://docs.microsoft.com/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate). Then, this Dockerfile would be built using this command:
```bash
docker build --build-arg FEED_ACCESSTOKEN .
```
Passing the access token to the `docker build` command in this manner can be useful in automated scenarios when that value is stored as an environment variable on the Docker host machine or can be retrieved from an external secrets storage location and passed to the `docker build` command.
### Azure Pipelines
In Azure Pipelines, the [NuGetAuthenticate](https://learn.microsoft.com/azure/devops/pipelines/tasks/reference/nuget-authenticate-v1?view=azure-pipelines) task can be used to obtain the VSS access token required for the feed. It creates two environment variables (`VSS_NUGET_URI_PREFIXES` and `VSS_NUGET_ACCESSTOKEN`) that can be used instead of a PAT (Personal Access Token).
```yaml
steps:
- task: NuGetAuthenticate@1
displayName: 'Authenticate to NuGet'
- task: Docker@0
displayName: 'build container'
inputs:
command: 'build'
Dockerfile: '**/Dockerfile'
buildArguments: |
FEED_ACCESSTOKEN=$(VSS_NUGET_ACCESSTOKEN)
```
### Credential Provider Troubleshooting
If you are having authentication issues, try adding a command to the Dockerfile to print out the value of the `VSS_NUGET_EXTERNAL_FEED_ENDPOINTS` environment variable. This will help you to ensure it is set and formatted correctly.
Example (Linux):
```Dockerfile
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{`"endpointCredentials`": [{`"endpoint`":`"https://fabrikam.pkgs.visualstudio.com/_packaging/MyGreatFeed/nuget/v3/index.json`", `"username`":`"docker`", `"password`":`"${FEED_ACCESSTOKEN}`"}]}"
RUN echo $VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
```
Example (Windows PowerShell):
```Dockerfile
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{`"endpointCredentials`": [{`"endpoint`":`"https://fabrikam.pkgs.visualstudio.com/_packaging/MyGreatFeed/nuget/v3/index.json`", `"username`":`"docker`", `"password`":`"${FEED_ACCESSTOKEN}`"}]}"
RUN echo $Env:VSS_NUGET_EXTERNAL_FEED_ENDPOINTS
```
Example (Windows Cmd):
```Dockerfile
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{`"endpointCredentials`": [{`"endpoint`":`"https://fabrikam.pkgs.visualstudio.com/_packaging/MyGreatFeed/nuget/v3/index.json`", `"username`":`"docker`", `"password`":`"${FEED_ACCESSTOKEN}`"}]}"
RUN echo %VSS_NUGET_EXTERNAL_FEED_ENDPOINTS%
```
## Passing secrets by file with BuildKit
Docker's [BuildKit](https://github.com/moby/buildkit) integration provides some enhanced functionality for passing [secret information](https://docs.docker.com/develop/develop-images/build_enhancements/#new-docker-build-secret-information) when running `docker build`. This avoids the use of `ARG` values which could potentially be exposed in the resulting image unless you're disciplined in defining your multi-stage build. But it also requires that the secret data be stored in a file on the Docker host machine during the `docker build`. If your `nuget.config` file contains credentials and is already stored on the Docker host machine, then this may be a good option for you. *Be careful when storing credentials on disk. Make sure that the machine and file are properly secured.*
Let's use the following sample `nuget.config` file which is stored on the Docker host machine:
```XML
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<packageSources>
<add key="public" value="https://api.nuget.org/v3/index.json" />
<add key="customfeed" value="https://mycustomfeedurl" />
</packageSources>
<packageSourceCredentials>
<customfeed>
<add key="Username" value="<username>" />
<add key="ClearTextPassword" value="<password>" />
</customfeed>
</packageSourceCredentials>
</configuration>
```
The Dockerfile references the `nugetconfig` secret with the `--mount=type=secret` syntax and access it at its default path of `/run/secrets/nugetconfig`:
```Dockerfile
# syntax = docker/dockerfile:1.0-experimental
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /app
# Copy csproj and restore as distinct layers
COPY *.csproj .
RUN --mount=type=secret,id=nugetconfig \
dotnet restore --configfile /run/secrets/nugetconfig
# Copy and publish app and libraries
COPY . .
RUN dotnet publish -c Release -o out --no-restore
FROM mcr.microsoft.com/dotnet/runtime:6.0 AS runtime
WORKDIR /app/
COPY --from=build /app/out ./
ENTRYPOINT ["dotnet", "dotnetapp.dll"]
```
This Dockerfile would be built using this command:
```bash
DOCKER_BUILDKIT=1 docker build --secret id=nugetconfig,src=nuget.config .
```
## Other Options
There are a number of techniques that can be used to protect secrets in a Docker build. Doing a web search yields a good quantity of material out there. The options listed above are considered to be simple and straightforward but depending on your environment and tolerance for complexity, you may want to consider other options. You're encouraged to do your research and find an option that works best for you.
## General Troubleshooting
* The sample Dockerfiles provided above make the assumption that the application's projects are all based on .NET. If you're attempting to build a project that is based on a .NET Framework project that makes use of a packages.config file, you'll need to run `nuget restore` instead of `dotnet restore` for that project or solution.
* Often times, restoration of NuGet packages is the first point in a Dockerfile that attempts to make a network call. Firewalls and proxies can impact network connectivity. If you're encountering connection issues when attempting to restore NuGet packages, make sure that the container actually has network access by adding a command like `RUN ping www.microsoft.com`.

3
documentation/scenarios/using-system-drawing-common.md Normal file
View File

@ -0,0 +1,3 @@
# Using the System.Drawing.Common Package in a Docker Container
The required dependencies of the System.Drawing.Common NuGet package are only [available in Windows Server Core and full Server containers](https://learn.microsoft.com/dotnet/core/compatibility/core-libraries/6.0/system-drawing-common-windows-only). Official .NET images for Windows Server Core are available with tags documented on [Docker Hub](https://hub.docker.com/_/microsoft-dotnet). Example tag: `mcr.microsoft.com/dotnet/aspnet:7.0-windowsservercore-ltsc2022`.

113
documentation/scripts/check-latest-base.ps1 Normal file
View File

@ -0,0 +1,113 @@
#!/usr/bin/env pwsh
<#
.SYNOPSIS
Checks whether a given image is based on the latest version of a .NET image tag.
#>
[cmdletbinding()]
param(
# The image to be checked on whether it is based on the latest version of a .NET image tag.
[Parameter(Mandatory = $true)]
[string]
$ImageDigest,
# The .NET image tag to be checked against.
[Parameter(Mandatory = $true)]
[string]
$DotNetImageTag
)
$ErrorActionPreference = 'Stop'
Set-StrictMode -Version 2.0
if (-not $ImageDigest.Contains("@sha256:")) {
Write-Error "The value '$ImageDigest' must be a fully-qualified image digest, not an image tag. This ensures that the image is not subject to change from when it was scanned."
return
}
Write-Host "Pulling $ImageDigest..."
docker pull $ImageDigest
if (-not $?) {
Write-Error "Failed to pull $ImageDigest"
return
}
$imageConfig = $(docker inspect $ImageDigest | ConvertFrom-Json)
if (-not $?) {
Write-Error "Failed to get configuration of $ImageDigest"
return
}
Write-Host
Write-Host "Getting manifest of $DotNetImageTag..."
$baseTagManifest = $(docker manifest inspect $DotNetImageTag | ConvertFrom-Json)
if (-not $?) {
Write-Error "Failed to get manifest of $DotNetImageTag"
return
}
$mediaType = $baseTagManifest.mediaType
$basePullImage = ""
if ($mediaType.Contains("list")) {
Write-Host
Write-Host "Resolving multi-arch tag $DotNetImageTag to matching platform..."
$baseImageDigest = $baseTagManifest.manifests |
Where-Object { $_.platform.Architecture -eq $imageConfig.Architecture -and $_.platform.Os -eq $imageConfig.Os } |
Select-Object -ExpandProperty digest
if (-not $baseImageDigest) {
Write-Error "ERROR: Could not find a matching platform for the given image."
return 1
}
# If the image name contains a tag separater, replace the tag with the digest; otherwise, append the digest
$colonIndex = $DotNetImageTag.IndexOf(":")
if ($colonIndex -ge 0) {
$basePullImage = $DotNetImageTag.Substring(0, $colonIndex) + "@$baseImageDigest"
}
else {
$basePullImage = "$DotNetImageTag@$baseImageDigest"
}
}
else {
$basePullImage = $DotNetImageTag
}
Write-Host
Write-Host "Pulling $basePullImage..."
docker pull $basePullImage
if (-not $?) {
Write-Error "Failed to pull $basePullImage"
return
}
$baseImageConfig = $(docker inspect $basePullImage | ConvertFrom-Json)
if (-not $?) {
Write-Error "Failed to get configuration of $basePullImage"
return
}
# Validate that the base image is the same platform as the specified image to check
if ($imageConfig.Os -ne $baseImageConfig.Os -or $imageConfig.Architecture -ne $baseImageConfig.Architecture) {
Write-Host
Write-Error "ERROR: The given image is not built on the same platform as the .NET base image."
return 1
}
Write-Host
Write-Host "Comparing image layers..."
$baseLayerCount = $baseImageConfig.RootFS.Layers.Length
$layerDiffs = Compare-Object $baseImageConfig.RootFS.Layers $imageConfig.RootFS.Layers[0..$($baseLayerCount - 1)]
if (-not $layerDiffs) {
$result = $true
}
else {
$result = $false
}
Write-Host
Write-Host "Result:"
Write-Output $result

40
documentation/scripts/check-package-install.ps1 Normal file
View File

@ -0,0 +1,40 @@
#!/usr/bin/env pwsh
<#
.SYNOPSIS
Checks if a package is installed in the specified container image.
#>
[cmdletbinding()]
param(
# Name of the package to be checked.
[Parameter(Mandatory = $true)]
[string]
$PackageName,
# The image to be checked on whether it contains the specified package.
[Parameter(Mandatory = $true)]
[string]
$ImageName
)
$ErrorActionPreference = 'Stop'
Set-StrictMode -Version 2.0
Write-Host "Scanning $ImageName..."
$scan = $(docker run --rm anchore/syft packages $ImageName -q --output json | ConvertFrom-Json)
if (-not $?) {
Write-Error "Failed to scan packages of $ImageName"
return
}
$matchingPackage = $($scan.artifacts | Where-Object { $_.name -eq $PackageName })
if ($matchingPackage) {
$result = $true
}
else {
$result = $false
}
Write-Host
Write-Output $result

64
documentation/scripts/check-tag-support.ps1 Normal file
View File

@ -0,0 +1,64 @@
#!/usr/bin/env pwsh
<#
.SYNOPSIS
Checks whether a .NET container image tag is currently supported.
#>
[cmdletbinding()]
param(
# The full .NET container image tag in the form of "mcr.microsoft.com/dotnet/<image-type>:<tag>"
[Parameter(Mandatory = $true)]
[string]
$ImageTag
)
$ErrorActionPreference = 'Stop'
Set-StrictMode -Version 2.0
function hasProperty($object, $propertyName) {
return $null -ne $object.psobject.Properties[$propertyName]
}
# Parse the fully-qualified image tag into its components
$components = $ImageTag -split '/'
if ($components[0] -ne "mcr.microsoft.com") {
throw "The image tag must be from the 'mcr.microsoft.com' registry"
}
if ($components[1] -ne "dotnet") {
throw "The image tag must be from the 'dotnet' repository"
}
$imageComponents = $components[2] -split ':'
$imageType = $imageComponents[0]
$imageTypes = @("aspnet", "runtime", "runtime-deps", "sdk", "monitor")
if (-not $imageTypes.Contains($imageType)) {
throw "The image tag must use one of the following image types: $($imageTypes -join ', ')"
}
# If no tag is specified, default to the latest tag. By default, the latest tag is supported.
if ($imageComponents.Count -eq 1) {
return $true
}
$tag = $imageComponents[1]
$imageInfo = Invoke-RestMethod -Uri "https://raw.githubusercontent.com/dotnet/versions/main/build-info/docker/image-info.dotnet-dotnet-docker-main.json"
foreach ($repo in $imageInfo.repos) {
if ($repo.repo -eq "dotnet/$imageType") {
foreach ($image in $repo.images) {
if ((hasProperty $image "manifest") -and $image.manifest.sharedTags -contains $tag) {
return $true
}
foreach ($platform in $image.platforms) {
if ((hasProperty $platform "simpleTags") -and $platform.simpleTags -contains $tag) {
return $true
}
}
}
}
}
return $false

46
documentation/scripts/resolve-image-digest.ps1 Normal file
View File

@ -0,0 +1,46 @@
#!/usr/bin/env pwsh
<#
.SYNOPSIS
Resolves a given image tag to a digest.
#>
[cmdletbinding()]
param(
# The image tag whose digest should be returned.
[Parameter(Mandatory = $true)]
[string]
$ImageTag,
# The desired OS type of the image
[ValidateSet("linux", "windows")]
[string]
$Os,
# The desired architecture of the image
[string]
[ValidateSet("amd64", "arm", "arm64")]
$Architecture,
# The desired OS version of the image (wildcards are allowed)
[string]
$OsVersion
)
$manifest = docker manifest inspect $ImageTag | ConvertFrom-Json
if (-not $?) {
Write-Error "Failed to get manifest of $ImageTag"
return
}
if ($manifest.config.digest) {
Write-Output $manifest.config.digest
return
}
$manifest = $manifest.manifests | Where-Object { $_.platform.architecture -eq $Architecture -and $_.platform.os -eq $Os -and ($_.platform."os.version" -eq $null -or $_.platform."os.version" -like $OsVersion) }
if ($manifest) {
Write-Output $manifest.digest
}
else {
Write-Error "Unable to resolve multi-arch image to a digest. Be sure to specify the desired OS and architecture. For Windows containers, include the OS version as well."
}

32
documentation/supported-platforms.md Normal file
View File

@ -0,0 +1,32 @@
# Supported Platform
This document describes the platforms (OS and architectures) supported by the official .NET Docker images.
## Operating Systems
.NET tries to [support a broad set of operating systems and versions](https://github.com/dotnet/core/blob/master/os-lifecycle-policy.md). With containers, its too expensive and confusing to support the full matrix of options. In practice, images are produced for a select set of operating systems and versions. If official .NET Docker images aren't provided for your choice OS, you'll need to [author your own Dockerfile which installs .NET](scenarios/installing-dotnet.md).
### Linux
Each distribution (distro) has a unique approach to releasing, schedule, and end-of life (EOL). This prohibits the definition of a one-size-fits-all policy. Instead, a policy is defined for each supported distro.
- Alpine — support latest and retain support for the previous version one quarter (3 months) after a new version is released.
- Debian — support the latest *stable* version at the time a `major.minor` version of .NET is released. As new *stable* versions are released, support is added to the latest .NET version and latest LTS (if they differ).
- Ubuntu — support the latest *LTS* version at the time a `major.minor` version of .NET is released. As new *LTS* versions are released, support is added to the latest .NET version and latest LTS (if they differ).
Pre-release versions of the supported distros will be made available within the [nightly repositories](https://github.com/dotnet/dotnet-docker/blob/nightly/README.md) based on the availability of pre-release OS base images.
### Windows
The official .NET images support Nano Server as well as LTS versions of Windows Server Core for .NET 5.0 and higher. Nano Server is the best Windows SKU to run .NET apps from a performance perspective. In order for Nano Server to perform well and remain lightweight, it doesn't have support for every scenario. In case your scenario isn't supported by Nano Server, you may need to use one of the .NET images based on Windows Server Core. For scenarios where the official .NET images don't meet your needs, you will need to manage your own custom .NET images based on [Windows Server Core](https://hub.docker.com/_/microsoft-windows-servercore) or [Windows](https://hub.docker.com/_/microsoft-windows).
- Nano Server - support all supported versions with each .NET version.
- Windows Server Core - support all LTS versions (Windows Server 2019 and above) starting with .NET 5.0.
## Architectures
.NET images are provided for the following architectures.
- Linux/Windows x86-64 (amd64)
- Linux ARMv7 32-bit (arm32v7)
- Linux ARMv8 64-bit (arm64v8)

181
documentation/supported-tags.md Normal file
View File

@ -0,0 +1,181 @@
# .NET Container Tags -- Patterns and Policies
This document describes the tagging patterns and policies that are used for the official .NET container images. .NET tags are intended to closely match the tagging patterns used by [Official Images on Docker Hub](https://hub.docker.com/search?q=&type=image&image_filter=official). Please [log an issue](https://github.com/dotnet/dotnet-docker/issues/new/choose) if you encounter problems using .NET images or applying these tagging patterns.
Complete tag lists:
- [runtime-deps](../README.runtime-deps.md#full-tag-listing)
- [runtime](../README.runtime.md#full-tag-listing)
- [aspnet](../README.aspnet.md#full-tag-listing)
- [sdk](../README.sdk.md#full-tag-listing)
- [monitor](../README.monitor.md#full-tag-listing)
- [samples](../README.samples.md#full-tag-listing)
- [Microsoft Artifact Registry](https://mcr.microsoft.com/en-us/catalog?search=dotnet/)
The terms "fixed version" and "floating version" are used throughout. They are defined in [Tag policies](#tag-policies).
## Single-platform tags
These tags reference an image for a single platform (e.g. "Linux Arm64" or "Windows x64").
### `<Major.Minor.Patch .NET Version>-<OS>-<Architecture>`
These "fixed version" tags reference an image with a specific `Major.Minor.Patch` .NET version for a specific operating system and architecture.
Examples:
- `6.0.12-jammy-amd64`
- `6.0.12-jammy-arm64v8`
- `6.0.12-nanoserver-1809`
- `7.0.2-alpine3.17-arm64v8`
- `7.0.2-bullseye-slim-arm32v7`
### `<Major.Minor .NET Version>-<OS>-<Architecture>`
These "floating version" tags reference an image with a specific `Major.Minor` (with latest patch) .NET version for a specific operating system and architecture.
Examples:
- `6.0-jammy-arm64v8`
- `6.0-jammy-amd64`
- `6.0-nanoserver-1809`
- `7.0-alpine3.17-arm64v8`
- `7.0-bullseye-slim-arm32v7`
## Multi-platform tags
These tags reference images for [multiple platforms](https://docs.docker.com/build/building/multi-platform/).
They include:
- Debian, unless specified (like `6.0-alpine`).
- Each supported Nano Server version for OS-agnostic tags (like `7.0` and `latest`)
- All [supported architectures](supported-platforms.md#architectures).
### `<Major.Minor.Patch .NET Version>-<OS version>`
These "fixed version" tags reference an image with a specific `Major.Minor.Patch` .NET version, for a specific operating system, while architecture will be chosen based on the requesting environment.
Examples:
- `6.0.12-jammy`
- `7.0.2-alpine3.17`
### `<Major.Minor .NET Version>-<OS version>`
These "floating version" tags reference an image with a specific `Major.Minor` (with latest patch) .NET version, for a specific operating system, while architecture will be chosen based on the requesting environment.
Examples:
- `6.0-alpine3.17`
- `7.0-jammy`
### `<Major.Minor .NET Version>-alpine`
These "floating version" tags reference an image with a specific `Major.Minor` (with latest patch) .NET version, for the latest Alpine version, while architecture will be chosen based on the requesting environment.
Examples:
- `6.0-alpine`
- `7.0-alpine`
Notes:
- New versions of Alpine will be published with version-specific tags (e.g. `6.0-alpine3.17`).
- Floating tag (e.g. `6.0-alpine`) will be updated with the new Alpine version a month later.
- Tag changes will be [announced](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) so that users know when the tags they want are available.
### `<Major.Minor.Patch .NET Version>`
These "fixed version" tags reference an image with a specific `Major.Minor.Patch` .NET version, while operating system and architecture will be chosen based on the requesting environment.
Examples:
- `6.0.12`
- `7.0.2`
### `<Major.Minor .NET Version>`
These "floating version" tags reference an image with a specific `Major.Minor` (with latest patch) .NET version, while operating system and architecture will be chosen based on the requesting environment.
Examples:
- `6.0`
- `7.0`
### `latest`
These "floating version" `latest` tag references an image with the latest `Major.Minor.Patch` .NET version, while operating system and architecture will be chosen based on the requesting environment.
Notes:
- The `latest` tag references the latest stable release.
- In the `nightly` image repo, it may reference the latest preview release.
## Tag policies
The following policies are used for the tag patterns we use.
### Fixed version tags
"Fixed version" tags reference an image with a specific `Major.Minor.Patch` .NET version.
Examples:
- `6.0.12`
- `7.0.2-alpine3.17`
Notes:
- These tags are considered _fixed tags_ since they reference a specific .NET patch version.
- They are updated in response to base image updates (like a Debian base image) for the supported life of the image (typically one month).
- The .NET components within the image will not be updated.
- In the rare event that .NET components are updated before the next regular .NET service release, then a new image with a `-1` tag will be created. The same practice will repeat itself if necessary (with `-2` and then `-3` tags).
### Floating version tags
"Floating version" tags references an image with a specific `Major.Minor` .NET version, but float on patch updates.
Examples:
- `6.0`
- `7.0-alpine3.17`
Notes:
- These tags are considered _floating tags_ since they do not reference a specific .NET patch version.
- They are updated in response to base image updates (like a Debian base image) for the supported life of the .NET release.
- The .NET components within the image will be updated, which typically occurs on Patch Tuesday.
### OS tags and base image updates
Version-specific operating system tags reference an image with a specific OS version, but floats on OS patch updates. See [Supported Platforms](supported-platforms.md#operating-systems) for the list of supported operating systems.
Examples:
- `6.0-jammy`
- `7.0-alpine3.17`
Notes:
- These tags are updated in response to base image updates (like an Ubuntu base image) for the supported life of the .NET release.
- Digest pinning is required to request a specific patch of an operating system (e.g. `mcr.microsoft.com/dotnet/runtime@sha256:4d3d5a5131a0621509ab8a75f52955f2d0150972b5c5fb918e2e59d4cb9a9823`).
- For [Debian](https://en.wikipedia.org/wiki/Debian_version_history) and [Ubuntu](https://en.wikipedia.org/wiki/Ubuntu_version_history) images, release codenames are used instead of version numbers.
### Windows tags
For Windows, `amd64` is the only architecture supported and is excluded from the tag name.
## Tag Lifecycle
Each tag will be supported for the lifetime of the .NET and OS version referenced by the tag, unless further restricted according to [platform support policy](supported-platforms.md).
When an OS version reaches End-of-Life (EOL), its tags will no longer be maintained.
When a .NET version reaches EOL, its tags will continue to be maintained (rebuilt for base image updates) until the next .NET servicing date (typically on "Patch Tuesday", the 2nd Tuesday of the month).
Once a tag is no longer maintained, it will be considered unsupported, will no longer be updated. Unsupported tags will continue to exist in the container registry to prevent breaking any references to it.
## Policy Changes
In the event that a change is needed to the tagging patterns used, all tags for the previous pattern will continue to be supported for their original lifetime. They will however be removed from the documentation. [Announcements](https://github.com/dotnet/dotnet-docker/discussions/categories/announcements) will be posted when any tagging policy changes are made.

540
documentation/vulnerability-reporting.md Normal file
View File

@ -0,0 +1,540 @@
# Container Vulnerability Workflow
This document is intended to help guide you to the appropriate course of action when encountering reported vulnerabilities in the .NET container images.
Please follow this guidance to determine the steps to take before logging an issue.
Prerequisites:
* Dockerfile of the container image being reported upon
* Name of the .NET image the Dockerfile is based on (e.g. `mcr.microsoft.com/dotnet/aspnet:6.0`)
* Architecture of the container image being reported upon (e.g. `amd64`)
* [Docker installation](https://docs.docker.com/desktop) to run commands locally
* Whether the container image is a [Linux or Windows image](#how-can-i-determine-whether-my-image-is-based-on-linux-or-windows)
* For Linux images, it's also important to [know the Linux distro and version](#how-can-i-determine-the-os-version-of-a-linux-image) (e.g. `Debian Bullseye`, `Alpine 3.17`, `Ubuntu Jammy`)
* If you're using Docker Desktop for Windows and investigating a vulnerability in a Linux image, [change your settings](https://docs.docker.com/desktop/settings/windows/) to target Linux containers.
The flowchart below describes a series of questions to help determine the state of the image being reported upon.
By answering each question, it will eventually direct you to the action to help resolve your vulnerabilities.
The flowchart is meant to be a visual representation of the workflow.
Below the flowchart are the details of each question and the actions to take.
Each question in the details section includes a "Response" header that contains links to help guide you through the workflow based on your responses.
You may begin with the first question at "[A. Is your scanner targeting the latest version of your image?](#a-is-your-scanner-targeting-the-latest-version-of-your-image)"
```mermaid
flowchart
ScanningLatest{A. Is your scanner<br>targeting the latest<br>version of your image?} --> |No|RescanLatest[B. Scan your<br>latest image]
ScanningLatest --> |Yes|BuiltOnSupportedBase{C. Is your image<br>built from a supported<br>.NET image?}
BuiltOnSupportedBase --> |No|UpdateBaseImageTag[D. Update base image tag<br>to supported image]
BuiltOnSupportedBase --> |Yes|BuiltOnLatestBase{E. Is your image<br>built from the latest<br>.NET image?}
BuiltOnLatestBase --> |No|RebuildImageBase[F. Rebuild your image<br>to get the latest base]
BuiltOnLatestBase --> |Yes|IsDotnetVuln{G. Is .NET the source<br>of the vulnerability?}
IsDotnetVuln --> |No|PlatformType{H. Which OS<br>platform is<br>this for?}
IsDotnetVuln --> |Yes|LogDotnetDocker[R. Log an issue at<br>dotnet/dotnet-docker]
PlatformType --> |Windows|WindowsVuln[I. Log an issue at<br>microsoft/Windows-Containers]
PlatformType --> |Linux|LinuxFixAvailability{J. Is a fix available<br>for the package<br>from the Linux distro?}
LinuxFixAvailability --> |No|WaitForFix[K. Wait for a fix to be available<br>from the Linux distro]
LinuxFixAvailability --> |Yes|InLinuxBaseImage{L. Is the package in<br>the Linux distro<br>base image?}
InLinuxBaseImage --> |Yes|WaitForLinuxBaseUpdate[M. Upgrade packages or<br>wait for an updated Linux<br>distro base image]
InLinuxBaseImage --> |No|InstalledByDotnet{N. Is the package<br>installed by .NET?}
InstalledByDotnet --> |No|RebuildImagePackage[O. Rebuild your image<br>to get the latest package]
InstalledByDotnet --> |Yes|HiSeverity{P. Is it High/Critical<br>severity?}
HiSeverity --> |No|WaitForDotnetServicing[Q. Wait for the next .NET<br>servicing release]
HiSeverity --> |Yes|LogDotnetDocker
```
## Flowchart Details
### A. Is your scanner targeting the latest version of your image?
There's no need to spend time analyzing vulnerabilities if the scan results are not based on the latest image.
Each build of an image can potentially bring in newly released package versions which have fixes for the vulnerabilities.
Most image scanning software will output the [image digest](#what-is-an-image-digest) of the image that is being scanned in its report or logs.
Be sure that that digest represents the latest version of your image.
To determine what the latest digest of your image is run the script below.
#### macOS/Linux
Requires [PowerShell to be installed](https://learn.microsoft.com/powershell/scripting/install/installing-powershell-on-linux).
```shell
myImage="<insert-my-image-tag>"
curl -sSL https://raw.githubusercontent.com/dotnet/dotnet-docker/main/documentation/scripts/resolve-image-digest.ps1 | pwsh /dev/stdin $myImage
```
#### Windows
```powershell
$myImage="<insert-my-image-tag>"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
&([scriptblock]::Create((Invoke-WebRequest -UseBasicParsing 'https://raw.githubusercontent.com/dotnet/dotnet-docker/main/documentation/scripts/resolve-image-digest.ps1'))) $myImage
```
If the script above returns an error indicating it's unable to resolve a multi-arch tag, you'll need to provide extra parameters to the script.
The following scripts indicate how to do that.
If you're targeting Windows containers, you'll need to determine the Windows build number of the image you're targeting.
To do this, find the Windows version number that is listed on the [Windows Docker Hub page](https://hub.docker.com/_/microsoft-windows-nanoserver).
For example, if you're targeting Windows Server 2022 LTSC, look for the `ltsc2022` tag and find its corresponding build number in the OS Version column.
You only need the first three parts of the version number.
In the case of Windows Server 2022, it's `10.0.20348`.
You can use a wildcard to indicate the rest of the version number.
#### macOS/Linux
Requires [PowerShell to be installed](https://learn.microsoft.com/powershell/scripting/install/installing-powershell-on-linux).
```shell
myImage="<insert-my-image-tag>"
os="<linux|windows>" # choose "linux" or "windows"
arch="<amd64|arm|arm64>" # choose the architecture of your image
osVersion="<windows-version>" # Only used for Windows containers (e.g. "10.0.20348.*"). For Linux, leave this blank.
curl -sSL https://raw.githubusercontent.com/dotnet/dotnet-docker/main/documentation/scripts/resolve-image-digest.ps1 | pwsh /dev/stdin $myImage -Os $os -Architecture $arch -OsVersion $osVersion
```
#### Windows
```powershell
$myImage="<insert-my-image-tag>"
$os="<linux|windows>" # choose "linux" or "windows"
$arch="<amd64|arm|arm64>" # choose the architecture of your image
osVersion="<windows-version>" # Only used for Windows containers (e.g. "10.0.20348.*"). For Linux, leave this blank.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
&([scriptblock]::Create((Invoke-WebRequest -UseBasicParsing 'https://raw.githubusercontent.com/dotnet/dotnet-docker/main/documentation/scripts/resolve-image-digest.ps1'))) $myImage -Os $os -Architecture $arch -OsVersion $osVersion
```
#### Response
* `Yes`: go to "[B. Scan your latest image](#b-scan-your-latest-image)"
* `No`: go to "[C. Is your image built from a supported .NET tag?](#c-is-your-image-built-from-a-supported-net-tag)"
### B. Scan your latest image
Rerun the scan of your image using your scanning tool. Ensure you get the latest version of the image by running `docker pull <image-tag>`
### C. Is your image built from a supported .NET tag?
When .NET drops support for an image tag, it means it will no longer be updated, even when there is a new base OS image available.
This means that vulnerabilities will be reported for that image over time if it continues to be used.
Our [supported tag policy](supported-tags.md) provides detailed information about when these tags are no longer supported.
The simple rule to follow: only the tags shown in our [tag listing](supported-tags.md#tag-listing) are supported.
This script can be used to determine if the .NET image tag is supported:
#### macOS/Linux
Requires [PowerShell to be installed](https://learn.microsoft.com/powershell/scripting/install/installing-powershell-on-linux).
```shell
dotnetImage="<insert-dotnet-image-tag>" # example: mcr.microsoft.com/dotnet/aspnet:7.0
curl -sSL https://raw.githubusercontent.com/dotnet/dotnet-docker/main/documentation/scripts/check-tag-support.ps1 | pwsh /dev/stdin $dotnetImage
```
#### Windows
```powershell
$dotnetImage="<insert-dotnet-image-tag>" # example: mcr.microsoft.com/dotnet/aspnet:7.0
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
&([scriptblock]::Create((Invoke-WebRequest -UseBasicParsing 'https://raw.githubusercontent.com/dotnet/dotnet-docker/main/documentation/scripts/check-tag-support.ps1'))) $dotnetImage
```
#### Response
* `Yes`: go to "[E. Is your image built from the latest .NET image?](#e-is-your-image-built-from-the-latest-net-image)"
* `No`: go to "[D. Update base image tag to supported image](#d-update-base-image-tag-to-supported-image)"
### D. Update base image tag to supported image
Switching to a [supported base image tag](supported-tags.md) requires knowing the specific tag usage:
* If you're using an out-of-support .NET version, such as .NET 5, you must upgrade your project and Dockerfiles to target a supported version.
* If you're using a patch version tag which which has been replaced by a newer patch version, you must switch to the latest patch version. For example, `6.0.<old-version>` => `6.0.<latest-version>`
* If you're using a version-specific Alpine Linux tag for a version of Alpine that is no longer being maintained via .NET container images, you must move to the latest version. For example, `6.0-alpine3.15` => `6.0-alpine3.16`
* If you're using a tag for a specific Windows version that is no longer supported, you must move to a supported version of Windows. For example, `6.0-nanoserver-20H2` => `6.0-nanoserver-ltsc2022`
See our [supported tag policy](supported-tags.md) for more information.
### E. Is your image built from the latest .NET image?
A given .NET tag can be updated multiple times over its a lifetime, pointing to a new image each time.
For example, the `6.0` tag will point to a new image each time a new patch version is released.
And even a patch version tag, `6.0.x`, can be updated more than once if a new base OS image is released or a security fix for a package is released during the tag's supported lifecycle.
It's important to realize that these updates likely contain security fixes.
Even though you may be using a supported tag, it's possible you're using an older image that has since been replaced by a newer version with that same tag.
Only the latest image for that tag is supported.
Run one of the scripts below to determine whether your image is built on the latest image for that tag. Provide the [image digest](#what-is-an-image-digest) of your image and tag of the .NET image (e.g. `mcr.microsoft.com/dotnet/aspnet:6.0`) as input.
A result of `True` means that your image is built from the latest .NET image.
A result of `False` means it is not built on the latest .NET image and must be updated.
#### macOS/Linux
Requires [PowerShell to be installed](https://learn.microsoft.com/powershell/scripting/install/installing-powershell-on-linux).
```shell
myImage="<insert-my-image-digest>" # format: <registry>/<repo>@sha256:<digest>
dotnetBaseImage="<insert-dotnet-image-tag>" # example: mcr.microsoft.com/dotnet/aspnet:7.0
curl -sSL https://raw.githubusercontent.com/dotnet/dotnet-docker/main/documentation/scripts/check-latest-base.ps1 | pwsh /dev/stdin $myImage $dotnetBaseImage
```
#### Windows
```powershell
$myImage="<insert-my-image-digest>" # format: <registry>/<repo>@sha256:<digest>
$dotnetBaseImage="<insert-dotnet-image-tag>" # example: mcr.microsoft.com/dotnet/aspnet:7.0
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
&([scriptblock]::Create((Invoke-WebRequest -UseBasicParsing 'https://raw.githubusercontent.com/dotnet/dotnet-docker/main/documentation/scripts/check-latest-base.ps1'))) $myImage $dotnetBaseImage
```
#### Response
* `True`/`Yes`: go to "[G. Is .NET the source of the vulnerability?](#g-is-net-the-source-of-the-vulnerability)"
* `False`/`No`: go to "[F. Rebuild your image to get the latest base](#f-rebuild-your-image-to-get-the-latest-base)"
### F. Rebuild your image to get the latest base
Since your image is out of date with the latest version of the .NET image, rebuilding it will ensure it's up-to-date.
Be sure that your workflow explicitly pulls the .NET image tag rather than using a potentially cached version of it.
For example:
* CI workflows that use the Azure DevOps [Docker task](https://learn.microsoft.com/azure/devops/pipelines/tasks/reference/docker-v2) should set the `--pull` option as an argument:
```yaml
arguments: "--pull"
```
* CI workflows that use the GitHub Actions [Docker Build and Push Action](https://github.com/marketplace/actions/build-and-push-docker-images) should enable the `pull` option:
```yaml
pull: true
```
* For other build systems, read the documentation to determine how to enable pulling of images. It should map to the `--pull` option of the [`docker build` command](https://docs.docker.com/engine/reference/commandline/build/).
### G. Is .NET the source of the vulnerability?
To determine whether .NET binaries are the source of the vulnerability, look at the title and description of the vulnerability.
If it contains ".NET", "ASP.NET", or something related to .NET, assume this is a .NET vulnerability.
#### Response
* `Yes`: go to "[R. Log an issue at dotnet/dotnet-docker](#r-log-an-issue-at-dotnetdotnet-docker)"
* `No`: go to "[H. Which OS platform is this for?](#h-which-os-platform-is-this-for)"
### H. Which OS platform is this for?
See [How can I determine whether my image is based on Linux or Windows?](#how-can-i-determine-whether-my-image-is-based-on-linux-or-windows).
#### Response
* `Windows`: go to "[I. Log an issue at microsoft/Windows-Containers](#i-log-an-issue-at-microsoftwindows-containers)"
* `Linux`: go to "[J. Is a fix available for the package from the Linux distro?](#j-is-a-fix-available-for-the-package-from-the-linux-distro)"
### I. Log an issue at microsoft/Windows-Containers
This vulnerability can be directly addressed by the Windows team.
Log an issue at [microsoft/Windows-Containers](https://github.com/microsoft/Windows-Containers/issues/new/choose) and provide the vulnerability ID and the image tag you've identified as being affected.
### J. Is a fix available for the package from the Linux distro?
These steps will help you determine whether a fix is available for the package and what the actual name of the package is.
The vulnerability scanner or the [Linux distro's vulnerability page](#how-can-i-view-the-linux-distros-information-about-a-vulnerability) will provide the name of the vulnerable package.
In some cases, this name doesn't match the name of the package that you would see installed in the image.
For example, [CVE-2022-42898](https://security-tracker.debian.org/tracker/CVE-2022-42898) indicates the name of the package is `krb5`.
But this indicates the name of the source package, not the name of the binary package that would be installed from the distro's package manager.
In the case of the .NET images that are based on Debian, the relevant binary package name is `libkrb5-3`.
In addition, there may be *multiple* binary packages associated with a single source package.
And there may be *multiple* source packages affected by a single vulnerability.
Because of the sheer number of packages that may need to be exhaustively checked and the overall complexity to determine the name of the relevant vulnerable packages, we'll take a more pragmatic approach instead.
The commands below can be used to return a list of upgradable packages that contain the name of the reported vulnerable package.
Again, this name may or may not be the name of the actual package that is installed in the image.
But we're going to use it to narrow down the list of packages to be checked.
#### Debian/Ubuntu Image
```shell
image="<my-image-digest>"
packageName="<vulnerable-package-name>"
docker pull $image
docker run --rm --entrypoint /bin/sh $image -c "apt update > /dev/null && apt list --upgradable | grep $packageName"
```
#### Alpine Image
```shell
image="<my-image-digest>"
packageName="<vulnerable-package-name>"
docker pull $image
docker run --rm --entrypoint /bin/sh $image -c "apk update > /dev/null && apk list -u | grep $packageName"
```
For Debian/Ubuntu, the package name can be parsed from the output line by taking everything before the first `/`. For example, `libkrb5-3/stable-security,now 1.18.3-6+deb11u3 amd64 [installed,automatic]` would be parsed as `libkrb5-3` for the package name. For Alpine, the package name can be parsed from the output line by taking everything before the first `-` that precedes a digit. For example, `krb5-libs-1.20.1-r0 x86_64 {krb5} (MIT)` would be parsed as `krb5-libs` for the package name.
If the output of the commands above does not output any packages, it means there is no package upgrade available.
For the purposes of this workflow, it's not necessary to determine the name of the package that is installed in the image.
However, if the output of the commands above *does* output packages, it means there is an upgrade available for them and it's now necessary to determine which are relevant to the vulnerability.
In the simple case, there will be a package which exactly matches the name of the vulnerable package you provided.
In that case, that's the package name to use for the rest of the workflow.
If there is no exact match, you'll need to [look up the distro's information on the vulnerability](#how-can-i-view-the-linux-distros-information-about-a-vulnerability) to determine the relevant package names and their versions.
Cross-reference that information with the output of the commands above to determine which packages are relevant to the vulnerability.
Use the version numbers provided by the vulnerability documentation to match upon.
There may be multiple packages installed in the image that are relevant to the vulnerability.
You'll want to track them all in the rest of this workflow.
It's possible that packages are listed as upgradable but not actually relevant to the vulnerability.
Those are unrelated packages that happen to contain the same name as the vulnerable package and they can be disregarded.
#### Response
* `Yes`: go to "[L. Is the package in the Linux distro base image?](#l-is-the-package-in-the-linux-distro-base-image)"
* `No`: go to "[K. Wait for a fix to be available from the Linux distro](#k-wait-for-a-fix-to-be-available-from-the-linux-distro)"
### K. Wait for a fix to be available from the Linux distro
.NET is dependent on the Linux distribution maintainers to produce fixed versions of the packages that are contained in the .NET container images.
We can't take any action if a fixed version of the package isn't available from the package repository of the Linux distro version.
Sometimes fixes aren't ever made available because they are low severity or not applicable in container environments.
Questions on this matter should be directed to the relevant Linux distro.
If you're not already using [Alpine Linux](../samples/selecting-tags.md#alpine), you may want to consider using it instead because of its security focus and low number of vulnerabilities.
### L. Is the package in the Linux distro base image?
It's important to determine whether the Linux package in question is installed by the layers of the Linux distro base image rather than the layers of the .NET image.
You'll first need to [determine the image tag of the Linux distro base image](#how-can-i-determine-the-tag-of-the-linux-distro-image-that-my-image-is-based-upon).
Then you can execute the script below to determine whether the package is installed by the Linux distro base image.
#### macOS/Linux
Requires [PowerShell](https://learn.microsoft.com/powershell/scripting/install/installing-powershell-on-linux) to be installed.
```shell
packageName="<insert-package-name>"
imageName="<insert-linux-base-image-name>" # example: amd64/debian:bullseye-slim
curl -sSL https://raw.githubusercontent.com/dotnet/dotnet-docker/main/documentation/scripts/check-package-install.ps1 | pwsh /dev/stdin $packageName $imageName
```
#### Windows
```powershell
$packageName="<insert-package-name>"
$imageName="<insert-linux-base-image-name>" # example: amd64/debian:bullseye-slim
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
&([scriptblock]::Create((Invoke-WebRequest -UseBasicParsing 'https://raw.githubusercontent.com/dotnet/dotnet-docker/main/documentation/scripts/check-package-install.ps1'))) $packageName $imageName
```
#### Response
* `Yes`: go to "[M. Upgrade packages or wait for an updated Linux distro base image](#m-upgrade-packages-or-wait-for-an-updated-linux-distro-base-image)"
* `No`: go to "[N. Is the package installed by .NET?](#n-is-the-package-installed-by-net)"
### M. Upgrade packages or wait for an updated Linux distro base image
.NET is dependent on the Linux distribution maintainers to produce updated versions of the base images that are used by the .NET container images.
Since the vulnerable package is contained in the Linux distro base image, the .NET images won't be updated until a new version of the Linux base image is available that contains the fixed package.
See our [image update policy](../README.md#image-update-policy) for more details.
In the meantime, if you need to have the vulnerability addressed before that time, you can include a command in your Dockerfile to explicitly upgrade the package.
This will cause the package to be upgraded to the latest version available in the package repository of the Linux distro version.
This will also cause the image to be larger because the package will be installed twice - once in the Linux distro base image and once in your Dockerfile upgrade command.
Because of that, it is not recommended as a long-term solution.
#### Debian/Ubuntu
```dockerfile
RUN apt-get update \
&& apt-get upgrade -y <package-name> \
&& rm -rf /var/lib/apt/lists/*
```
#### Alpine
```dockerfile
RUN apk update \
&& apk upgrade <package-name>
```
### N. Is the package installed by .NET?
Run the script below to determine whether the package is installed by one of the .NET image layers.
This script is only accurate if you've first [determined that the package is not installed by the Linux distro base image](l-is-the-package-in-the-linux-distro-base-image) so make sure you've followed that part of the workflow first.
#### macOS/Linux
Requires [PowerShell to be installed](https://learn.microsoft.com/powershell/scripting/install/installing-powershell-on-linux).
```shell
packageName="<insert-package-name>"
imageName="<insert-dotnet-image-name>" # example: mcr.microsoft.com/dotnet/aspnet:7.0
curl -sSL https://raw.githubusercontent.com/dotnet/dotnet-docker/main/documentation/scripts/check-package-install.ps1 | pwsh /dev/stdin $packageName $imageName
```
#### Windows
```powershell
$packageName="<insert-package-name>"
$imageName="<insert-linux-base-image-name>" # example: mcr.microsoft.com/dotnet/aspnet:7.0
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
&([scriptblock]::Create((Invoke-WebRequest -UseBasicParsing 'https://raw.githubusercontent.com/dotnet/dotnet-docker/main/documentation/scripts/check-package-install.ps1'))) $packageName $imageName
```
#### Response
* `Yes`: go to "[P. Is it High/Critical severity?](#p-is-it-highcritical-severity)"
* `No`: go to "[O. Rebuild your image to get the latest package](#o-rebuild-your-image-to-get-the-latest-package)"
### O. Rebuild your image to get the latest package
Because the package is not installed by the Linux distro base image or .NET, it must be installed by your Dockerfile.
Open your Dockerfile to determine how the package is being installed.
If no package version is specified, then you should be able to rebuild your image to get the latest version of the package.
Otherwise, you'll need to update your Dockerfile to specify the latest version of the package before rebuilding.
### P. Is it High/Critical severity?
The severity of a vulnerability is indicated by its Common Vulnerability Scoring System (CVSS) base score.
To find this score, search for the CVE at the [CVE site](https://www.cve.org/SiteSearch).
The score will consist of both a number and a label.
Note whether the label indicates "High" or "Critical".
#### Response
* `Yes`: go to "[R. Log an issue at dotnet/dotnet-docker](#r-log-an-issue-at-dotnetdotnet-docker)"
* `No`: go to "[Q. Wait for the next .NET servicing release](#q-wait-for-the-next-net-servicing-release)"
### Q. Wait for the next .NET servicing release
Given that the vulnerability does not have a critical or high severity, it will be addressed in the next .NET servicing release.
These occur on Update Tuesday (the second Tuesday of each month).
### R. Log an issue at dotnet/dotnet-docker
This vulnerability can be directly addressed by the .NET team.
Log an issue at [dotnet/dotnet-docker](https://github.com/dotnet/dotnet-docker/issues/new/choose) and provide the vulnerability ID and the .NET image tag you've identified as being affected.
## Appendix
### What is an image digest?
An image digest is a unique identifier for the image.
It allows you to retrieve that specific image and know that you're getting the same version as someone else that also used that same image digest.
Unlike image digests, image tags are mutable and cannot be relied upon for ensuring you're getting an exact version of the image every time.
An image tag can be updated multiple times over its lifetime to point to different image digests.
An image digest is a SHA256 value and has the form `sha256:<value>`.
In order to pull an image by its digest, you need to know its registry, repository name, and digest.
The digest is appended to the repository name, separated by an `@` symbol: (e.g.
`mcr.microsoft.com/dotnet/samples@sha256:1983d7d0dec846cb92e59fb01eaa3e7f3a65071ca29c7db4075edefcf20db47a`).
### How can I determine whether my image is based on Linux or Windows?
1. If you're using Docker Desktop for Windows, [change your settings](https://docs.docker.com/desktop/settings/windows/) to target Linux containers.
1. Run the following command:
```shell
docker pull <insert-my-image-digest>
```
1. If the previous command pulled the image successfully, it is a Linux image.
If you get the error "image operating system "windows" cannot be used on this platform", it is a Windows image.
### How can I determine the tag of the Linux distro image that my image is based upon?
You'll first need to get the name of the .NET image (e.g. `mcr.microsoft.com/dotnet/aspnet:6.0`) from your Dockerfile.
Take the tag portion of that image name and search for that tag on the [.NET Runtime Dependencies page](https://hub.docker.com/_/microsoft-dotnet-runtime-deps/) within the appropriate "Linux &lt;architecture&gt; Tags" section.
Navigate to the Dockerfile link associated with that tag.
The first `FROM` line of the Dockerfile will have the name of the Linux distro base image (e.g. `amd64/debian:bullseye-slim`).
### How can I determine the OS version of a Linux image?
Use the appropriate command below to determine the OS version of your image.
If you get an error like the following: `unable to start container process: exec: "/bin/sh": stat /bin/sh: no such file or directory: unknown`, then you're using a security-hardened image which requires a different command.
```shell
docker run --rm <image-digest> cat /etc/os-release
```
The output will include a `NAME` field indicating the name of the distro (`Debian`, `Ubuntu`, `Alpine`).
In the case of Debian and Ubuntu, the output will also include a `VERSION_CODENAME` field. Make note of this codename because the vulnerability pages on the distro's website refers to that codename instead of a version number.
#### Linux Hardened Images
Since Linux hardened images have no shell with which to run the commands above, you can use the following command to determine the OS version:
##### macOS/Linux
```shell
docker run --rm anchore/syft packages --output json -q <image-digest> | jq -r .distro
```
##### Windows
```powershell
(docker run --rm anchore/syft packages --output json -q <image-digest> | ConvertFrom-Json).distro
```
### How can I determine what Linux package version is installed?
Use the appropriate command below to determine the package version installed in your image.
If you get an error like the following: `unable to start container process: exec: "/bin/sh": stat /bin/sh: no such file or directory: unknown`, then you're using a security-hardened image which requires a different command.
#### Debian/Ubuntu Images
```shell
docker run --rm --entrypoint /bin/sh <my-image-digest> apt list <package-name>
```
#### Alpine Images
```shell
docker run --rm --entrypoint /bin/sh <my-image-digest> apk list <package-name>
```
#### Hardened Images
Since hardened images have no shell with which to run the commands above, you can use the following command to determine the package version:
##### macOS/Linux
```shell
docker run --rm anchore/syft packages --output json -q <my-image-digest> | jq -rc ".artifacts[] | select(.name == \"<package-name>\") | .version"
```
##### Windows
```powershell
((docker run --rm anchore/syft packages --output json -q <my-image-digest> | ConvertFrom-Json).artifacts | Where-Object { $_.name -eq "<package-name>" }).version
```
### How can I view the Linux distro's information about a vulnerability?
Each Linux distribution maintains there own version of software components, made available in their package repositories.
Each version of the Linux distro also has its own package repository.
So it's possible that a fixed package may be available in one Linux distro version but not another.
It's necessary to check with the Linux distro security site to determine whether a fix is even available for the particular vulnerability.
Your image vulnerability scanner will output an identifer of the vulnerability. This will typically be a CVE number. (Debian also has its own Debian Security Advisory (DSA) numbers).
Search for the vulnerability ID on the relevant Linux distro's security site.
If you don't know which Linux distro is relevant for your image, [look up the image tag](https://hub.docker.com/_/microsoft-dotnet) and it will tell you its OS version in the tag listing table.
The following are links to the security sites for the Linux distros that we support including the URL format to get information on a specific CVE:
* Debian: <https://security-tracker.debian.org/tracker>
* `https://security-tracker.debian.org/tracker/CVE-<NUMBER>`
* Ubuntu: <https://ubuntu.com/security/cves>
* `https://ubuntu.com/security/CVE-<NUMBER>`
* Alpine: <https://security.alpinelinux.org>
* `https://security.alpinelinux.org/vuln/CVE-<NUMBER>`
Within those pages the distro will indicate in which release the vulnerability was fixed or not fixed. Use the distro version/codename to determine which release is relevant.
> It's important that you determine whether a fix is available for the specific version/release of the Linux distro.
For example, a package may have a vulnerability fixed for Debian Bullseye but not yet available for Debian Buster.
While you could configure the Debian Buster container to install that package from the Debian Bullseye package repository, that doesn't mean the package will actually be compatible.
Doing so is not a supported configuration from .NET's perspective and we will not take such an action with our images.

10
eng/Get-Branch.ps1 Normal file
View File

@ -0,0 +1,10 @@
#!/usr/bin/env pwsh
$repoRoot = (Get-Item "$PSScriptRoot").Parent.FullName
$manifestJson = Get-Content ${repoRoot}/manifest.json | ConvertFrom-Json
if ($manifestJson.Repos[0].Name.Contains("nightly")) {
return "nightly"
}
else {
return "main"
}

184
eng/Get-DropVersions.ps1 Normal file
View File

@ -0,0 +1,184 @@
#!/usr/bin/env pwsh
<#
.SYNOPSIS
Returns the various component versions of the latest .NET build.
#>
[cmdletbinding()]
param(
# The release channel to use for determining the latest .NET build.
[Parameter(ParameterSetName = "Channel")]
[string]
$Channel,
[Parameter(ParameterSetName = "Explicit")]
# SDK versions to target
[string[]]
$SdkVersions,
# Whether to target an internal .NET build
[switch]
$UseInternalBuild,
# SAS query string used to access the internal blob storage location of the build
[string]
$BlobStorageSasQueryString,
# PAT used to access the versions repo in AzDO
[string]
$AzdoVersionsRepoInfoAccessToken
)
function GetLatestSdkVersionFromChannel([string]$queryString) {
$sdkFile = "dotnet-sdk-win-x64.zip"
$akaMsUrl = "https://aka.ms/dotnet/$Channel/$sdkFile$queryString"
Write-Host "Querying $akaMsUrl"
$response = Invoke-WebRequest -Uri $akaMsUrl -Method Head
$sdkUrl = $response.BaseResponse.RequestMessage.RequestUri.AbsoluteUri
Write-Host "Resolved SDK URL: $sdkUrl"
# Resolve the SDK build version from the SDK URL
# Example URL: https://dotnetcli.azureedge.net/dotnet/Sdk/6.0.100-rtm.21522.1/dotnet-sdk-6.0.100-win-x64.zip
# The command below extracts the 6.0.100-rtm.21522.1 from the URL
$sdkUrlPath = "/Sdk/"
$versionUrlPath = $sdkUrl.Substring($sdkUrl.IndexOf($sdkUrlPath) + $sdkUrlPath.Length)
$sdkVersion = $versionUrlPath.Substring(0, $versionUrlPath.IndexOf("/"))
return $sdkVersion
}
function GetCommitSha([string]$sdkVersion, [string]$queryString, [switch]$useStableBranding) {
if ($useStableBranding) {
$sdkStableVersion = ($sdkVersion -split "-")[0]
}
else {
$sdkStableVersion = $sdkVersion
}
$zipFile = "dotnet-sdk-$sdkStableVersion-win-x64.zip"
$containerVersion = $sdkVersion.Replace(".", "-")
if ($UseInternalBuild) {
$sdkUrl = "https://dotnetstage.blob.core.windows.net/$containerVersion-internal/Sdk/$sdkVersion/$zipFile$queryString"
}
else {
$sdkUrl = "https://dotnetbuilds.blob.core.windows.net/public/Sdk/$sdkVersion/$zipFile"
}
# Download the SDK
Write-Host "Downloading SDK from $sdkUrl"
$sdkOutPath = "$tempDir/sdk.zip"
Invoke-WebRequest -Uri $sdkUrl -OutFile $sdkOutPath
# Extract .version file from SDK zip
$zipFile = [IO.Compression.ZipFile]::OpenRead($sdkOutPath)
try {
$zipFile.Entries | Where-Object { $_.FullName -like "sdk/*/.version" } | ForEach-Object {
[IO.Compression.ZipFileExtensions]::ExtractToFile($_, "$tempDir/$($_.Name)")
}
}
finally {
$zipFile.Dispose()
}
# Get the commit SHA from the .version file
$commitSha = $(Get-Content "$tempDir/.version")[0].Trim()
return $commitSha
}
function GetVersionDetails([string]$commitSha) {
$versionDetailsPath="eng/Version.Details.xml"
if ($UseInternalBuild) {
$dotnetInstallerRepoId="c20f712b-f093-40de-9013-d6b084c1ff30"
$versionDetailsUrl="https://dev.azure.com/dnceng/internal/_apis/git/repositories/$dotnetInstallerRepoId/items?scopePath=/$versionDetailsPath&api-version=6.0&version=$commitSha&versionType=commit"
$base64AccessToken = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$AzdoVersionsRepoInfoAccessToken"))
$headers = @{
"Authorization" = "Basic $base64AccessToken"
}
}
else {
$versionDetailsUrl="https://raw.githubusercontent.com/dotnet/installer/$commitSha/$versionDetailsPath"
$headers = @{}
}
Write-Host "Downloading version details from $versionDetailsUrl"
$versionDetails = [xml](Invoke-RestMethod -Uri $versionDetailsUrl -Headers $headers)
return $versionDetails
}
function GetDependencyVersion([string]$dependencyName, [xml]$versionDetails) {
$result = Select-Xml -XPath "//ProductDependencies/Dependency[starts-with(@Name,'$dependencyName')]/@Version" -Xml $versionDetails
return $result.Node.Value
}
$ErrorActionPreference = 'Stop'
$ProgressPreference = 'SilentlyContinue'
Set-StrictMode -Version 2.0
$tempDir = "$([System.IO.Path]::GetTempPath())/dotnet-docker-get-dropversions"
if ($UseInternalBuild) {
if ($Channel)
{
$Channel = "internal/$Channel"
}
$queryString = "$BlobStorageSasQueryString"
}
else {
$queryString = ""
}
if ($Channel) {
$SdkVersions += GetLatestSdkVersionFromChannel $queryString
}
Write-Host "Resolved SDK versions: $SdkVersions"
$versionInfos = @()
foreach ($sdkVersion in $SdkVersions) {
New-Item -Path $tempDir -ItemType Directory -Force | Out-Null
try {
$useStableBranding = & $PSScriptRoot/Get-IsStableBranding.ps1 -Version $sdkVersion
$commitSha = GetCommitSha $sdkVersion $queryString -useStableBranding:$useStableBranding
$versionDetails = GetVersionDetails $commitSha
$runtimeVersion = GetDependencyVersion "VS.Redist.Common.NetCore.SharedFramework.x64" $versionDetails
$aspnetVersion = GetDependencyVersion "VS.Redist.Common.AspNetCore.SharedFramework.x64" $versionDetails
if (-not $runtimeVersion) {
Write-Error "Unable to resolve the runtime version"
exit 1
}
if (-not $aspnetVersion) {
Write-Error "Unable to resolve the ASP.NET Core runtime version"
exit 1
}
$sdkVersionParts = $sdkVersion -split "\."
$dockerfileVersion = "$($sdkVersionParts[0]).$($sdkVersionParts[1])"
Write-Host "Dockerfile version: $dockerfileVersion"
Write-Host "SDK version: $sdkVersion"
Write-Host "Runtime version: $runtimeVersion"
Write-Host "ASP.NET Core version: $aspnetVersion"
Write-Host
$versionInfos += @{
DockerfileVersion = $dockerfileVersion
SdkVersion = $sdkVersion
RuntimeVersion = $runtimeVersion
AspnetVersion = $aspnetVersion
StableBranding = $useStableBranding
}
}
finally {
Remove-Item $tempDir -Force -Recurse -ErrorAction Ignore
}
}
Write-Output "##vso[task.setvariable variable=versionInfos]$($versionInfos | ConvertTo-Json -Compress -AsArray)"

21
eng/Get-IsStableBranding.ps1 Normal file
View File

@ -0,0 +1,21 @@
#!/usr/bin/env pwsh
<#
.SYNOPSIS
Returns a value indicating whether the specified version is associated with stable branding.
#>
[cmdletbinding()]
param(
# Build version of the product
[string]
$Version
)
$ErrorActionPreference = 'Stop'
Set-StrictMode -Version 2.0
if ($Version.Contains("-servicing") -or $Version.Contains("-rtm")) {
return $true
}
return $false

25
eng/Get-MonitorDropVersions.ps1 Normal file
View File

@ -0,0 +1,25 @@
#!/usr/bin/env pwsh
<#
.SYNOPSIS
Returns the various component versions of the latest .NET Monitor build.
#>
[cmdletbinding()]
param(
# A file containing the latest .NET Monitor build version.
[Parameter(Mandatory=$true)]
[ValidateScript({if (-not (Test-Path -PathType Leaf -Path $(Resolve-Path $_).Path)) { throw "Could not find file $_"} $true})]
[string]
$BuildVersionFilePath
)
$monitorVersion = $(Get-Content $BuildVersionFilePath).Trim()
$versionSplit=$monitorVersion.Split('.', 3)
$majorMinorVersion="$($versionSplit[0]).$($versionSplit[1])"
$stableBranding = & $PSScriptRoot/Get-IsStableBranding.ps1 -Version $monitorVersion
Write-Output "##vso[task.setvariable variable=monitorMajorMinorVersion]$majorMinorVersion"
Write-Output "##vso[task.setvariable variable=monitorVer]$monitorVersion"
Write-Output "##vso[task.setvariable variable=stableBranding]$stableBranding"

107
eng/Set-DotnetVersions.ps1 Normal file
View File

@ -0,0 +1,107 @@
#!/usr/bin/env pwsh
<#
.SYNOPSIS
Updates dependencies for the specified .NET version.
#>
[cmdletbinding()]
param(
# The major/minor version of the product (e.g. 6.0).
[Parameter(Mandatory = $true, Position = 0)]
[string]
$ProductVersion,
# Build version of the SDK
[Parameter(Mandatory = $false, ParameterSetName = 'DotnetInstaller')]
[string]
$SdkVersion,
# Build version of ASP.NET Core
[Parameter(Mandatory = $false, ParameterSetName = 'DotnetInstaller')]
[string]
$AspnetVersion,
# Build version of the .NET runtime
[Parameter(Mandatory = $false, ParameterSetName = 'DotnetInstaller')]
[string]
$RuntimeVersion,
# Build verison of the .NET Monitor tool
[Parameter(Mandatory = $false, ParameterSetName = 'DotnetMonitor')]
[string]
$MonitorVersion,
# Compute the checksum if a published checksum cannot be found
[Switch]
$ComputeShas,
# Use stable branding version numbers to compute paths
[Switch]
$UseStableBranding,
# When set, only prints out an Azure DevOps variable with the value of the args to pass to update-dependencies.
[string]
$AzdoVariableName,
# SAS query string used to access files in the binary blob container
[string]
$BinarySasQueryString,
# SAS query string used to access files in the checksum blob container
[string]
$ChecksumSasQueryString
)
$updateDepsArgs = @($ProductVersion)
if ($SdkVersion) {
$updateDepsArgs += @("--product-version", "sdk=$SdkVersion")
}
if ($AspnetVersion) {
$updateDepsArgs += @("--product-version", "aspnet=$AspnetVersion", "--product-version", "aspnet-runtime-targeting-pack=$AspnetVersion")
}
if ($RuntimeVersion) {
$updateDepsArgs += @("--product-version", "runtime=$RuntimeVersion", "--product-version", "runtime-apphost-pack=$RuntimeVersion", "--product-version", "runtime-targeting-pack=$RuntimeVersion", "--product-version", "runtime-host=$RuntimeVersion", "--product-version", "runtime-hostfxr=$RuntimeVersion", "--product-version", "netstandard-targeting-pack-2.1.0", "--product-version", "runtime-deps-cm.1=$RuntimeVersion", "--product-version", "runtime-deps-cm.2=$RuntimeVersion")
}
if ($MonitorVersion) {
$updateDepsArgs += @("--product-version", "monitor=$MonitorVersion")
}
if ($ComputeShas) {
$updateDepsArgs += "--compute-shas"
}
if ($BinarySasQueryString) {
$updateDepsArgs += "--binary-sas=$BinarySasQueryString"
}
if ($ChecksumSasQueryString) {
$updateDepsArgs += "--checksum-sas=$ChecksumSasQueryString"
}
if ($UseStableBranding) {
$updateDepsArgs += "--stable-branding"
}
$versionSourceName = switch ($PSCmdlet.ParameterSetName) {
"DotnetInstaller" { "dotnet/installer" }
"DotnetMonitor" { "dotnet/dotnet-monitor" }
default { Write-Error -Message "Unknown version source" -ErrorAction Stop }
}
if ($versionSourceName) {
$updateDepsArgs += "--version-source-name=$versionSourceName"
}
$branch = & $PSScriptRoot/Get-Branch.ps1
$updateDepsArgs += "--source-branch=$branch"
if ($AzdoVariableName) {
Write-Host "##vso[task.setvariable variable=$AzdoVariableName]$updateDepsArgs"
}
else {
& dotnet run --project $PSScriptRoot/update-dependencies/update-dependencies.csproj @updateDepsArgs
}

6
eng/common/Dockerfile.WithRepo Normal file
View File

@ -0,0 +1,6 @@
# Use this Dockerfile to create an ImageBuilder image
ARG IMAGE
FROM $IMAGE
WORKDIR /repo
COPY . .

33
eng/common/Get-BaseImageStatus.ps1 Normal file
View File

@ -0,0 +1,33 @@
#!/usr/bin/env pwsh
<#
.SYNOPSIS
Outputs the status of external base images referenced in the Dockerfiles.
#>
[cmdletbinding()]
param(
# Path to the manifest file to use
[string]
$Manifest = "manifest.json",
# Architecture to filter Dockerfiles to
[string]
$Architecture = "*",
# A value indicating whether to run the script continously
[switch]
$Continuous,
# Number of seconds to wait between each iteration
[int]
$ContinuousDelay = 10
)
Set-StrictMode -Version Latest
$imageBuilderArgs = "getBaseImageStatus --manifest $Manifest --architecture $Architecture"
if ($Continuous) {
$imageBuilderArgs += " --continuous --continuous-delay $ContinuousDelay"
}
& "$PSScriptRoot/Invoke-ImageBuilder.ps1" -ImageBuilderArgs $imageBuilderArgs

13
eng/common/Get-ImageBuilder.ps1 Normal file
View File

@ -0,0 +1,13 @@
#!/usr/bin/env pwsh
# Load common image names
$imageNameVars = & $PSScriptRoot/Get-ImageNameVars.ps1
foreach ($varName in $imageNameVars.Keys) {
Set-Variable -Name $varName -Value $imageNameVars[$varName] -Scope Global
}
& docker inspect ${imageNames.imagebuilderName} | Out-Null
if (-not $?) {
Write-Output "Pulling"
& $PSScriptRoot/Invoke-WithRetry.ps1 "docker pull ${imageNames.imagebuilderName}"
}

12
eng/common/Get-ImageNameVars.ps1 Normal file
View File

@ -0,0 +1,12 @@
# Returns a hashtable of variable name-to-value mapping representing the image name variables
# used by the common build infrastructure.
$vars = @{}
Get-Content $PSScriptRoot/templates/variables/docker-images.yml |
Where-Object { $_.Trim().Length -gt 0 -and $_.Trim() -notlike 'variables:' -and $_.Trim() -notlike '# *' } |
ForEach-Object {
$parts = $_.Split(':', 2)
$vars[$parts[0].Trim()] = $parts[1].Trim()
}
return $vars

59
eng/common/Install-DotNetSdk.ps1 Normal file
View File

@ -0,0 +1,59 @@
#!/usr/bin/env pwsh
#
# Copyright (c) .NET Foundation and contributors. All rights reserved.
# Licensed under the MIT license. See LICENSE file in the project root for full license information.
#
<#
.SYNOPSIS
Install the .NET Core SDK at the specified path.
.PARAMETER InstallPath
The path where the .NET Core SDK is to be installed.
#>
[cmdletbinding()]
param(
[string]
$InstallPath
)
Set-StrictMode -Version Latest
$ErrorActionPreference = 'Stop'
if (!(Test-Path "$InstallPath")) {
mkdir "$InstallPath" | Out-Null
}
$IsRunningOnUnix = $PSVersionTable.contains("Platform") -and $PSVersionTable.Platform -eq "Unix"
if ($IsRunningOnUnix) {
$DotnetInstallScript = "dotnet-install.sh"
}
else {
$DotnetInstallScript = "dotnet-install.ps1"
}
$DotnetInstallScriptPath = Join-Path -Path $InstallPath -ChildPath $DotnetInstallScript
if (!(Test-Path $DotnetInstallScriptPath)) {
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
& "$PSScriptRoot/Invoke-WithRetry.ps1" "Invoke-WebRequest 'https://dot.net/v1/$DotnetInstallScript' -OutFile $DotnetInstallScriptPath"
}
$DotnetChannel = "7.0"
$InstallFailed = $false
if ($IsRunningOnUnix) {
& chmod +x $DotnetInstallScriptPath
& $DotnetInstallScriptPath --channel $DotnetChannel --install-dir $InstallPath
$InstallFailed = ($LASTEXITCODE -ne 0)
}
else {
& $DotnetInstallScriptPath -Channel $DotnetChannel -InstallDir $InstallPath
$InstallFailed = (-not $?)
}
# See https://github.com/NuGet/NuGet.Client/pull/4259
$Env:NUGET_EXPERIMENTAL_CHAIN_BUILD_RETRY_POLICY = "3,1000"
if ($InstallFailed) { throw "Failed to install the .NET Core SDK" }

20
eng/common/Invoke-CleanupDocker.ps1 Normal file
View File

@ -0,0 +1,20 @@
Set-StrictMode -Version Latest
$ErrorActionPreference = 'Stop'
docker ps -a -q | ForEach-Object { docker rm -f $_ }
docker volume prune -f
# Preserve the tagged Windows base images and the common eng infra images (e.g. ImageBuilder)
# to avoid the expense of having to repull continuously.
$imageNameVars = & $PSScriptRoot/Get-ImageNameVars.ps1
docker images --format "{{.Repository}}:{{.Tag}} {{.ID}}" |
Where-Object {
$localImage = $_
$localImage.Contains(":<none> ")`
-Or -Not ($localImage.StartsWith("mcr.microsoft.com/windows")`
-Or ($imageNameVars.Values.Where({ $localImage.StartsWith($_) }, 'First').Count -gt 0)) } |
ForEach-Object { $_.Split(' ', [System.StringSplitOptions]::RemoveEmptyEntries)[1] } |
Select-Object -Unique |
ForEach-Object { docker rmi -f $_ }

104
eng/common/Invoke-ImageBuilder.ps1 Normal file
View File

@ -0,0 +1,104 @@
#!/usr/bin/env pwsh
<#
.SYNOPSIS
Executes ImageBuilder with the specified args.
.PARAMETER ImageBuilderArgs
The args to pass to ImageBuilder.
.PARAMETER ReuseImageBuilderImage
Indicates that a previously built ImageBuilder image is presumed to exist locally and that
it should be used for this execution of the script. This allows some optimization when
multiple calls are being made to this script that don't require a fresh image (i.e. the
repo contents in the image don't need to be or should not be updated with each call to
this script).
.PARAMETER OnCommandExecuted
A ScriptBlock that will be invoked after the ImageBuilder command has been executed.
This allows the caller to execute extra logic in the context of the ImageBuilder while
its container is still running.
The ScriptBlock is passed the following argument values:
1. Container name
#>
[cmdletbinding()]
param(
[string]
$ImageBuilderArgs,
[switch]
$ReuseImageBuilderImage,
[scriptblock]
$OnCommandExecuted
)
Set-StrictMode -Version Latest
$ErrorActionPreference = 'Stop'
function Log {
param ([string] $Message)
Write-Output $Message
}
function Exec {
param ([string] $Cmd)
Log "Executing: '$Cmd'"
Invoke-Expression $Cmd
if ($LASTEXITCODE -ne 0) {
$host.SetShouldExit($LASTEXITCODE)
exit $LASTEXITCODE
throw "Failed: '$Cmd'"
}
}
$imageBuilderContainerName = "ImageBuilder-$(Get-Date -Format yyyyMMddhhmmss)"
$containerCreated = $false
pushd $PSScriptRoot/../../
try {
$activeOS = docker version -f "{{ .Server.Os }}"
if ($activeOS -eq "linux") {
# On Linux, ImageBuilder is run within a container.
$imageBuilderImageName = "microsoft-dotnet-imagebuilder-withrepo"
if ($ReuseImageBuilderImage -ne $True) {
& ./eng/common/Get-ImageBuilder.ps1
Exec ("docker build -t $imageBuilderImageName --build-arg " `
+ "IMAGE=${imageNames.imageBuilderName} -f eng/common/Dockerfile.WithRepo .")
}
$imageBuilderCmd = "docker run --name $imageBuilderContainerName -v /var/run/docker.sock:/var/run/docker.sock $imageBuilderImageName"
$containerCreated = $true
}
else {
# On Windows, ImageBuilder is run locally due to limitations with running Docker client within a container.
$imageBuilderFolder = ".Microsoft.DotNet.ImageBuilder"
$imageBuilderCmd = [System.IO.Path]::Combine($imageBuilderFolder, "Microsoft.DotNet.ImageBuilder.exe")
if (-not (Test-Path -Path "$imageBuilderCmd" -PathType Leaf)) {
& ./eng/common/Get-ImageBuilder.ps1
Exec "docker create --name $imageBuilderContainerName ${imageNames.imageBuilderName}"
$containerCreated = $true
if (Test-Path -Path $imageBuilderFolder)
{
Remove-Item -Recurse -Force -Path $imageBuilderFolder
}
Exec "docker cp ${imageBuilderContainerName}:/image-builder $imageBuilderFolder"
}
}
Exec "$imageBuilderCmd $ImageBuilderArgs"
if ($OnCommandExecuted) {
Invoke-Command $OnCommandExecuted -ArgumentList $imageBuilderContainerName
}
}
finally {
if ($containerCreated) {
Exec "docker container rm -f $imageBuilderContainerName"
}
popd
}

41
eng/common/Invoke-WithRetry.ps1 Normal file
View File

@ -0,0 +1,41 @@
#!/usr/bin/env pwsh
# Executes a command and retries if it fails.
[cmdletbinding()]
param (
[Parameter(Mandatory = $true)][string]$Cmd,
[int]$Retries = 2,
[int]$WaitFactor = 6
)
Set-StrictMode -Version Latest
$ErrorActionPreference = 'Stop'
$count = 0
$completed = $false
Write-Output "Executing '$Cmd'"
while (-not $completed) {
try {
Invoke-Expression $Cmd
if (-not $(Test-Path variable:LASTEXITCODE) -or $LASTEXITCODE -eq 0) {
$completed = $true
continue
}
}
catch {
}
$count++
if ($count -lt $Retries) {
$wait = [Math]::Pow($WaitFactor, $count - 1)
Write-Output "Retry $count/$Retries, retrying in $wait seconds..."
Start-Sleep $wait
}
else {
Write-Output "Retry $count/$Retries, no more retries left."
throw "Failed to execute '$Cmd'"
}
}

43
eng/common/Retain-Build.ps1 Normal file
View File

@ -0,0 +1,43 @@
# Adapted from https://github.com/dotnet/arcade/blob/main/eng/common/retain-build.ps1
Param(
[Parameter(Mandatory = $true)][int] $BuildId,
[Parameter(Mandatory = $true)][string] $AzdoOrgUri,
[Parameter(Mandatory = $true)][string] $AzdoProject,
[Parameter(Mandatory = $true)][string] $Token
)
$ErrorActionPreference = 'Stop'
Set-StrictMode -Version 2.0
function Get-AzDOHeaders(
[string] $Token) {
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":${Token}"))
$headers = @{"Authorization" = "Basic $base64AuthInfo" }
return $headers
}
function Update-BuildRetention(
[string] $AzdoOrgUri,
[string] $AzdoProject,
[int] $BuildId,
[string] $Token) {
$headers = Get-AzDOHeaders -Token $Token
$requestBody = "{
`"keepForever`": `"true`"
}"
$requestUri = "${AzdoOrgUri}/${AzdoProject}/_apis/build/builds/${BuildId}?api-version=6.0"
Write-Host "Attempting to retain build using the following URI: ${requestUri} ..."
try {
Invoke-RestMethod -Uri $requestUri -Method Patch -Body $requestBody -Header $headers -contentType "application/json"
Write-Host "Updated retention settings for build ${BuildId}."
}
catch {
Write-Host "##[error] Failed to update retention settings for build: $($_.Exception.Response.StatusDescription)"
exit 1
}
}
Update-BuildRetention -AzdoOrgUri $AzdoOrgUri -AzdoProject $AzdoProject -BuildId $BuildId -Token $Token
exit 0

76
eng/common/build.ps1 Normal file
View File

@ -0,0 +1,76 @@
#!/usr/bin/env pwsh
<#
.SYNOPSIS
Builds the Dockerfiles
#>
[cmdletbinding()]
param(
# Product versions to filter by
[string[]]$Version = "*",
# Names of OS to filter by
[string[]]$OS,
# Type of architecture to filter by
[string]$Architecture,
# Additional custom path filters
[string[]]$Paths,
# Path to manifest file
[string]$Manifest = "manifest.json",
# Additional args to pass to ImageBuilder
[string]$OptionalImageBuilderArgs
)
Set-StrictMode -Version Latest
$ErrorActionPreference = 'Stop'
function Log {
param ([string] $Message)
Write-Output $Message
}
function Exec {
param ([string] $Cmd)
Log "Executing: '$Cmd'"
Invoke-Expression $Cmd
if ($LASTEXITCODE -ne 0) {
throw "Failed: '$Cmd'"
}
}
pushd $PSScriptRoot/../..
try {
$args = $OptionalImageBuilderArgs
if ($Version) {
$args += ($Version | foreach { ' --version "{0}"' -f $_ })
}
if ($OS) {
$args += ($OS | foreach { ' --os-version "{0}"' -f $_ })
}
if ($Architecture) {
$args += ' --architecture "{0}"' -f $Architecture
}
if ($Paths) {
$args += ($Paths | foreach { ' --path "{0}"' -f $_ })
}
if ($Manifest) {
$args += ' --manifest "{0}"' -f $Manifest
}
./eng/common/Invoke-ImageBuilder.ps1 "build $args"
}
finally {
popd
}

37
eng/common/pull-image.sh Executable file
View File

@ -0,0 +1,37 @@
#!/usr/bin/env bash
# Stop script on NZEC
set -e
# Stop script if unbound variable found (use ${var:-} if intentional)
set -u
say_err() {
printf "%b\n" "Error: $1" >&2
}
# Executes a command and retries if it fails.
execute() {
local count=0
until "$@"; do
local exit=$?
count=$(( $count + 1 ))
if [ $count -lt $retries ]; then
local wait=$(( waitFactor ** (( count - 1 )) ))
echo "Retry $count/$retries exited $exit, retrying in $wait seconds..."
sleep $wait
else
say_err "Retry $count/$retries exited $exit, no more retries left."
return $exit
fi
done
return 0
}
scriptName=$0
retries=5
waitFactor=6
image=$1
echo "Pulling Docker image $image"
execute docker pull $image

28
eng/common/readme.md Normal file
View File

@ -0,0 +1,28 @@
# Don't touch this folder
uuuuuuuuuuuuuuuuuuuu
u" uuuuuuuuuuuuuuuuuu "u
u" u$$$$$$$$$$$$$$$$$$$$u "u
u" u$$$$$$$$$$$$$$$$$$$$$$$$u "u
u" u$$$$$$$$$$$$$$$$$$$$$$$$$$$$u "u
u" u$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$u "u
u" u$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$u "u
$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $
$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $
$ $$$" ... "$... ...$" ... "$$$ ... "$$$ $
$ $$$u `"$$$$$$$ $$$ $$$$$ $$ $$$ $$$ $
$ $$$$$$uu "$$$$ $$$ $$$$$ $$ """ u$$$ $
$ $$$""$$$ $$$$ $$$u "$$$" u$$ $$$$$$$$ $
$ $$$$....,$$$$$..$$$$$....,$$$$..$$$$$$$$ $
$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $
"u "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" u"
"u "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" u"
"u "$$$$$$$$$$$$$$$$$$$$$$$$$$$$" u"
"u "$$$$$$$$$$$$$$$$$$$$$$$$" u"
"u "$$$$$$$$$$$$$$$$$$$$" u"
"u """""""""""""""""" u"
""""""""""""""""""""
!!! Changes made in this directory are subject to being overwritten by automation !!!
The files in this directory are shared by all .NET Docker repos. If you need to make changes to these files, open an issue or submit a pull request in https://github.com/dotnet/docker-tools.

187
eng/common/templates/jobs/build-images.yml Normal file
View File

@ -0,0 +1,187 @@
parameters:
name: null
pool: {}
matrix: {}
dockerClientOS: null
buildJobTimeout: 60
customInitSteps: []
noCache: false
internalProjectName: null
publicProjectName: null
internalVersionsRepoRef: null
publicVersionsRepoRef: null
jobs:
- job: ${{ parameters.name }}
condition: and(${{ parameters.matrix }}, not(canceled()), in(dependencies.PreBuildValidation.result, 'Succeeded', 'SucceededWithIssues', 'Skipped'))
dependsOn:
- PreBuildValidation
- CopyBaseImages
- GenerateBuildMatrix
pool: ${{ parameters.pool }}
strategy:
matrix: $[ ${{ parameters.matrix }} ]
timeoutInMinutes: ${{ parameters.buildJobTimeout }}
variables:
imageBuilderDockerRunExtraOptions: $(build.imageBuilderDockerRunExtraOptions)
versionsRepoPath: versions
sbomDirectory: $(Build.ArtifactStagingDirectory)/sbom
${{ if eq(parameters.noCache, false) }}:
versionsBasePath: $(versionsRepoPath)/
pipelineDisabledCache: false
${{ if eq(parameters.noCache, true) }}:
versionsBasePath: ""
pipelineDisabledCache: true
steps:
- checkout: self
- ${{ if and(eq(variables['System.TeamProject'], parameters.publicProjectName), eq(parameters.noCache, false)) }}:
- checkout: ${{ parameters.publicVersionsRepoRef }}
path: s/$(versionsRepoPath)
- ${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), eq(parameters.noCache, false)) }}:
- checkout: ${{ parameters.internalVersionsRepoRef }}
path: s/$(versionsRepoPath)
- ${{ if eq(parameters.noCache, false) }}:
- powershell: |
$pathSeparatorIndex = "$(Build.Repository.Name)".IndexOf("/")
if ($pathSeparatorIndex -ge 0) {
$buildRepoName = "$(Build.Repository.Name)".Substring($pathSeparatorIndex + 1)
}
else {
$buildRepoName = "$(Build.Repository.Name)"
}
$engCommonPath = "$(Build.Repository.LocalPath)/$buildRepoName/$(engCommonRelativePath)"
$engPath = "$(Build.Repository.LocalPath)/$buildRepoName/eng"
$manifest = "$buildRepoName/$(manifest)"
$testResultsDirectory = "$buildRepoName/$testResultsDirectory"
if ("$(testScriptPath)") {
$testScriptPath = "$buildRepoName/$(testScriptPath)"
}
echo "##vso[task.setvariable variable=buildRepoName]$buildRepoName"
echo "##vso[task.setvariable variable=manifest]$manifest"
echo "##vso[task.setvariable variable=engCommonPath]$engCommonPath"
echo "##vso[task.setvariable variable=engPath]$engPath"
echo "##vso[task.setvariable variable=testScriptPath]$testScriptPath"
echo "##vso[task.setvariable variable=testResultsDirectory]$testResultsDirectory"
displayName: Override Common Paths
- powershell: |
if ("${{ parameters.noCache }}" -eq "false") {
$baseContainerRepoPath = "/repo/$(buildRepoName)"
}
else {
$baseContainerRepoPath = "/repo"
}
echo "##vso[task.setvariable variable=baseContainerRepoPath]$baseContainerRepoPath"
displayName: Set Base Container Repo Path
- template: ${{ format('../steps/init-docker-{0}.yml', parameters.dockerClientOS) }}
- ${{ parameters.customInitSteps }}
- template: ../steps/set-image-info-path-var.yml
parameters:
publicSourceBranch: $(publicSourceBranch)
- powershell: echo "##vso[task.setvariable variable=imageBuilderBuildArgs]"
condition: eq(variables.imageBuilderBuildArgs, '')
displayName: Initialize Image Builder Build Args
- powershell: |
# Reference the existing imageBuilderBuildArgs variable as an environment variable rather than injecting it directly
# with the $(imageBuilderBuildArgs) syntax. This is to avoid issues where the string may contain single quotes $ chars
# which really mess up assigning to a variable. It would require assigning the string with single quotes but also needing
# to escape the single quotes that are in the string which would need to be done outside the context of PowerShell. Since
# all we need is for that value to be in a PowerShell variable, we can get that by the fact that AzDO automatically creates
# the environment variable for us.
$imageBuilderBuildArgs = "$env:IMAGEBUILDERBUILDARGS $(imageBuilder.queueArgs) --image-info-output-path $(artifactsPath)/$(legName)-image-info.json"
if ($env:SYSTEM_TEAMPROJECT -eq "${{ parameters.internalProjectName }}" -and $env:BUILD_REASON -ne "PullRequest") {
$imageBuilderBuildArgs = "$imageBuilderBuildArgs --registry-override $(acr.server) --repo-prefix $(stagingRepoPrefix) --source-repo-prefix $(mirrorRepoPrefix) --push --registry-creds ""$(acr.server)=$(acr.userName);$(acr.password)"""
}
# If the pipeline isn't configured to disable the cache and a build variable hasn't been set to disable the cache
if ("$(pipelineDisabledCache)" -ne "true" -and $env:NOCACHE -ne "true") {
$imageBuilderBuildArgs = "$imageBuilderBuildArgs --image-info-source-path $(versionsBasePath)$(imageInfoVersionsPath)"
}
echo "##vso[task.setvariable variable=imageBuilderBuildArgs]$imageBuilderBuildArgs"
displayName: Set Image Builder Build Args
- powershell: >
$(runImageBuilderCmd) build
--manifest $(manifest)
$(imageBuilderPaths)
$(osVersions)
--os-type $(osType)
--architecture $(architecture)
--retry
--source-repo $(publicGitRepoUri)
--digests-out-var 'builtImages'
--acr-subscription '$(acr.subscription)'
--acr-resource-group '$(acr.resourceGroup)'
--acr-client-id '$(acr.servicePrincipalName)'
--acr-password '$(acr.servicePrincipalPassword)'
--acr-tenant '$(acr.servicePrincipalTenant)'
$(manifestVariables)
$(imageBuilderBuildArgs)
name: BuildImages
displayName: Build Images
- publish: $(Build.ArtifactStagingDirectory)/$(legName)-image-info.json
artifact: $(legName)-image-info-$(System.JobAttempt)
displayName: Publish Image Info File Artifact
- ${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}:
# Define the task here to load it into the agent so that we can invoke the tool manually
- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
inputs:
BuildDropPath: $(Build.ArtifactStagingDirectory)
displayName: Load Manifest Generator
condition: and(succeeded(), ne(variables['BuildImages.builtImages'], ''))
- powershell: |
$images = "$(BuildImages.builtImages)"
if (-not $images) { return 0 }
# There can be leftover versions of the task left on the agent if it's not fresh. So find the latest version.
$taskDir = $(Get-ChildItem -Recurse -Directory -Filter "ManifestGeneratorTask*" -Path '$(Agent.WorkFolder)')[-1].FullName
$manifestToolDllPath = $(Get-ChildItem -Recurse -File -Filter "Microsoft.ManifestTool.dll" -Path $taskDir).FullName
# Check whether the manifest task installed its own version of .NET.
# To be more robust, we'll handle varying implementations that it's had.
# First check for a dotnet folder in the task location
$dotnetDir = $(Get-ChildItem -Recurse -Directory -Filter "dotnet-*" -Path $taskDir).FullName
if (-not $dotnetDir) {
# If it's not there, check in the agent tools location
$dotnetDir = $(Get-ChildItem -Recurse -Directory -Filter "*dotnet-*" -Path "$(Agent.ToolsDirectory)").FullName
}
# If the manifest task installed its own version of .NET use that; otherwise it's reusing an existing install of .NET
# which is executable by default.
if ($dotnetDir) {
$dotnetPath = "$dotnetDir/dotnet"
}
else {
$dotnetPath = "dotnet"
}
# Call the manifest tool for each image to produce seperate SBOMs
# Manifest tool docs: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/secure-supply-chain/custom-sbom-generation-workflows
$images -Split ',' | ForEach-Object {
echo "Generating SBOM for $_";
$formattedImageName = $_.Replace('$(acr.server)/$(stagingRepoPrefix)', "").Replace('/', '_').Replace(':', '_');
$sbomChildDir = "$(sbomDirectory)/$formattedImageName";
New-Item -Type Directory -Path $sbomChildDir > $null;
& $dotnetPath "$manifestToolDllPath" `
Generate `
-BuildDropPath '$(Build.ArtifactStagingDirectory)' `
-BuildComponentPath '$(Agent.BuildDirectory)' `
-PackageName '.NET' `
-PackageVersion '$(Build.BuildNumber)' `
-ManifestDirPath $sbomChildDir `
-DockerImagesToScan $_ `
-Verbosity Information
}
displayName: Generate SBOMs
condition: and(succeeded(), ne(variables['BuildImages.builtImages'], ''))
- ${{ if eq(variables['Build.Reason'], 'PullRequest') }}:
- template: ${{ format('../steps/test-images-{0}-client.yml', parameters.dockerClientOS) }}
parameters:
condition: ne(variables.testScriptPath, '')
- template: ${{ format('../steps/cleanup-docker-{0}.yml', parameters.dockerClientOS) }}
- ${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}:
- publish: $(sbomDirectory)
artifact: $(legName)-sboms
displayName: Publish SBOM
condition: and(succeeded(), ne(variables['BuildImages.builtImages'], ''))

14
eng/common/templates/jobs/cg-detection.yml Normal file
View File

@ -0,0 +1,14 @@
jobs:
- job: Build
pool:
vmImage: $(defaultLinuxAmd64PoolImage)
steps:
- task: CodeQL3000Init@0
displayName: CodeQL Initialize
- script: >
find . -name '*.csproj' | grep $(cgBuildGrepArgs) | xargs -n 1 dotnet build
displayName: Build Projects
- task: CodeQL3000Finalize@0
displayName: CodeQL Finalize
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
displayName: Component Detection

19
eng/common/templates/jobs/copy-base-images.yml Normal file
View File

@ -0,0 +1,19 @@
parameters:
name: null
pool: {}
additionalOptions: null
publicProjectName: null
customInitSteps: []
jobs:
- job: ${{ parameters.name }}
pool: ${{ parameters.pool }}
steps:
- template: ../steps/init-docker-linux.yml
- ${{ parameters.customInitSteps }}
- template: ../steps/copy-base-images.yml
parameters:
additionalOptions: ${{ parameters.additionalOptions }}
publicProjectName: ${{ parameters.publicProjectName }}
continueOnError: true
- template: ../steps/cleanup-docker-linux.yml

41
eng/common/templates/jobs/generate-matrix.yml Normal file
View File

@ -0,0 +1,41 @@
parameters:
matrixType: null
name: null
pool: {}
customBuildLegGroupArgs: ""
isTestStage: false
internalProjectName: null
jobs:
- job: ${{ parameters.name }}
pool: ${{ parameters.pool }}
steps:
- template: ../steps/retain-build.yml
- template: ../steps/init-docker-linux.yml
- template: ../steps/validate-branch.yml
parameters:
internalProjectName: ${{ parameters.internalProjectName }}
- ${{ if eq(parameters.isTestStage, true) }}:
- template: ../steps/download-build-artifact.yml
parameters:
targetPath: $(Build.ArtifactStagingDirectory)
artifactName: image-info
- script: echo "##vso[task.setvariable variable=additionalGenerateBuildMatrixOptions]--image-info $(artifactsPath)/image-info.json"
displayName: Set GenerateBuildMatrix Variables
- ${{ if eq(parameters.isTestStage, false) }}:
- script: echo "##vso[task.setvariable variable=additionalGenerateBuildMatrixOptions]"
displayName: Set GenerateBuildMatrix Variables
- script: >
$(runImageBuilderCmd) generateBuildMatrix
--manifest $(manifest)
--type ${{ parameters.matrixType }}
--os-type '*'
--architecture '*'
--product-version-components $(productVersionComponents)
${{ parameters.customBuildLegGroupArgs }}
$(imageBuilder.pathArgs)
$(manifestVariables)
$(additionalGenerateBuildMatrixOptions)
displayName: Generate ${{ parameters.matrixType }} Matrix
name: matrix
- template: ../steps/cleanup-docker-linux.yml

61
eng/common/templates/jobs/post-build.yml Normal file
View File

@ -0,0 +1,61 @@
parameters:
pool: {}
jobs:
- job: Build
pool: ${{ parameters.pool }}
variables:
imageInfosSubDir: "/image-infos"
sbomSubDir: "/sbom"
steps:
- template: ../steps/init-docker-linux.yml
- template: ../steps/download-build-artifact.yml
parameters:
targetPath: $(Build.ArtifactStagingDirectory)
- powershell: |
# Move all image-info artifacts to their own directory
New-Item -ItemType Directory -Path $(Build.ArtifactStagingDirectory)$(imageInfosSubDir)
Get-ChildItem -Directory -Filter "*-image-info-*" $(Build.ArtifactStagingDirectory) |
Move-Item -Verbose -Destination $(Build.ArtifactStagingDirectory)$(imageInfosSubDir)
displayName: Collect Image Info Files
- powershell: |
# Move the contents of all the SBOM artifact directories to a single location
New-Item -ItemType Directory -Path $(Build.ArtifactStagingDirectory)$(sbomSubDir)
Get-ChildItem -Directory -Filter "*-sboms" $(Build.ArtifactStagingDirectory) |
ForEach-Object {
Get-ChildItem $_ -Directory | Move-Item -Verbose -Destination $(Build.ArtifactStagingDirectory)$(sbomSubDir)
}
displayName: Consolidate SBOMs to Single Directory
- powershell: |
# Deletes the artifacts from all the unsuccessful jobs
Get-ChildItem $(Build.ArtifactStagingDirectory)$(imageInfosSubDir) -Directory |
ForEach-Object {
[pscustomobject]@{
# Parse the artifact name to separate the base of the name from the job attempt number
BaseName = $_.Name.Substring(0, $_.Name.LastIndexOf('-'));
JobAttempt = $_.Name.Substring($_.Name.LastIndexOf('-') + 1)
FullName = $_.FullName
}
} |
Group-Object BaseName |
# Delete all but the last artifact from each base name
ForEach-Object {
$_.Group |
Sort-Object JobAttempt |
Select-Object -ExpandProperty FullName -SkipLast 1 |
Remove-Item -Recurse -Force
}
displayName: Prune Publish Artifacts
- script: >
$(runImageBuilderCmd) mergeImageInfo
--manifest $(manifest)
$(artifactsPath)$(imageInfosSubDir)
$(artifactsPath)$(imageInfosSubDir)/image-info.json
$(manifestVariables)
displayName: Merge Image Info Files
- publish: $(Build.ArtifactStagingDirectory)$(sbomSubDir)
artifact: sboms
displayName: Publish SBOM Artifact
- publish: $(Build.ArtifactStagingDirectory)$(imageInfosSubDir)/image-info.json
artifact: image-info
displayName: Publish Image Info File Artifact

149
eng/common/templates/jobs/publish.yml Normal file
View File

@ -0,0 +1,149 @@
parameters:
pool: {}
internalProjectName: null
customInitSteps: []
customPublishVariables: []
jobs:
- job: Publish
pool: ${{ parameters.pool }}
variables:
- name: imageBuilder.commonCmdArgs
value: >
--manifest '$(manifest)'
--registry-override '$(acr.server)'
$(manifestVariables)
$(imageBuilder.queueArgs)
- name: publishNotificationRepoName
value: $(Build.Repository.Name)
- name: branchName
${{ if startsWith(variables['Build.SourceBranch'], 'refs/heads/') }}:
value: $[ replace(variables['Build.SourceBranch'], 'refs/heads/', '') ]
${{ if startsWith(variables['Build.SourceBranch'], 'refs/pull/') }}:
value: $[ replace(variables['System.PullRequest.SourceBranch'], 'refs/heads/', '') ]
- ${{ parameters.customPublishVariables }}
steps:
- template: ../steps/retain-build.yml
- template: ../steps/init-docker-linux.yml
- pwsh: |
$azdoOrgName = Split-Path -Leaf $Env:SYSTEM_COLLECTIONURI
echo "##vso[task.setvariable variable=azdoOrgName]$azdoOrgName"
displayName: Set Publish Variables
- ${{ parameters.customInitSteps }}
- template: ../steps/validate-branch.yml
parameters:
internalProjectName: ${{ parameters.internalProjectName }}
- template: ../steps/download-build-artifact.yml
parameters:
targetPath: $(Build.ArtifactStagingDirectory)
artifactName: image-info
- template: ../steps/set-image-info-path-var.yml
parameters:
publicSourceBranch: $(publicSourceBranch)
- template: ../steps/set-dry-run.yml
- script: echo $(sourceBuildId) > $(Build.ArtifactStagingDirectory)/source-build-id.txt
displayName: Write Source Build ID to File
- publish: $(Build.ArtifactStagingDirectory)/source-build-id.txt
artifact: source-build-id
displayName: Publish Source Build ID Artifact
- script: echo "##vso[task.setvariable variable=imageQueueTime]$(date --rfc-2822)"
displayName: Set Publish Variables
- script: >
$(runImageBuilderCmd) trimUnchangedPlatforms
'$(artifactsPath)/image-info.json'
displayName: Trim Unchanged Images
- script: >
$(runImageBuilderCmd) copyAcrImages
'$(acr.servicePrincipalName)'
'$(acr.servicePrincipalPassword)'
'$(acr.servicePrincipalTenant)'
'$(acr.subscription)'
'$(acr.resourceGroup)'
'$(stagingRepoPrefix)'
--os-type '*'
--architecture '*'
--repo-prefix '$(publishRepoPrefix)'
--image-info '$(artifactsPath)/image-info.json'
$(dryRunArg)
$(imageBuilder.pathArgs)
$(imageBuilder.commonCmdArgs)
displayName: Copy Images
- script: >
$(runImageBuilderCmd) publishManifest
'$(artifactsPath)/image-info.json'
--repo-prefix '$(publishRepoPrefix)'
--registry-creds '$(acr.server)=$(acr.userName);$(acr.password)'
--os-type '*'
--architecture '*'
$(dryRunArg)
$(imageBuilder.pathArgs)
$(imageBuilder.commonCmdArgs)
displayName: Publish Manifest
- publish: $(Build.ArtifactStagingDirectory)/image-info.json
artifact: image-info-final-$(System.JobAttempt)
displayName: Publish Image Info File Artifact
- template: ../steps/wait-for-mcr-image-ingestion.yml
parameters:
imageInfoPath: '$(artifactsPath)/image-info.json'
minQueueTime: $(imageQueueTime)
dryRunArg: $(dryRunArg)
condition: succeeded()
- template: ../steps/publish-readmes.yml
parameters:
dryRunArg: $(dryRunArg)
condition: and(succeeded(), eq(variables['publishReadme'], 'true'))
- script: >
$(runImageBuilderCmd) publishImageInfo
'$(artifactsPath)/image-info.json'
'$(gitHubVersionsRepoInfo.userName)'
'$(gitHubVersionsRepoInfo.email)'
'$(gitHubVersionsRepoInfo.accessToken)'
--git-owner '$(gitHubVersionsRepoInfo.org)'
--git-repo '$(gitHubVersionsRepoInfo.repo)'
--git-branch '$(gitHubVersionsRepoInfo.branch)'
--git-path '$(gitHubImageInfoVersionsPath)'
$(dryRunArg)
$(imageBuilder.commonCmdArgs)
condition: and(succeeded(), eq(variables['publishImageInfo'], 'true'))
displayName: Publish Image Info
- script: >
$(runImageBuilderCmd) ingestKustoImageInfo
'$(artifactsPath)/image-info.json'
'$(kusto.cluster)'
'$(kusto.database)'
'$(kusto.imageTable)'
'$(kusto.layerTable)'
'$(kusto.servicePrincipalName)'
'$(kusto.servicePrincipalPassword)'
'$(kusto.servicePrincipalTenant)'
--os-type '*'
--architecture '*'
$(dryRunArg)
$(imageBuilder.commonCmdArgs)
displayName: Ingest Kusto Image Info
condition: and(succeeded(), eq(variables['ingestKustoImageInfo'], 'true'))
- script: >
$(runImageBuilderCmd) postPublishNotification
'$(publishNotificationRepoName)'
'$(branchName)'
'$(artifactsPath)/image-info.json'
$(Build.BuildId)
'$(System.AccessToken)'
'$(azdoOrgName)'
'$(System.TeamProject)'
'$(gitHubNotificationsRepoInfo.accessToken)'
'$(gitHubNotificationsRepoInfo.org)'
'$(gitHubNotificationsRepoInfo.repo)'
--repo-prefix '$(publishRepoPrefix)'
--task "Copy Images"
--task "Publish Manifest"
--task "Wait for Image Ingestion"
--task "Publish Readmes"
--task "Wait for MCR Doc Ingestion"
--task "Publish Image Info"
--task "Ingest Kusto Image Info"
$(dryRunArg)
$(imageBuilder.commonCmdArgs)
displayName: Post Publish Notification
condition: and(always(), eq(variables['publishNotificationsEnabled'], 'true'))
- template: ../steps/cleanup-docker-linux.yml

26
eng/common/templates/jobs/test-images-linux-client.yml Normal file
View File

@ -0,0 +1,26 @@
parameters:
name: null
pool: {}
matrix: {}
testJobTimeout: 60
preBuildValidation: false
internalProjectName: null
customInitSteps: []
jobs:
- job: ${{ parameters.name }}
${{ if eq(parameters.preBuildValidation, 'false') }}:
condition: and(succeeded(), ${{ parameters.matrix }})
dependsOn: GenerateTestMatrix
strategy:
matrix: $[ ${{ parameters.matrix }} ]
${{ if eq(parameters.preBuildValidation, 'true') }}:
condition: and(succeeded(), ne(variables.testScriptPath, ''))
pool: ${{ parameters.pool }}
timeoutInMinutes: ${{ parameters.testJobTimeout }}
steps:
- template: ../steps/test-images-linux-client.yml
parameters:
preBuildValidation: ${{ parameters.preBuildValidation }}
internalProjectName: ${{ parameters.internalProjectName }}
customInitSteps: ${{ parameters.customInitSteps }}

21
eng/common/templates/jobs/test-images-windows-client.yml Normal file
View File

@ -0,0 +1,21 @@
parameters:
name: null
pool: {}
matrix: {}
testJobTimeout: 60
internalProjectName: null
customInitSteps: []
jobs:
- job: ${{ parameters.name }}
condition: and(succeeded(), ${{ parameters.matrix }})
dependsOn: GenerateTestMatrix
pool: ${{ parameters.pool }}
strategy:
matrix: $[ ${{ parameters.matrix }} ]
timeoutInMinutes: ${{ parameters.testJobTimeout }}
steps:
- template: ../steps/test-images-windows-client.yml
parameters:
internalProjectName: ${{ parameters.internalProjectName }}
customInitSteps: ${{ parameters.customInitSteps }}

50
eng/common/templates/jobs/validate-image-sizes.yml Normal file
View File

@ -0,0 +1,50 @@
parameters:
internalProjectName: null
publicProjectName: null
jobs:
- ${{ if eq(variables['System.TeamProject'], parameters.internalProjectName) }}:
# Split the Linux images into separate jobs in order to compensate for less
# disk space on the Linux agents. See https://github.com/dotnet/dotnet-docker/issues/1588
- job: LinuxAmd64PerfTests
pool:
vmImage: $(defaultLinuxAmd64PoolImage)
workspace:
clean: all
steps:
- template: ../steps/validate-image-sizes.yml
parameters:
dockerClientOS: linux
architecture: amd64
validationMode: size
- job: LinuxArmPerfTests
pool:
vmImage: $(defaultLinuxAmd64PoolImage)
workspace:
clean: all
steps:
- template: ../steps/validate-image-sizes.yml
parameters:
dockerClientOS: linux
architecture: arm*
validationMode: size
- job: LinuxBaselineIntegrityPerfTests
pool:
vmImage: $(defaultLinuxAmd64PoolImage)
workspace:
clean: all
steps:
- template: ../steps/validate-image-sizes.yml
parameters:
dockerClientOS: linux
validationMode: integrity
- job: WindowsPerfTests
pool: Docker-2022-${{ variables['System.TeamProject'] }}
workspace:
clean: all
steps:
- template: ../steps/validate-image-sizes.yml
parameters:
dockerClientOS: windows
${{ if eq(variables['System.TeamProject'], parameters.publicProjectName) }}:
validationMode: integrity

27
eng/common/templates/jobs/wait-for-ingestion.yml Normal file
View File

@ -0,0 +1,27 @@
jobs:
- job: WaitForIngestion
pool:
vmImage: $(defaultLinuxAmd64PoolImage)
steps:
- template: ../steps/init-docker-linux.yml
- template: ../steps/download-build-artifact.yml
parameters:
targetPath: $(Build.ArtifactStagingDirectory)
condition: ne(variables['sourceBuildId'], '')
- powershell: |
# Get the last image info artifact that was published
$imageInfoDirName = @($(dir $(Build.ArtifactStagingDirectory)/image-info-final-* | select -ExpandProperty Name))[-1]
$imageInfoPath = "$(artifactsPath)/$imageInfoDirName/image-info.json"
echo "##vso[task.setvariable variable=imageInfoPath]$imageInfoPath"
displayName: Get Image Info Path
condition: and(succeeded(), ne(variables['sourceBuildId'], ''))
- template: ../steps/wait-for-mcr-image-ingestion.yml
parameters:
imageInfoPath: $(imageInfoPath)
minQueueTime: $(minQueueTime)
condition: and(succeeded(), ne(variables['sourceBuildId'], ''))
- template: ../steps/wait-for-mcr-doc-ingestion.yml
parameters:
commitDigest: $(readmeCommitDigest)
condition: and(succeeded(), ne(variables['readmeCommitDigest'], ''))
- template: ../steps/cleanup-docker-linux.yml

292
eng/common/templates/stages/build-test-publish-repo.yml Normal file
View File

@ -0,0 +1,292 @@
parameters:
buildMatrixType: platformDependencyGraph
testMatrixType: platformVersionedOs
buildMatrixCustomBuildLegGroupArgs: ""
testMatrixCustomBuildLegGroupArgs: ""
customCopyBaseImagesInitSteps: []
customBuildInitSteps: []
customTestInitSteps: []
customPublishInitSteps: []
customPublishVariables: []
linuxAmdBuildJobTimeout: 60
linuxArmBuildJobTimeout: 60
windowsAmdBuildJobTimeout: 60
linuxAmdTestJobTimeout: 60
linuxArmTestJobTimeout: 60
windowsAmdTestJobTimeout: 60
noCache: false
internalProjectName: null
publicProjectName: null
internalVersionsRepoRef: null
publicVersionsRepoRef: null
linuxAmd64Pool:
vmImage: $(defaultLinuxAmd64PoolImage)
linuxArm32Pool:
vmImage: $(defaultLinuxArm32PoolImage)
linuxArm64Pool:
vmImage: $(defaultLinuxArm64PoolImage)
windows2016Pool:
vmImage: $(defaultWindows2016PoolImage)
windows1809Pool:
vmImage: $(defaultWindows1809PoolImage)
windows2022Pool:
vmImage: $(defaultWindows2022PoolImage)
stages:
################################################################################
# Build Images
################################################################################
- stage: Build
condition: and(succeeded(), contains(variables['stages'], 'build'))
jobs:
- template: ../jobs/test-images-linux-client.yml
parameters:
name: PreBuildValidation
pool: ${{ parameters.linuxAmd64Pool }}
testJobTimeout: ${{ parameters.linuxAmdTestJobTimeout }}
preBuildValidation: true
internalProjectName: ${{ parameters.internalProjectName }}
customInitSteps:
- ${{ parameters.customTestInitSteps }}
# These variables are normally set by the matrix. Since this test job is not generated
# by a matrix, we need to set them manually. They can be set to empty values since their
# values aren't actually used for the pre-build tests.
- powershell: |
echo "##vso[task.setvariable variable=productVersion]"
echo "##vso[task.setvariable variable=imageBuilderPaths]"
echo "##vso[task.setvariable variable=osVersions]"
echo "##vso[task.setvariable variable=architecture]"
displayName: Initialize Test Variables
- template: ../jobs/copy-base-images.yml
parameters:
name: CopyBaseImages
pool: ${{ parameters.linuxAmd64Pool }}
additionalOptions: "--manifest '$(manifest)' $(imageBuilder.pathArgs) $(manifestVariables)"
publicProjectName: ${{ parameters.publicProjectName }}
customInitSteps: ${{ parameters.customCopyBaseImagesInitSteps}}
- template: ../jobs/generate-matrix.yml
parameters:
matrixType: ${{ parameters.buildMatrixType }}
name: GenerateBuildMatrix
pool: ${{ parameters.linuxAmd64Pool }}
customBuildLegGroupArgs: ${{ parameters.buildMatrixCustomBuildLegGroupArgs }}
internalProjectName: ${{ parameters.internalProjectName }}
internalVersionsRepoRef: ${{ parameters.internalVersionsRepoRef }}
publicVersionsRepoRef: ${{ parameters.publicVersionsRepoRef }}
- template: ../jobs/build-images.yml
parameters:
name: Linux_amd64
pool: ${{ parameters.linuxAmd64Pool }}
matrix: dependencies.GenerateBuildMatrix.outputs['matrix.LinuxAmd64']
dockerClientOS: linux
buildJobTimeout: ${{ parameters.linuxAmdBuildJobTimeout }}
customInitSteps: ${{ parameters.customBuildInitSteps }}
noCache: ${{ parameters.noCache }}
internalProjectName: ${{ parameters.internalProjectName }}
publicProjectName: ${{ parameters.publicProjectName }}
internalVersionsRepoRef: ${{ parameters.internalVersionsRepoRef }}
publicVersionsRepoRef: ${{ parameters.publicVersionsRepoRef }}
- template: ../jobs/build-images.yml
parameters:
name: Linux_arm64
pool: ${{ parameters.linuxArm64Pool }}
matrix: dependencies.GenerateBuildMatrix.outputs['matrix.LinuxArm64']
dockerClientOS: linux
buildJobTimeout: ${{ parameters.linuxArmBuildJobTimeout }}
customInitSteps: ${{ parameters.customBuildInitSteps }}
noCache: ${{ parameters.noCache }}
internalProjectName: ${{ parameters.internalProjectName }}
publicProjectName: ${{ parameters.publicProjectName }}
internalVersionsRepoRef: ${{ parameters.internalVersionsRepoRef }}
publicVersionsRepoRef: ${{ parameters.publicVersionsRepoRef }}
- template: ../jobs/build-images.yml
parameters:
name: Linux_arm32
pool: ${{ parameters.linuxArm32Pool }}
matrix: dependencies.GenerateBuildMatrix.outputs['matrix.LinuxArm32']
dockerClientOS: linux
buildJobTimeout: ${{ parameters.linuxArmBuildJobTimeout }}
customInitSteps: ${{ parameters.customBuildInitSteps }}
noCache: ${{ parameters.noCache }}
internalProjectName: ${{ parameters.internalProjectName }}
publicProjectName: ${{ parameters.publicProjectName }}
internalVersionsRepoRef: ${{ parameters.internalVersionsRepoRef }}
publicVersionsRepoRef: ${{ parameters.publicVersionsRepoRef }}
- template: ../jobs/build-images.yml
parameters:
name: Windows1809_amd64
pool: ${{ parameters.windows1809Pool }}
matrix: dependencies.GenerateBuildMatrix.outputs['matrix.Windows1809Amd64']
dockerClientOS: windows
buildJobTimeout: ${{ parameters.windowsAmdBuildJobTimeout }}
customInitSteps: ${{ parameters.customBuildInitSteps }}
noCache: ${{ parameters.noCache }}
internalProjectName: ${{ parameters.internalProjectName }}
publicProjectName: ${{ parameters.publicProjectName }}
internalVersionsRepoRef: ${{ parameters.internalVersionsRepoRef }}
publicVersionsRepoRef: ${{ parameters.publicVersionsRepoRef }}
- template: ../jobs/build-images.yml
parameters:
name: Windows2022_amd64
pool: ${{ parameters.windows2022Pool }}
matrix: dependencies.GenerateBuildMatrix.outputs['matrix.WindowsLtsc2022Amd64']
dockerClientOS: windows
buildJobTimeout: ${{ parameters.windowsAmdBuildJobTimeout }}
customInitSteps: ${{ parameters.customBuildInitSteps }}
noCache: ${{ parameters.noCache }}
internalProjectName: ${{ parameters.internalProjectName }}
publicProjectName: ${{ parameters.publicProjectName }}
internalVersionsRepoRef: ${{ parameters.internalVersionsRepoRef }}
publicVersionsRepoRef: ${{ parameters.publicVersionsRepoRef }}
- template: ../jobs/build-images.yml
parameters:
name: WindowsLtsc2016_amd64
pool: ${{ parameters.windows2016Pool }}
matrix: dependencies.GenerateBuildMatrix.outputs['matrix.WindowsLtsc2016Amd64']
dockerClientOS: windows
buildJobTimeout: ${{ parameters.windowsAmdBuildJobTimeout }}
customInitSteps: ${{ parameters.customBuildInitSteps }}
noCache: ${{ parameters.noCache }}
internalProjectName: ${{ parameters.internalProjectName }}
publicProjectName: ${{ parameters.publicProjectName }}
internalVersionsRepoRef: ${{ parameters.internalVersionsRepoRef }}
publicVersionsRepoRef: ${{ parameters.publicVersionsRepoRef }}
################################################################################
# Post-Build
################################################################################
- stage: Post_Build
dependsOn: Build
condition: and(succeeded(), contains(variables['stages'], 'build'))
jobs:
- template: ../jobs/post-build.yml
parameters:
pool: ${{ parameters.linuxAmd64Pool }}
################################################################################
# Test Images
################################################################################
- ${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}:
- stage: Test
dependsOn: Post_Build
condition: "
and(
ne(variables['testScriptPath'], ''),
and(
contains(variables['stages'], 'test'),
or(
and(
succeeded(),
contains(variables['stages'], 'build')),
not(contains(variables['stages'], 'build')))))"
jobs:
- template: ../jobs/generate-matrix.yml
parameters:
matrixType: ${{ parameters.testMatrixType }}
name: GenerateTestMatrix
pool: ${{ parameters.linuxAmd64Pool }}
customBuildLegGroupArgs: ${{ parameters.testMatrixCustomBuildLegGroupArgs }}
isTestStage: true
internalProjectName: ${{ parameters.internalProjectName }}
publicProjectName: ${{ parameters.publicProjectName }}
- template: ../jobs/test-images-linux-client.yml
parameters:
name: Linux_amd64
pool: ${{ parameters.linuxAmd64Pool }}
matrix: dependencies.GenerateTestMatrix.outputs['matrix.LinuxAmd64']
testJobTimeout: ${{ parameters.linuxAmdTestJobTimeout }}
internalProjectName: ${{ parameters.internalProjectName }}
customInitSteps: ${{ parameters.customTestInitSteps }}
- template: ../jobs/test-images-linux-client.yml
parameters:
name: Linux_arm64
pool: ${{ parameters.linuxArm64Pool }}
matrix: dependencies.GenerateTestMatrix.outputs['matrix.LinuxArm64']
testJobTimeout: ${{ parameters.linuxArmTestJobTimeout }}
internalProjectName: ${{ parameters.internalProjectName }}
customInitSteps: ${{ parameters.customTestInitSteps }}
- template: ../jobs/test-images-linux-client.yml
parameters:
name: Linux_arm32
pool: ${{ parameters.linuxArm32Pool }}
matrix: dependencies.GenerateTestMatrix.outputs['matrix.LinuxArm32']
testJobTimeout: ${{ parameters.linuxArmTestJobTimeout }}
internalProjectName: ${{ parameters.internalProjectName }}
customInitSteps: ${{ parameters.customTestInitSteps }}
- template: ../jobs/test-images-windows-client.yml
parameters:
name: Windows1809_amd64
pool: ${{ parameters.windows1809Pool }}
matrix: dependencies.GenerateTestMatrix.outputs['matrix.Windows1809Amd64']
testJobTimeout: ${{ parameters.windowsAmdTestJobTimeout }}
internalProjectName: ${{ parameters.internalProjectName }}
customInitSteps: ${{ parameters.customTestInitSteps }}
- template: ../jobs/test-images-windows-client.yml
parameters:
name: Windows2022_amd64
pool: ${{ parameters.windows2022Pool }}
matrix: dependencies.GenerateTestMatrix.outputs['matrix.WindowsLtsc2022Amd64']
testJobTimeout: ${{ parameters.windowsAmdTestJobTimeout }}
internalProjectName: ${{ parameters.internalProjectName }}
customInitSteps: ${{ parameters.customTestInitSteps }}
- template: ../jobs/test-images-windows-client.yml
parameters:
name: WindowsLtsc2016_amd64
pool: ${{ parameters.windows2016Pool }}
matrix: dependencies.GenerateTestMatrix.outputs['matrix.WindowsLtsc2016Amd64']
testJobTimeout: ${{ parameters.windowsAmdTestJobTimeout }}
internalProjectName: ${{ parameters.internalProjectName }}
customInitSteps: ${{ parameters.customTestInitSteps }}
################################################################################
# Publish Images
################################################################################
- stage: Publish
${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}:
dependsOn: Test
${{ else }}:
dependsOn: Post_Build
condition: "
and(
not(canceled()),
and(
contains(variables['stages'], 'publish'),
or(
or(
and(
and(
contains(variables['stages'], 'build'),
succeeded('Post_Build')),
and(
contains(variables['stages'], 'test'),
in(dependencies.Test.result, 'Succeeded', 'SucceededWithIssues', 'Skipped'))),
or(
and(
not(contains(variables['stages'], 'build')),
and(
contains(variables['stages'], 'test'),
in(dependencies.Test.result, 'Succeeded', 'SucceededWithIssues', 'Skipped'))),
and(
not(contains(variables['stages'], 'test')),
and(
contains(variables['stages'], 'build'),
succeeded('Post_Build'))))),
not(
or(
contains(variables['stages'], 'build'),
contains(variables['stages'], 'test'))))))"
jobs:
- template: ../jobs/publish.yml
parameters:
pool: ${{ parameters.linuxAmd64Pool }}
internalProjectName: ${{ parameters.internalProjectName }}
customPublishVariables: ${{ parameters.customPublishVariables }}
customInitSteps: ${{ parameters.customPublishInitSteps }}

85
eng/common/templates/stages/dotnet/build-test-publish-repo.yml Normal file
View File

@ -0,0 +1,85 @@
# A wrapper template around the common build-test-publish-repo template with settings
# specific to the .NET team's infrastructure.
parameters:
noCache: false
internalProjectName: null
publicProjectName: null
buildMatrixCustomBuildLegGroupArgs: ""
testMatrixCustomBuildLegGroupArgs: ""
customCopyBaseImagesInitSteps: []
customBuildInitSteps: []
customTestInitSteps: []
customPublishInitSteps: []
windowsAmdBuildJobTimeout: 60
windowsAmdTestJobTimeout: 60
linuxAmdBuildJobTimeout: 60
linuxAmd64Pool: ""
buildMatrixType: platformDependencyGraph
testMatrixType: platformVersionedOs
stages:
- template: ../build-test-publish-repo.yml
parameters:
noCache: ${{ parameters.noCache }}
internalProjectName: ${{ parameters.internalProjectName }}
publicProjectName: ${{ parameters.publicProjectName }}
buildMatrixCustomBuildLegGroupArgs: ${{ parameters.buildMatrixCustomBuildLegGroupArgs }}
testMatrixCustomBuildLegGroupArgs: ${{ parameters.testMatrixCustomBuildLegGroupArgs }}
customCopyBaseImagesInitSteps: ${{ parameters.customCopyBaseImagesInitSteps}}
customBuildInitSteps: ${{ parameters.customBuildInitSteps }}
customTestInitSteps: ${{ parameters.customTestInitSteps }}
customPublishInitSteps:
- pwsh: |
# When reporting the repo name in the publish notification, we don't want to include
# the org part of the repo name (e.g. we want "dotnet-docker", not "dotnet-dotnet-docker").
# This also accounts for the different separators between AzDO and GitHub repo names.
$repoName = "$(Build.Repository.Name)"
$orgSeparatorIndex = $repoName.IndexOf("/")
if ($orgSeparatorIndex -eq -1) {
$orgSeparatorIndex = $repoName.IndexOf("-")
}
if ($orgSeparatorIndex -ge 0) {
$repoName = $repoName.Substring($orgSeparatorIndex + 1)
}
echo "##vso[task.setvariable variable=publishNotificationRepoName]$repoName"
displayName: "Set Custom Repo Name Var"
- ${{ parameters.customPublishInitSteps }}
windowsAmdBuildJobTimeout: ${{ parameters.windowsAmdBuildJobTimeout }}
windowsAmdTestJobTimeout: ${{ parameters.windowsAmdTestJobTimeout }}
linuxAmdBuildJobTimeout: ${{ parameters.linuxAmdBuildJobTimeout }}
buildMatrixType: ${{ parameters.buildMatrixType }}
testMatrixType: ${{ parameters.testMatrixType }}
internalVersionsRepoRef: InternalVersionsRepo
publicVersionsRepoRef: PublicVersionsRepo
${{ if eq(variables['System.TeamProject'], parameters.internalProjectName) }}:
customPublishVariables:
- group: DotNet-AllOrgs-Darc-Pats
linuxAmd64Pool:
${{ if ne(parameters.linuxAmd64Pool, '') }}:
${{ parameters.linuxAmd64Pool }}
${{ elseif eq(variables['System.TeamProject'], parameters.publicProjectName) }}:
vmImage: $(defaultLinuxAmd64PoolImage)
${{ elseif eq(variables['System.TeamProject'], parameters.internalProjectName) }}:
name: NetCore1ESPool-Internal
demands: ImageOverride -equals Build.Ubuntu.1804.Amd64
linuxArm64Pool:
${{ if eq(variables['System.TeamProject'], parameters.publicProjectName) }}:
name: DotNetCoreDocker-Public
${{ if eq(variables['System.TeamProject'], parameters.internalProjectName) }}:
name: Docker-Linux-Arm-Internal
linuxArm32Pool:
${{ if eq(variables['System.TeamProject'], parameters.publicProjectName) }}:
name: DotNetCoreDocker-Public
${{ if eq(variables['System.TeamProject'], parameters.internalProjectName) }}:
name: Docker-Linux-Arm-Internal
windows2016Pool: Docker-2016-${{ variables['System.TeamProject'] }}
windows1809Pool: Docker-1809-${{ variables['System.TeamProject'] }}
windows2022Pool: Docker-2022-${{ variables['System.TeamProject'] }}

19
eng/common/templates/steps/clean-acr-images.yml Normal file
View File

@ -0,0 +1,19 @@
parameters:
repo: null
action: null
age: null
customArgs: ""
steps:
- script: >
$(runImageBuilderCmd) cleanAcrImages
${{ parameters.repo }}
$(acr.servicePrincipalName)
$(app-dotnetdockerbuild-client-secret)
$(acr.servicePrincipalTenant)
$(acr.subscription)
$(acr.resourceGroup)
$(acr.server)
--action ${{ parameters.action }}
--age ${{ parameters.age }}
${{ parameters.customArgs }}
displayName: Clean ACR Images - ${{ parameters.repo }}

15
eng/common/templates/steps/cleanup-docker-linux.yml Normal file
View File

@ -0,0 +1,15 @@
parameters:
condition: true
steps:
################################################################################
# Cleanup local Docker server
################################################################################
- script: docker stop $(docker ps -q) || true
displayName: Stop Running Containers
condition: and(always(), ${{ parameters.condition }})
continueOnError: true
- script: docker system prune -a -f --volumes
displayName: Cleanup Docker
condition: and(always(), ${{ parameters.condition }})
continueOnError: true

18
eng/common/templates/steps/cleanup-docker-windows.yml Normal file
View File

@ -0,0 +1,18 @@
parameters:
condition: true
steps:
################################################################################
# Cleanup Docker Resources
################################################################################
- powershell: $(engCommonPath)/Invoke-CleanupDocker.ps1
displayName: Cleanup Docker Images
condition: and(always(), ${{ parameters.condition }})
continueOnError: true
- powershell: |
if (Test-Path $(Build.BinariesDirectory)\.Microsoft.DotNet.ImageBuilder) {
Remove-Item $(Build.BinariesDirectory)\.Microsoft.DotNet.ImageBuilder -Force -Recurse;
}
displayName: Cleanup Image Builder
condition: and(always(), ${{ parameters.condition }})
continueOnError: true

26
eng/common/templates/steps/copy-base-images.yml Normal file
View File

@ -0,0 +1,26 @@
parameters:
additionalOptions: null
publicProjectName: null
continueOnError: false
steps:
- ${{ if or(eq(variables['System.TeamProject'], parameters.publicProjectName), eq(variables['Build.Reason'], 'PullRequest')) }}:
- template: ../steps/set-dry-run.yml
- script: >
$(runImageBuilderCmd)
copyBaseImages
'$(acr.servicePrincipalName)'
'$(acr.servicePrincipalPassword)'
'$(acr.servicePrincipalTenant)'
'$(acr.subscription)'
'$(acr.resourceGroup)'
$(dockerHubRegistryCreds)
$(customCopyBaseImagesArgs)
--repo-prefix $(mirrorRepoPrefix)
--registry-override '$(acr.server)'
--os-type 'linux'
--architecture '*'
$DRYRUNARG
${{ parameters.additionalOptions }}
displayName: Copy Base Images
continueOnError: ${{ parameters.continueOnError }}

17
eng/common/templates/steps/download-build-artifact.yml Normal file
View File

@ -0,0 +1,17 @@
parameters:
targetPath: ""
artifactName: ""
condition: true
steps:
- task: DownloadPipelineArtifact@1
inputs:
buildType: specific
project: $(System.TeamProject)
pipline: $(System.DefinitionId)
buildVersionToDownload: specific
buildId: $(sourceBuildId)
targetPath: ${{ parameters.targetPath }}
artifactName: ${{ parameters.artifactName }}
displayName: Download Build Artifact(s)
condition: and(succeeded(), ${{ parameters.condition }})

9
eng/common/templates/steps/init-common.yml Normal file
View File

@ -0,0 +1,9 @@
parameters:
condition: true
steps:
- powershell: |
$sourceBranch=$Env:BUILD_SOURCEBRANCH -replace "refs/heads/","" -replace "refs/tags/","" -replace "refs/pull/",""
echo "##vso[task.setvariable variable=sourceBranch]$sourceBranch"
displayName: Define Source Branch Variable
condition: and(succeeded(), ${{ parameters.condition }})

61
eng/common/templates/steps/init-docker-linux.yml Normal file
View File

@ -0,0 +1,61 @@
parameters:
setupImageBuilder: true
setupTestRunner: false
cleanupDocker: true
condition: true
steps:
- template: init-common.yml
parameters:
condition: ${{ parameters.condition }}
- script: echo "##vso[task.setvariable variable=artifactsPath]/artifacts"
displayName: Define Artifacts Path Variable
condition: and(succeeded(), ${{ parameters.condition }})
################################################################################
# Cleanup Docker Resources
################################################################################
- ${{ if eq(parameters.cleanupDocker, 'true') }}:
- template: cleanup-docker-linux.yml
parameters:
condition: ${{ parameters.condition }}
################################################################################
# Setup Image Builder (Optional)
################################################################################
- ${{ if eq(parameters.setupImageBuilder, 'true') }}:
- script: $(engCommonPath)/pull-image.sh $(imageNames.imageBuilder)
displayName: Pull Image Builder
condition: and(succeeded(), ${{ parameters.condition }})
- script: >
docker build
-t $(imageNames.imageBuilder.withrepo)
--build-arg IMAGE=$(imageNames.imageBuilder)
-f $(engCommonPath)/Dockerfile.WithRepo .
displayName: Build Image for Image Builder
condition: and(succeeded(), ${{ parameters.condition }})
- script: >
echo "##vso[task.setvariable variable=runImageBuilderCmd]
docker run --rm
-v /var/run/docker.sock:/var/run/docker.sock
-v $(Build.ArtifactStagingDirectory):$(artifactsPath)
-w /repo
$(imageBuilderDockerRunExtraOptions)
$(imageNames.imageBuilder.withrepo)"
displayName: Define runImageBuilderCmd Variable
condition: and(succeeded(), ${{ parameters.condition }})
################################################################################
# Setup Test Runner (Optional)
################################################################################
- ${{ if eq(parameters.setupTestRunner, 'true') }}:
- script: $(engCommonPath)/pull-image.sh $(imageNames.testrunner)
displayName: Pull Test Runner
condition: and(succeeded(), ${{ parameters.condition }})
- script: >
docker build
-t $(imageNames.testRunner.withrepo)
--build-arg IMAGE=$(imageNames.testrunner)
-f $(engCommonPath)/Dockerfile.WithRepo .
displayName: Build Test Runner Image
condition: and(succeeded(), ${{ parameters.condition }})

44
eng/common/templates/steps/init-docker-windows.yml Normal file
View File

@ -0,0 +1,44 @@
parameters:
setupImageBuilder: true
condition: true
steps:
- template: init-common.yml
parameters:
condition: ${{ parameters.condition }}
- powershell: echo "##vso[task.setvariable variable=artifactsPath]$(Build.ArtifactStagingDirectory)"
displayName: Define Artifacts Path Variable
condition: and(succeeded(), ${{ parameters.condition }})
################################################################################
# Cleanup Docker Resources
################################################################################
- template: cleanup-docker-windows.yml
parameters:
condition: ${{ parameters.condition }}
################################################################################
# Setup Image Builder (Optional)
################################################################################
- ${{ if eq(parameters.setupImageBuilder, 'true') }}:
- powershell: $(engCommonPath)/Invoke-WithRetry.ps1 "docker pull $(imageNames.imageBuilder)"
displayName: Pull Image Builder
condition: and(succeeded(), ${{ parameters.condition }})
- script: docker create --name setupImageBuilder-$(Build.BuildId)-$(System.JobId) $(imageNames.imageBuilder)
displayName: Create Setup Container
condition: and(succeeded(), ${{ parameters.condition }})
- script: >
docker cp
setupImageBuilder-$(Build.BuildId)-$(System.JobId):/image-builder
$(Build.BinariesDirectory)/.Microsoft.DotNet.ImageBuilder
displayName: Copy Image Builder
condition: and(succeeded(), ${{ parameters.condition }})
- script: docker rm -f setupImageBuilder-$(Build.BuildId)-$(System.JobId)
displayName: Cleanup Setup Container
condition: and(always(), ${{ parameters.condition }})
continueOnError: true
- powershell: >
echo "##vso[task.setvariable variable=runImageBuilderCmd]
$(Build.BinariesDirectory)\.Microsoft.DotNet.ImageBuilder\Microsoft.DotNet.ImageBuilder.exe"
displayName: Define runImageBuilderCmd Variable
condition: and(succeeded(), ${{ parameters.condition }})

15
eng/common/templates/steps/parse-test-arg-arrays.yml Normal file
View File

@ -0,0 +1,15 @@
steps:
- powershell: |
# Formats the OS versions in a compact human-readable form (e.g. "os1/os2")
$osVersionsDisplayName = '$(osVersions)' -Replace '--os-version ', '' -Replace ' ', '/'
# Defines a PowerShell snippet in string-form that can be used to initialize an array of the OS versions
$osVersionsArrayInitStr = "@('" + $($osVersionsDisplayName -Replace "/", "', '") + "')"
echo "##vso[task.setvariable variable=osVersionsDisplayName]$osVersionsDisplayName"
echo "##vso[task.setvariable variable=osVersionsArrayInitStr]$osVersionsArrayInitStr"
# Defines a PowerShell snippet in string-form that can be used to initialize an array of the image builder paths
$pathInitStr = "@('" + $('$(imageBuilderPaths)' -Replace '--path', '' -Replace " ", "', '") + "')"
echo "##vso[task.setvariable variable=imageBuilderPathsArrayInitStr]$pathInitStr"
displayName: Parse Test Arg Arrays

29
eng/common/templates/steps/publish-readmes.yml Normal file
View File

@ -0,0 +1,29 @@
parameters:
dryRunArg: ""
condition: true
steps:
- script: >
$(runImageBuilderCmd) publishMcrDocs
--manifest '$(manifest)'
--registry-override '$(acr.server)'
'$(mcrDocsRepoInfo.userName)'
'$(mcrDocsRepoInfo.email)'
'$(mcrDocsRepoInfo.accessToken)'
'$(publicGitRepoUri)'
${{ parameters.dryRunArg }}
$(manifestVariables)
$(imageBuilder.queueArgs)
--git-owner 'Microsoft'
--git-repo 'mcrdocs'
--git-branch 'main'
--git-path 'teams'
$(additionalPublishMcrDocsArgs)
name: PublishReadmes
displayName: Publish Readmes
condition: ${{ parameters.condition }}
- template: wait-for-mcr-doc-ingestion.yml
parameters:
commitDigest: $(PublishReadmes.readmeCommitDigest)
condition: and(${{ parameters.condition }}, ne(variables['PublishReadmes.readmeCommitDigest'], ''))
dryRunArg: ${{ parameters.dryRunArg }}

9
eng/common/templates/steps/retain-build.yml Normal file
View File

@ -0,0 +1,9 @@
steps:
- powershell: >
$(engCommonPath)/Retain-Build.ps1
-BuildId $(Build.BuildId)
-AzdoOrgUri '$(System.CollectionUri)'
-AzdoProject '$(System.TeamProject)'
-Token '$(System.AccessToken)'
displayName: Enable permanent build retention
condition: and(succeeded(), eq(variables.retainBuild, 'true'))

12
eng/common/templates/steps/set-dry-run.yml Normal file
View File

@ -0,0 +1,12 @@
steps:
- powershell: |
# Use dry-run option for certain publish operations if this is not a production build
$dryRunArg=""
if (-not "$(officialRepoPrefixes)".Split(',').Contains("$(publishRepoPrefix)") `
-or "$(System.TeamProject)" -eq "$(publicProjectName)")
{
$dryRunArg=" --dry-run"
}
echo "##vso[task.setvariable variable=dryRunArg]$dryRunArg"
displayName: Set dry-run arg for non-prod

19
eng/common/templates/steps/set-image-info-path-var.yml Normal file
View File

@ -0,0 +1,19 @@
parameters:
publicSourceBranch: null
steps:
- powershell: |
$basePath = "$(gitHubVersionsRepoInfo.path)"
$publicSourceBranch = "${{ parameters.publicSourceBranch }}"
if ($publicSourceBranch -eq "") {
throw "publicSourceBranch variable is not set"
}
$buildRepoName = "$(Build.Repository.Name)".Replace("/", "-")
$imageInfoName = "image-info.$buildRepoName-$publicSourceBranch$(imageInfoVariant).json"
echo "##vso[task.setvariable variable=imageInfoVersionsPath]$basePath/$imageInfoName"
echo "##vso[task.setvariable variable=gitHubImageInfoVersionsPath]$(gitHubVersionsRepoInfo.path)/$imageInfoName"
displayName: Set Image Info Path Vars

101
eng/common/templates/steps/test-images-linux-client.yml Normal file
View File

@ -0,0 +1,101 @@
parameters:
preBuildValidation: false
internalProjectName: null
condition: true
customInitSteps: []
steps:
- template: init-docker-linux.yml
parameters:
setupImageBuilder: false
setupTestRunner: true
cleanupDocker: ${{ and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}
condition: ${{ parameters.condition }}
- ${{ parameters.customInitSteps }}
- script: |
echo "##vso[task.setvariable variable=testRunner.container]testrunner-$(Build.BuildId)-$(System.JobId)"
optionalTestArgs=""
if [ "${{ parameters.preBuildValidation }}" == "true" ]; then
optionalTestArgs="$optionalTestArgs -TestCategories pre-build"
else
if [ "${{ variables['System.TeamProject'] }}" == "${{ parameters.internalProjectName }}" ] && [ "${{ variables['Build.Reason'] }}" != "PullRequest" ]; then
optionalTestArgs="$optionalTestArgs -PullImages -Registry $(acr.server) -RepoPrefix $(stagingRepoPrefix) -ImageInfoPath $(artifactsPath)/image-info.json"
fi
if [ "$REPOTESTARGS" != "" ]; then
optionalTestArgs="$optionalTestArgs $REPOTESTARGS"
fi
fi
echo "##vso[task.setvariable variable=optionalTestArgs]$optionalTestArgs"
displayName: Set Test Variables
condition: and(succeeded(), ${{ parameters.condition }})
- script: >
docker run -t -d
-v /var/run/docker.sock:/var/run/docker.sock
-v $(Build.ArtifactStagingDirectory):$(artifactsPath)
-e RUNNING_TESTS_IN_CONTAINER=true
--name $(testRunner.container)
$(imageNames.testRunner.withrepo)
displayName: Start Test Runner Container
condition: and(succeeded(), ${{ parameters.condition }})
- ${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}:
- script: >
docker exec $(testRunner.container) pwsh
-File $(engCommonRelativePath)/Invoke-WithRetry.ps1
"docker login -u $(acr.userName) -p $(acr.password) $(acr.server)"
displayName: Docker login
condition: and(succeeded(), ${{ parameters.condition }})
- ${{ if eq(parameters.preBuildValidation, 'false') }}:
- template: ../steps/download-build-artifact.yml
parameters:
targetPath: $(Build.ArtifactStagingDirectory)
artifactName: image-info
condition: ${{ parameters.condition }}
- template: parse-test-arg-arrays.yml
- powershell: >
$(test.init);
docker exec
$(testRunner.options)
$(testRunner.container)
pwsh
-Command "$(testScriptPath)
-Paths $(imageBuilderPathsArrayInitStr)
-OSVersions $(osVersionsArrayInitStr)
-Architecture '$(architecture)'
$(optionalTestArgs)"
displayName: Test Images
condition: and(succeeded(), ${{ parameters.condition }})
- ${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}:
- script: docker exec $(testRunner.container) docker logout $(acr.server)
displayName: Docker logout
condition: and(always(), ${{ parameters.condition }})
continueOnError: true
- script: >
docker cp
$(testRunner.container):/repo/$(testResultsDirectory)
$(Common.TestResultsDirectory)/.
displayName: Copy Test Results
condition: and(always(), ${{ parameters.condition }})
continueOnError: true
- task: PublishTestResults@2
displayName: Publish Test Results
condition: and(always(), ${{ parameters.condition }})
continueOnError: true
inputs:
testRunner: vSTest
testResultsFiles: '**/*.trx'
searchFolder: $(Common.TestResultsDirectory)
mergeTestResults: true
publishRunAttachments: true
${{ if eq(parameters.preBuildValidation, 'false') }}:
testRunTitle: $(productVersion) $(osVersionsDisplayName) $(architecture)
${{ if eq(parameters.preBuildValidation, 'true') }}:
testRunTitle: Pre-Build Validation
- script: docker rm -f $(testRunner.container)
displayName: Cleanup TestRunner Container
condition: and(always(), ${{ parameters.condition }})
continueOnError: true
- ${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}:
- template: cleanup-docker-linux.yml
parameters:
condition: ${{ parameters.condition }}

64
eng/common/templates/steps/test-images-windows-client.yml Normal file
View File

@ -0,0 +1,64 @@
parameters:
internalProjectName: null
condition: true
customInitSteps: []
steps:
- ${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}:
- template: init-docker-windows.yml
parameters:
setupImageBuilder: false
condition: ${{ parameters.condition }}
- powershell: >
$(engCommonPath)/Invoke-WithRetry.ps1
"cmd /c 'docker login -u $(acr.userName) --password $(acr.password) $(acr.server) 2>&1'"
displayName: Docker login
condition: and(succeeded(), ${{ parameters.condition }})
- ${{ parameters.customInitSteps }}
- powershell: |
if ("${{ variables['System.TeamProject'] }}" -eq "${{ parameters.internalProjectName }}" -and "${{ variables['Build.Reason'] }}" -ne "PullRequest") {
$optionalTestArgs="$optionalTestArgs -PullImages -Registry $env:ACR_SERVER -RepoPrefix $env:STAGINGREPOPREFIX -ImageInfoPath $(artifactsPath)/image-info.json"
}
if ($env:REPOTESTARGS) {
$optionalTestArgs += " $env:REPOTESTARGS"
}
echo "##vso[task.setvariable variable=optionalTestArgs]$optionalTestArgs"
displayName: Set Test Variables
condition: and(succeeded(), ${{ parameters.condition }})
- powershell: Get-ChildItem -Path tests -r | Where {$_.Extension -match "trx"} | Remove-Item
displayName: Cleanup Old Test Results
condition: and(succeeded(), ${{ parameters.condition }})
- ${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}:
- template: ../steps/download-build-artifact.yml
parameters:
targetPath: $(Build.ArtifactStagingDirectory)
artifactName: image-info
condition: ${{ parameters.condition }}
- template: parse-test-arg-arrays.yml
- powershell: >
$(test.init);
$(testScriptPath)
-Paths $(imageBuilderPathsArrayInitStr)
-OSVersions $(osVersionsArrayInitStr)
$(optionalTestArgs)
displayName: Test Images
condition: and(succeeded(), ${{ parameters.condition }})
- ${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}:
- script: docker logout $(acr.server)
displayName: Docker logout
condition: and(always(), ${{ parameters.condition }})
continueOnError: true
- task: PublishTestResults@2
displayName: Publish Test Results
condition: and(always(), ${{ parameters.condition }})
continueOnError: true
inputs:
testRunner: vSTest
testResultsFiles: '$(testResultsDirectory)/**/*.trx'
mergeTestResults: true
publishRunAttachments: true
testRunTitle: $(productVersion) $(osVersionsDisplayName) amd64
- ${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}:
- template: cleanup-docker-windows.yml
parameters:
condition: ${{ parameters.condition }}

14
eng/common/templates/steps/validate-branch.yml Normal file
View File

@ -0,0 +1,14 @@
parameters:
internalProjectName: null
steps:
- ${{ if and(eq(variables['System.TeamProject'], parameters.internalProjectName), ne(variables['Build.Reason'], 'PullRequest')) }}:
- powershell: |
if (-not "$(officialBranches)".Split(',').Contains("$(sourceBranch)") `
-and "$(officialBranches)".Split(',').Contains("$(publishRepoPrefix)") `
-and "$(overrideOfficialBranchValidation)" -ne "true")
{
echo "##vso[task.logissue type=error]Official builds must be done from an official branch: $(officialBranches)"
exit 1
}
displayName: Validate Branch

14
eng/common/templates/steps/validate-image-sizes.yml Normal file
View File

@ -0,0 +1,14 @@
parameters:
dockerClientOS: null
architecture: "*"
validationMode: "all"
steps:
- template: ${{ format('../steps/init-docker-{0}.yml', parameters.dockerClientOS) }}
- powershell: >
./tests/performance/Validate-ImageSize.ps1
-ImageBuilderCustomArgs "--architecture '${{ parameters.architecture }}'"
-ValidationMode:${{ parameters.validationMode }}
-PullImages
displayName: Run Image Size Tests
- template: ${{ format('../steps/cleanup-docker-{0}.yml', parameters.dockerClientOS) }}

16
eng/common/templates/steps/wait-for-mcr-doc-ingestion.yml Normal file
View File

@ -0,0 +1,16 @@
parameters:
commitDigest: null
condition: true
dryRunArg: ""
steps:
- script: >
$(runImageBuilderCmd) waitForMcrDocIngestion
'${{ parameters.commitDigest }}'
'$(mcrStatus.servicePrincipalName)'
'$(mcrStatus.servicePrincipalPassword)'
'$(mcrStatus.servicePrincipalTenant)'
--timeout '$(mcrDocIngestionTimeout)'
${{ parameters.dryRunArg }}
displayName: Wait for MCR Doc Ingestion
condition: and(${{ parameters.condition }}, eq(variables['waitForIngestionEnabled'], 'true'))

21
eng/common/templates/steps/wait-for-mcr-image-ingestion.yml Normal file
View File

@ -0,0 +1,21 @@
parameters:
imageInfoPath: null
minQueueTime: null
condition: true
dryRunArg: ""
steps:
- script: >
$(runImageBuilderCmd) waitForMcrImageIngestion
'${{ parameters.imageInfoPath }}'
'$(mcrStatus.servicePrincipalName)'
'$(mcrStatus.servicePrincipalPassword)'
'$(mcrStatus.servicePrincipalTenant)'
--manifest '$(manifest)'
--repo-prefix '$(publishRepoPrefix)'
--min-queue-time '${{ parameters.minQueueTime }}'
--timeout '$(mcrImageIngestionTimeout)'
$(manifestVariables)
${{ parameters.dryRunArg }}
displayName: Wait for Image Ingestion
condition: and(${{ parameters.condition }}, eq(variables['waitForIngestionEnabled'], 'true'))

16
eng/common/templates/variables/codeql.yml Normal file
View File

@ -0,0 +1,16 @@
parameters:
- name: TSAEnabled
displayName: Publish CodeQL results to TSA
type: boolean
default: true
variables:
# Force CodeQL enabled so it may be run on any branch
- name: Codeql.Enabled
value: true
# Do not let CodeQL 3000 Extension gate scan frequency
- name: Codeql.Cadence
value: 0
# CodeQL needs this plumbed along as a variable to enable TSA
- name: Codeql.TSAEnabled
value: ${{ parameters.TSAEnabled }}

5
eng/common/templates/variables/common-paths.yml Normal file
View File

@ -0,0 +1,5 @@
variables:
engCommonRelativePath: eng/common
engCommonPath: $(Build.Repository.LocalPath)/$(engCommonRelativePath)
engPath: $(Build.Repository.LocalPath)/eng
testScriptPath: ""

55
eng/common/templates/variables/common.yml Normal file
View File

@ -0,0 +1,55 @@
variables:
- template: docker-images.yml
- template: common-paths.yml
- name: stagingRepoPrefix
value: build-staging/$(sourceBuildId)/
- name: publishReadme
value: true
- name: publishImageInfo
value: true
- name: ingestKustoImageInfo
value: true
- name: skipComponentGovernanceDetection
value: true
- name: build.imageBuilderDockerRunExtraOptions
value: ""
- name: imageBuilderDockerRunExtraOptions
value: ""
- name: productVersionComponents
value: 2
- name: imageInfoVariant
value: ""
- name: publishNotificationsEnabled
value: false
- name: manifestVariables
value: ""
- name: mcrImageIngestionTimeout
value: "00:20:00"
- name: mcrDocIngestionTimeout
value: "00:05:00"
- name: officialBranches
# comma-delimited list of branch names
value: main
- name: mirrorRepoPrefix
value: 'mirror/'
- name: cgBuildGrepArgs
value: "''"
- name: test.init
value: ""
- name: testRunner.options
value: ""
- name: customCopyBaseImagesArgs
value: ""
- name: defaultLinuxAmd64PoolImage
value: ubuntu-latest
- name: defaultLinuxArm32PoolImage
value: null
- name: defaultLinuxArm64PoolImage
value: null
- name: defaultWindows2016PoolImage
value: vs2017-win2016
- name: defaultWindows1809PoolImage
value: windows-2019
- name: defaultWindows2022PoolImage
value: windows-2022

Some files were not shown because too many files have changed in this diff Show More