diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b8ce12b1be..c9be25773b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,6 +16,11 @@ on: branches: - master +# Cancel existing runs if user makes another push. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + permissions: contents: read diff --git a/.github/workflows/build_vagrant.yml b/.github/workflows/build_vagrant.yml index 9feaf2240e..a65ae53363 100644 --- a/.github/workflows/build_vagrant.yml +++ b/.github/workflows/build_vagrant.yml @@ -10,7 +10,7 @@ on: # Cancel existing runs if user makes another push. concurrency: - group: "${{ github.ref }}" + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: ${{ github.event_name == 'pull_request' }} permissions: diff --git a/.github/workflows/build_windows.yml b/.github/workflows/build_windows.yml new file mode 100644 index 0000000000..2ffc17487f --- /dev/null +++ b/.github/workflows/build_windows.yml @@ -0,0 +1,48 @@ +name: Docker (Windows) + +on: + pull_request: + paths: + - .github/workflows/build_windows.yml + - ansible/docker/Dockerfile.win2022 + branches: + - master + push: + paths: + - .github/workflows/build_windows.yml + - ansible/docker/Dockerfile.win2022 + branches: + - master + +# Cancel existing runs if user makes another push. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +permissions: + id-token: write + contents: read + +jobs: + build: + if: startsWith(github.repository, 'adoptium/') + runs-on: windows-2022 + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Login to our Azure subscription + if: github.ref == 'refs/heads/master' + uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID_OIDC }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Build container image + run: docker build -t adoptium.azurecr.io/windows2022_build_image:latest -f ansible/docker/Dockerfile.win2022 . + + - name: Push container image to ACR + if: github.ref == 'refs/heads/master' + run: | + az acr login --name adoptium + docker push adoptium.azurecr.io/windows2022_build_image:latest diff --git a/.github/workflows/build_wsl.yml b/.github/workflows/build_wsl.yml index 7ce36e5611..f2fa658486 100644 --- a/.github/workflows/build_wsl.yml +++ b/.github/workflows/build_wsl.yml @@ -14,7 +14,7 @@ on: # Cancel existing runs if user makes another push. concurrency: - group: "${{ github.ref }}" + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: ${{ github.event_name == 'pull_request' }} permissions: diff --git a/FAQ.md b/FAQ.md index f8ff218f5c..4b68beb0af 100644 --- a/FAQ.md +++ b/FAQ.md @@ -89,7 +89,7 @@ have at the moment: | [Centos6](./ansible/docker/Dockerfile.CentOS6) | [`adoptopenjdk/centos6_build_image`](https://hub.docker.com/r/adoptopenjdk/centos6_build_image)| linux/amd64 | [GH Actions](.github/workflows/build.yml) | Yes | [Alpine3](./ansible/docker/Dockerfile.Alpine3) | [`adoptopenjdk/alpine3_build_image`](https://hub.docker.com/r/adoptopenjdk/alpine3_build_image) | linux/x64 & linux/arm64 | [Jenkins](https://ci.adoptium.net/job/centos7_docker_image_updater/) | Yes | [Ubuntu 20.04 (riscv64 only)](./ansible/docker/Dockerfile.Ubuntu2004-riscv64) | [`adoptopenjdk/ubuntu2004_build_image:linux-riscv64`](https://hub.docker.com/r/adoptopenjdk/ubuntu2004_build_image) | linux/riscv64 | [Jenkins](https://ci.adoptium.net/job/centos7_docker_image_updater/) | Yes -| [Windows Server 2022](./ansible/docker/Dockerfile.win2022) | n/a - restricted | Windows | No +| [Windows Server 2022](./ansible/docker/Dockerfile.win2022) | `adoptium.azurecr.io/windows2022_build_image` - restricted | Windows | [GH Actions](.github/workflows/build_windows.yml) | Yes
(*) - Caveats: diff --git a/ansible/docker/Dockerfile.win2022 b/ansible/docker/Dockerfile.win2022 index 3674a2f145..5c87dc0791 100644 --- a/ansible/docker/Dockerfile.win2022 +++ b/ansible/docker/Dockerfile.win2022 @@ -6,7 +6,7 @@ ARG PW=T3mp=Passwd # Download Cygwin Bootstrapper & Verify Its Checksum RUN powershell -Command \ "wget -UseBasicParsing https://cygwin.com/setup-x86_64.exe -OutFile setup-x86_64.exe; \ - $expectedChecksum = 'e7815d360ab098fdd1f03f10f43f363c73a632e8866e304c72573cf1e6a0dec8'; \ + $expectedChecksum = '46993d76d756bde18564f72a4ee07384cd82b447527ca406c8bfc034cb05c664'; \ $fileChecksum = CertUtil -hashfile setup-x86_64.exe SHA256 | Select-String -Pattern '([A-Fa-f0-9]{64})' | ForEach-Object { $_.Matches[0].Groups[1].Value }; \ if ($fileChecksum -ne $expectedChecksum) { \ Write-Host 'Checksum verification failed!' -ForegroundColor Red; \ @@ -16,17 +16,16 @@ RUN powershell -Command \ Write-Host 'Checksum verification succeeded!' -ForegroundColor Green; \ }" -# Set up cygwin with git and ansible as a bootstrap, and add to system default path -RUN setup-x86_64.exe --packages git,ansible --download --local-install --delete-orphans --site https://mirrors.kernel.org/sourceware/cygwin --local-package-dir c:\cygwin_packages --root C:\cygwin64 --wait --quiet-mode & \ - C:\cygwin64\bin\git config --system core.autocrlf false & \ - del setup-x86_64.exe & \ - setx PATH "c:\cygwin64\bin;%PATH%" & \ +# Set up cygwin with ansible as a bootstrap, and add to system default path +RUN setup-x86_64.exe --packages ansible --download --local-install --delete-orphans --site https://cygwin.mirror.constant.com --local-package-dir c:\cygwin_packages --root C:\cygwin64 --wait --quiet-mode && \ + del setup-x86_64.exe && \ + setx PATH "c:\cygwin64\bin;%PATH%" && \ mkdir c:\temp # Download Ansible Config Script & Verify Its Checksum RUN powershell -Command \ "wget https://raw.githubusercontent.com/ansible/ansible/dd4c56e4d68664e4a50292aa19ea61b15c92287c/examples/scripts/ConfigureRemotingForAnsible.ps1 -OutFile ConfigureRemotingForAnsible.ps1; \ - $expectedChecksum = '201ad16584f79292044dc21c78c6688dce07f94d769f5e69631b46c3c13036fc'; \ + $expectedChecksum = '201ad16584f79292044dc21c78c6688dce07f94d769f5e69631b46c3c13036fc'; \ $fileChecksum = CertUtil -hashfile ConfigureRemotingForAnsible.ps1 SHA256 | Select-String -Pattern '([A-Fa-f0-9]{64})' | ForEach-Object { $_.Matches[0].Groups[1].Value }; \ if ($fileChecksum -ne $expectedChecksum) { \ Write-Host 'Checksum verification failed!' -ForegroundColor Red; \ @@ -45,13 +44,14 @@ RUN PowerShell .\ConfigureRemotingForAnsible.ps1 -CertValidityDays 9999 & \ # Set up WinRM user, clone and run the playbook, then delete the user so it's not in any layer ENV TERM=dumb -RUN net user ansible %PW% /ADD & net localgroup "Administrators" ansible /ADD & net localgroup "Remote Management Users" ansible /ADD & \ - C:\cygwin64\bin\git clone https://github.com/sxa/infrastructure -b windows_docker_support c:/infrastructure & \ - sed -i -e 's/hosts: .*/hosts: localhost/' infrastructure/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml & \ - echo localhost ansible_connection=winrm > infrastructure/ansible/hosts & \ - cd infrastructure\ansible & \ - C:\cygwin64\bin\python3.7m.exe /usr/bin/ansible-playbook -e git_sha=00000000 -e ansible_user=ansible -e ansible_password=%PW% -i hosts \ - --skip-tags=adoptopenjdk,reboot,NTP_TIME,MSVS_2013,MSVS_2017,MSVS_2019 playbooks/AdoptOpenJDK_Windows_Playbook/main.yml & \ +COPY . infrastructure + +RUN net user ansible %PW% /ADD & net localgroup "Administrators" ansible /ADD & net localgroup "Remote Management Users" ansible /ADD && \ + sed -i -e 's/hosts: .*/hosts: localhost/' infrastructure/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml && \ + echo localhost ansible_connection=winrm > infrastructure/ansible/hosts && \ + cd infrastructure\ansible && \ + C:\cygwin64\bin\python3.7m.exe /usr/bin/ansible-playbook -vv -e git_sha=00000000 -e ansible_user=ansible -e ansible_password=%PW% -i hosts \ + --skip-tags=adoptopenjdk,reboot,Windows_Updates,NTP_TIME,MSVS_2013,MSVS_2017,MSVS_2019,NVidia_Cuda_Toolkit,clang_64bit,clang_32bit,nasm,Rust,IcedTea-Web playbooks/AdoptOpenJDK_Windows_Playbook/main.yml && \ net user ansible /DELETE ENTRYPOINT ["C:\\Program Files (x86)\\Microsoft Visual Studio\\2022\\BuildTools\\Common7\\Tools\\VsDevCmd.bat", "&&", "powershell.exe", "-NoLogo", "-ExecutionPolicy", "Bypass"] diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml index 42affc1265..d5b06c6099 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/ANT/tasks/main.yml @@ -63,15 +63,37 @@ register: ant_contrib_installed tags: ANT -- name: Download ant-contrib - win_get_url: - url: https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.zip - dest: c:\temp\ant-contrib.zip - force: no - checksum: 22bae6c3ddf1a464b285784599eef8698f64dde24378c77e42522a536b88cbbc - checksum_algorithm: sha256 - when: (not ant_contrib_installed.stat.exists) - tags: ANT +# NOTE: This is commented out and replaced with a manual invocation of sha256sum +# afterwards because this was not workin consistently. It is left here as +# we need further diagnosis to understand why this is not working. +# Specifically is it failing in the github actions run for build image gen + +- name: Download ant-contrib with curl + win_shell: c:\cygwin64\bin\curl -Lo c:\temp\ant-contrib.zip https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.zip +#- name: Download ant-contrib +# win_get_url: +# url: https://sourceforge.net/projects/ant-contrib/files/ant-contrib/ant-contrib-1.0b2/ant-contrib-1.0b2-bin.zip +# dest: c:\temp\ant-contrib.zip +# force: no +# checksum: 22bae6c3ddf1a464b285784599eef8698f64dde24378c77e42522a536b88cbbc +# checksum_algorithm: sha256 +# when: (not ant_contrib_installed.stat.exists) +# tags: ANT + +- name: "Check sha256sum of ant-contrib.zip with PowerShell" + win_shell: | + $filePath = "c:\temp\ant-contrib.zip" + $expectedChecksum = "22bae6c3ddf1a464b285784599eef8698f64dde24378c77e42522a536b88cbbc" + $actualChecksum = Get-FileHash -Path $filePath -Algorithm SHA256 | Select-Object -ExpandProperty Hash + + if ($actualChecksum -ne $expectedChecksum) { + Write-Output "Checksum mismatch" + Write-Output "Actual Checksum: $actualChecksum" + Write-Output "Expect Checksum: $expectedChecksum" + exit 1 + } + register: checksum_result + failed_when: checksum_result.rc != 0 - name: Unzip ant-contrib win_unzip: @@ -81,7 +103,7 @@ when: (not ant_contrib_installed.stat.exists) tags: ANT -- name: Copy the ant-contrib.jar to ANT's lib folder +- name: "Copy the ant-contrib.jar to ANT's lib folder" win_copy: src: C:\temp\ant-contrib\ant-contrib\lib\ant-contrib.jar dest: C:\apache-ant\apache-ant-{{ ant_version }}\lib\ant-contrib.jar @@ -96,4 +118,5 @@ with_items: - ant-contrib.zip - ant.zip + - ant-contrib.sha256 tags: ANT diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Incredibuild/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Incredibuild/tasks/main.yml index 598e006981..54643336df 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Incredibuild/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Incredibuild/tasks/main.yml @@ -3,16 +3,19 @@ # Incredibuild - Configuration Tasks # ####################################### -- name: Check if the ibxbuild service exists - ansible.windows.win_service_info: - name: IBXDashboard +- name: Check if the IBXDashboard service exists + win_shell: | + if (Get-Service -Name 'IBXDashboard' -ErrorAction SilentlyContinue) { + Write-Host "exists" + } register: service_info + changed_when: false - name: Stop the IBX Dashboard service if it exists - ansible.windows.win_service: + win_service: name: IBXDashboard state: stopped - when: service_info.exists + when: "'exists' in service_info.stdout" - name: Check if incredibuild.conf file exists win_stat: @@ -28,7 +31,7 @@ when: incredibuild_conf_file.stat.exists - name: Start the IBX Dashboard service if it exists - ansible.windows.win_service: + win_service: name: IBXDashboard state: started - when: service_info.exists + when: "'exists' in service_info.stdout" diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022_REDIST/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022_REDIST/tasks/main.yml index 853d3fa00c..f314e32047 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022_REDIST/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022_REDIST/tasks/main.yml @@ -19,13 +19,13 @@ tags: MSVS_2022_REDIST - name: Check if C:\openjdk\devkit exists - ansible.windows.win_stat: + win_stat: path: 'c:\openjdk\devkit' register: directory_status tags: MSVS_2022_REDIST - name: Create C:\openjdk\devkit if it does not exist - ansible.windows.win_file: + win_file: path: 'c:\openjdk\devkit\' state: directory when: not directory_status.stat.exists diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Strawberry_Perl/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Strawberry_Perl/tasks/main.yml index 7616188f01..e649320469 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Strawberry_Perl/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Strawberry_Perl/tasks/main.yml @@ -17,7 +17,8 @@ - name: Download Strawberry Perl win_get_url: - url: http://strawberryperl.com/download/5.26.0.1/strawberry-perl-5.26.0.1-64bit.zip +# url: https://strawberryperl.com/download/5.26.0.1/strawberry-perl-5.26.0.1-64bit.zip + url: https://ci.adoptium.net/userContent/winansible/strawberry-perl-5.26.0.1-64bit.zip dest: C:\temp\strawberry-perl.zip checksum: 0f89ce99be64679f930e9cca25ccec09de8aff2fc5db3c0dd4158d9606532ad5 checksum_algorithm: sha256