Skip to content

ci: migrate python image in azure dockerfiles to MCR

Marija Dukic requested to merge secure-container-supply-chain into master

Type of change

  • Bug Fix
  • CI
  • Feature

Does this introduce a change in the core logic?

  • [No]

Does this introduce a change in the cloud provider implementation, if so which cloud?

  • AWS
  • Azure
  • GCP
  • IBM

Updates description?

  • Updated Azure Dockerfile python image to python:3.8-slim from Microsoft Container Registry

  • Copied DAG.Dockerfile to deployments/scripts/azure location and updated FROM in new Dockerfile to use python:3.8-slim image from Microsoft Container Registry (this is to avoid other cloud providers using MCR)

  • Replaced apk package manager in both Dockerfiles to apt-get package manager which is available in slim tagged images

  • Updated condition in override-stages.yml to include Azure related jobs back in the pipeline following the changes made in CI-CD Pipelines repo for Azure deployments in general with this MR

  • Updated azure_register_dag job in pipeline to send valid workflow name to workflow API and not hardly depend on full branch name (this is due to workflow API having validation for the lenght in workflow name to be max 64 characters which can easily be exceeded by the pattern used in ZGY Converter pipeline to construct workflow name)

    image

  • Added more logs when registering dag to debug errors easier in the future

  • ADO work item: Product Backlog Item 9650: Container Security for ZGY Converters images

Testing

  • azure_build_dag job is pulling python:3.8-slim image from MCR for DAG task image

    image

  • azure_build_dag job is pulling python:3.8-slim image from MCR for DAG load image

    image

  • azure_register_dag job has run successfully in the pipeline

  • azure_copy_dag job has run successfully in the pipeline

  • Additional testing will be done on Azure side with build pipeline against m12-master branch

Edited by Marija Dukic

Merge request reports