actions/runner-images
1
0
Fork 0
mirror of https://github.com/actions/runner-images.git synced 2026-01-04 17:18:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

[Ubuntu] Implement new directories hierarchy (#8627)

Browse Source
This commit is contained in:
Shamil Mubarakshin
2023-11-15 11:36:04 +01:00
committed by GitHub
parent d1f2c9a3be
commit 5d40b1e213
146 changed files with 393 additions and 407 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
images/ubuntu/scripts/build/Configure-Toolset.ps1 Normal file
View File

@@ -0,0 +1,95 @@
################################################################################
## File: Configure-Toolset.ps1
## Team: CI-Build
## Desc: Configure toolset
################################################################################
Import-Module "$env:HELPER_SCRIPTS/Tests.Helpers.psm1" -DisableNameChecking
function Get-ToolsetToolFullPath
{
param
(
[Parameter(Mandatory)] [string] $ToolName,
[Parameter(Mandatory)] [string] $ToolVersion,
[Parameter(Mandatory)] [string] $ToolArchitecture
)
$toolPath = Join-Path -Path $env:AGENT_TOOLSDIRECTORY -ChildPath $toolName
$toolPathVersion = Join-Path -Path $toolPath -ChildPath $toolVersion
$foundVersion = Get-Item $toolPathVersion | Sort-Object -Property {[version]$_.name} -Descending | Select-Object -First 1
$installationDir = Join-Path -Path $foundVersion -ChildPath $toolArchitecture
return $installationDir
}
function Add-EnvironmentVariable
{
param
(
[Parameter(Mandatory)] [string] $Name,
[Parameter(Mandatory)] [string] $Value,
[string] $FilePath = "/etc/environment"
)
$envVar = "{0}={1}" -f $name, $value
Tee-Object -InputObject $envVar -FilePath $filePath -Append
}
$ErrorActionPreference = "Stop"
Write-Host "Configure toolset tools environment..."
$toolsEnvironment = @{
go = @{
command = "ln -s {0}/bin/* /usr/bin/"
variableTemplate = "GOROOT_{0}_{1}_X64"
}
}
$toolset = Get-Content -Path "$env:INSTALLER_SCRIPT_FOLDER/toolset.json" -Raw | ConvertFrom-Json
foreach ($tool in $toolset.toolcache)
{
$toolName = $tool.name
$toolArch = $tool.arch
$toolEnvironment = $toolsEnvironment[$toolName]
if (-not $toolEnvironment)
{
continue
}
foreach ($toolVersion in $tool.versions)
{
Write-Host "Set $toolName $toolVersion environment variable..."
$toolPath = Get-ToolsetToolFullPath -ToolName $toolName -ToolVersion $toolVersion -ToolArchitecture $toolArch
$envName = $toolEnvironment.variableTemplate -f $toolVersion.split(".")
# Add environment variable name=value
Add-EnvironmentVariable -Name $envName -Value $toolPath
}
# Invoke command and add env variable for the default tool version
$toolDefVersion = $tool.default
if (-not $toolDefVersion)
{
continue
}
$envDefName = $toolEnvironment.defaultVariable
$toolPath = Get-ToolsetToolFullPath -ToolName $toolName -ToolVersion $toolDefVersion -ToolArchitecture $toolArch
if ($envDefName)
{
Write-Host "Set default $envDefName for $toolName $toolDefVersion environment variable..."
Add-EnvironmentVariable -Name $envDefName -Value $toolPath
}
if ($toolEnvironment.command)
{
$command = $toolEnvironment.command -f $toolPath
Write-Host "Invoke $command command for default $toolName $toolDefVersion..."
Invoke-Expression -Command $command
}
}
Invoke-PesterTests -TestFile "Toolset" -TestName "Toolset"

40
images/ubuntu/scripts/build/Install-AzureModules.ps1 Normal file
View File

@@ -0,0 +1,40 @@
$ErrorActionPreference = "Stop"
$ProgressPreference = "SilentlyContinue"
Import-Module "$env:HELPER_SCRIPTS/Tests.Helpers.psm1" -DisableNameChecking
# Get modules content from toolset
$modules = (Get-ToolsetContent).azureModules
$installPSModulePath = "/usr/share"
foreach ($module in $modules)
{
$moduleName = $module.name
Write-Host "Installing ${moduleName} to the ${installPSModulePath} path..."
foreach ($version in $module.versions)
{
$modulePath = Join-Path -Path $installPSModulePath -ChildPath "${moduleName}_${version}"
Write-Host " - $version [$modulePath]"
Save-Module -Path $modulePath -Name $moduleName -RequiredVersion $version -Force
}
$assets = Invoke-RestMethod $module.url
# Get github release asset for each version
foreach ($toolVersion in $module.zip_versions) {
$asset = $assets | Where-Object version -eq $toolVersion `
| Select-Object -ExpandProperty files `
| Select-Object -First 1
Write-Host "Installing $($module.name) $toolVersion ..."
if ($null -ne $asset) {
Write-Host "Download $($asset.filename)"
wget $asset.download_url -nv --retry-connrefused --tries=10 -P $installPSModulePath
} else {
Write-Host "Asset was not found in versions manifest"
exit 1
}
}
}
Invoke-PesterTests -TestFile "PowerShellModules" -TestName "AzureModules"

34
images/ubuntu/scripts/build/Install-PowerShellModules.ps1 Normal file
View File

@@ -0,0 +1,34 @@
$ErrorActionPreference = "Stop"
$ProgressPreference = "SilentlyContinue"
Import-Module "$env:HELPER_SCRIPTS/Tests.Helpers.psm1" -DisableNameChecking
# Specifies the installation policy
Set-PSRepository -InstallationPolicy Trusted -Name PSGallery
# Try to update PowerShellGet before the actual installation
Install-Module -Name PowerShellGet -Force
Update-Module -Name PowerShellGet -Force
# Install PowerShell modules
$modules = (Get-ToolsetContent).powershellModules
foreach($module in $modules)
{
$moduleName = $module.name
Write-Host "Installing ${moduleName} module"
if ($module.versions)
{
foreach ($version in $module.versions)
{
Write-Host " - $version"
Install-Module -Name $moduleName -RequiredVersion $version -Scope AllUsers -SkipPublisherCheck -Force
}
continue
}
Install-Module -Name $moduleName -Scope AllUsers -SkipPublisherCheck -Force
}
Invoke-PesterTests -TestFile "PowerShellModules" -TestName "PowerShellModules"

54
images/ubuntu/scripts/build/Install-Toolset.ps1 Normal file
View File

@@ -0,0 +1,54 @@
################################################################################
## File: Install-Toolset.ps1
## Team: CI-Build
## Desc: Install toolset
################################################################################
Function Install-Asset {
param(
[Parameter(Mandatory = $true)]
[object] $ReleaseAsset
)
Write-Host "Download $($ReleaseAsset.filename)"
wget $ReleaseAsset.download_url -nv --retry-connrefused --tries=10
Write-Host "Extract $($ReleaseAsset.filename) content..."
$assetFolderPath = Join-Path "/tmp" $($ReleaseAsset.filename)
New-Item -ItemType Directory -Path $assetFolderPath
tar -xzf $ReleaseAsset.filename -C $assetFolderPath
Write-Host "Invoke installation script..."
Push-Location -Path $assetFolderPath
Invoke-Expression "bash ./setup.sh"
Pop-Location
}
$ErrorActionPreference = "Stop"
# Get toolset content
$toolset = Get-Content -Path "$env:INSTALLER_SCRIPT_FOLDER/toolset.json" -Raw
$tools = ConvertFrom-Json -InputObject $toolset | Select-Object -ExpandProperty toolcache | Where-Object {$_.url -ne $null }
foreach ($tool in $tools) {
# Get versions manifest for current tool
$assets = Invoke-RestMethod $tool.url
# Get github release asset for each version
foreach ($toolVersion in $tool.versions) {
$asset = $assets | Where-Object version -like $toolVersion `
| Select-Object -ExpandProperty files `
| Where-Object { ($_.platform -eq $tool.platform) -and ($_.platform_version -eq $tool.platform_version)} `
| Select-Object -First 1
Write-Host "Installing $($tool.name) $toolVersion $($tool.arch)..."
if ($null -ne $asset) {
Install-Asset -ReleaseAsset $asset
} else {
Write-Host "Asset was not found in versions manifest"
exit 1
}
}
chown -R "$($env:SUDO_USER):$($env:SUDO_USER)" "/opt/hostedtoolcache/$($tool.name)"
}

26
images/ubuntu/scripts/build/action-archive-cache.sh Normal file
View File

@@ -0,0 +1,26 @@
#!/bin/bash -e
################################################################################
## File: action-archive-cache.sh
## Desc: Download latest release from https://github.com/actions/action-verions
## and un-tar to /opt/actionarchivecache
## Maintainer: #actions-runtime and @TingluoHuang
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
source $HELPER_SCRIPTS/etc-environment.sh
# Prepare directory and env variable for ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE
ACTION_ARCHIVE_CACHE_DIR=/opt/actionarchivecache
mkdir -p $ACTION_ARCHIVE_CACHE_DIR
chmod -R 777 $ACTION_ARCHIVE_CACHE_DIR
echo "Setting up ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE variable to ${ACTION_ARCHIVE_CACHE_DIR}"
addEtcEnvironmentVariable ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE ${ACTION_ARCHIVE_CACHE_DIR}
# Download latest release from github.com/actions/action-versions and untar to /opt/actionarchivecache
downloadUrl=$(get_github_package_download_url "actions/action-versions" "contains(\"action-versions.tar.gz\")")
echo "Downloading action-versions $downloadUrl"
download_with_retries "$downloadUrl" "/tmp" action-versions.tar.gz
tar -xzf /tmp/action-versions.tar.gz -C $ACTION_ARCHIVE_CACHE_DIR
invoke_tests "ActionArchiveCache"

33
images/ubuntu/scripts/build/aliyun-cli.sh Normal file
View File

@@ -0,0 +1,33 @@
#!/bin/bash -e
################################################################################
## File: aliyun-cli.sh
## Desc: Installs Alibaba Cloud CLI
## Supply chain security: Alibaba Cloud CLI - checksum validation
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/os.sh
source $HELPER_SCRIPTS/install.sh
# Install Alibaba Cloud CLI
# Pin tool version on ubuntu20 due to issues with GLIBC_2.32 not available
if isUbuntu20; then
toolset_version=$(get_toolset_value '.aliyunCli.version')
download_url="https://github.com/aliyun/aliyun-cli/releases/download/v$toolset_version/aliyun-cli-linux-$toolset_version-amd64.tgz"
hash_url="https://github.com/aliyun/aliyun-cli/releases/download/v$toolset_version/SHASUMS256.txt"
else
download_url=$(get_github_package_download_url "aliyun/aliyun-cli" "contains(\"aliyun-cli-linux\") and endswith(\"amd64.tgz\")")
hash_url="https://github.com/aliyun/aliyun-cli/releases/latest/download/SHASUMS256.txt"
fi
package_name="aliyun-cli-linux-amd64.tgz"
download_with_retries "$download_url" "/tmp" "$package_name"
# Supply chain security - Alibaba Cloud CLI
external_hash=$(get_hash_from_remote_file "$hash_url" "aliyun-cli-linux" "amd64.tgz")
use_checksum_comparison "/tmp/$package_name" "$external_hash"
tar xzf "/tmp/$package_name"
mv aliyun /usr/local/bin
invoke_tests "CLI.Tools" "Aliyun CLI"

126
images/ubuntu/scripts/build/android.sh Normal file
View File

@@ -0,0 +1,126 @@
#!/bin/bash -e
################################################################################
## File: android.sh
## Desc: Installs Android SDK
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/os.sh
source $HELPER_SCRIPTS/install.sh
source $HELPER_SCRIPTS/etc-environment.sh
function filter_components_by_version {
minimumVersion=$1
shift
toolsArr=("$@")
for item in ${toolsArr[@]}
do
# take the last argument after spliting string by ';'' and '-''
version=$(echo "${item##*[-;]}")
if verlte $minimumVersion $version
then
components+=($item)
fi
done
}
function get_full_ndk_version {
majorVersion=$1
ndkFullVersion=$($SDKMANAGER --list | grep "ndk;${majorVersion}.*" | awk '{gsub("ndk;", ""); print $1}' | sort -V | tail -n1)
echo "$ndkFullVersion"
}
# Set env variable for SDK Root (https://developer.android.com/studio/command-line/variables)
ANDROID_ROOT=/usr/local/lib/android
ANDROID_SDK_ROOT=${ANDROID_ROOT}/sdk
SDKMANAGER=${ANDROID_SDK_ROOT}/cmdline-tools/latest/bin/sdkmanager
echo "ANDROID_SDK_ROOT=${ANDROID_SDK_ROOT}" | tee -a /etc/environment
# ANDROID_HOME is deprecated, but older versions of Gradle rely on it
echo "ANDROID_HOME=${ANDROID_SDK_ROOT}" | tee -a /etc/environment
# Create android sdk directory
mkdir -p ${ANDROID_SDK_ROOT}
cmdlineTools="android-cmdline-tools.zip"
# Download the latest command line tools so that we can accept all of the licenses.
# See https://developer.android.com/studio/#command-tools
cmdlineToolsVersion=$(get_toolset_value '.android."cmdline-tools"')
if [[ $cmdlineToolsVersion == "latest" ]]; then
repositoryXmlUrl="https://dl.google.com/android/repository/repository2-1.xml"
download_with_retries $repositoryXmlUrl "/tmp" "repository2-1.xml"
cmdlineToolsVersion=$(
yq -p=xml \
'.sdk-repository.remotePackage[] | select(."+@path" == "cmdline-tools;latest" and .channelRef."+@ref" == "channel-0").archives.archive[].complete.url | select(contains("commandlinetools-linux"))' \
/tmp/repository2-1.xml
)
if [[ -z $cmdlineToolsVersion ]]; then
echo "Failed to parse latest command-line tools version"
exit 1
fi
fi
download_with_retries "https://dl.google.com/android/repository/${cmdlineToolsVersion}" "." $cmdlineTools
unzip -qq $cmdlineTools -d ${ANDROID_SDK_ROOT}/cmdline-tools
# Command line tools need to be placed in ${ANDROID_SDK_ROOT}/sdk/cmdline-tools/latest to determine SDK root
mv ${ANDROID_SDK_ROOT}/cmdline-tools/cmdline-tools ${ANDROID_SDK_ROOT}/cmdline-tools/latest
rm -f $cmdlineTools
# Check sdk manager installation
${SDKMANAGER} --list 1>/dev/null
if [ $? -eq 0 ]
then
echo "Android SDK manager was installed"
else
echo "Android SDK manager was not installed"
exit 1
fi
minimumBuildToolVersion=$(get_toolset_value '.android.build_tools_min_version')
minimumPlatformVersion=$(get_toolset_value '.android.platform_min_version')
extras=$(get_toolset_value '.android.extra_list[]|"extras;" + .')
addons=$(get_toolset_value '.android.addon_list[]|"add-ons;" + .')
additional=$(get_toolset_value '.android.additional_tools[]')
ANDROID_NDK_MAJOR_VERSIONS=($(get_toolset_value '.android.ndk.versions[]'))
ANDROID_NDK_MAJOR_DEFAULT=$(get_toolset_value '.android.ndk.default')
components=("${extras[@]}" "${addons[@]}" "${additional[@]}")
for ndk_version in "${ANDROID_NDK_MAJOR_VERSIONS[@]}"
do
ndk_full_version=$(get_full_ndk_version $ndk_version)
components+=("ndk;$ndk_full_version")
done
ANDROID_NDK_MAJOR_LATEST=(${ANDROID_NDK_MAJOR_VERSIONS[-1]})
ndkDefaultFullVersion=$(get_full_ndk_version $ANDROID_NDK_MAJOR_DEFAULT)
ndkLatestFullVersion=$(get_full_ndk_version $ANDROID_NDK_MAJOR_LATEST)
ANDROID_NDK="$ANDROID_SDK_ROOT/ndk/$ndkDefaultFullVersion"
# ANDROID_NDK, ANDROID_NDK_HOME, and ANDROID_NDK_ROOT variables should be set as many customer builds depend on them https://github.com/actions/runner-images/issues/5879
echo "ANDROID_NDK=${ANDROID_NDK}" | tee -a /etc/environment
echo "ANDROID_NDK_HOME=${ANDROID_NDK}" | tee -a /etc/environment
echo "ANDROID_NDK_ROOT=${ANDROID_NDK}" | tee -a /etc/environment
echo "ANDROID_NDK_LATEST_HOME=$ANDROID_SDK_ROOT/ndk/$ndkLatestFullVersion" | tee -a /etc/environment
availablePlatforms=($($SDKMANAGER --list | sed -n '/Available Packages:/,/^$/p' | grep "platforms;android-[0-9]" | cut -d"|" -f 1))
allBuildTools=($($SDKMANAGER --list | grep "build-tools;" | cut -d"|" -f 1 | sort -u))
availableBuildTools=$(echo ${allBuildTools[@]//*rc[0-9]/})
filter_components_by_version $minimumPlatformVersion "${availablePlatforms[@]}"
filter_components_by_version $minimumBuildToolVersion "${availableBuildTools[@]}"
echo "y" | $SDKMANAGER ${components[@]}
# Old skdmanager from sdk tools doesn't work with Java > 8, set version 8 explicitly
if isUbuntu20 || isUbuntu22; then
sed -i "2i export JAVA_HOME=${JAVA_HOME_8_X64}" ${ANDROID_SDK_ROOT}/tools/bin/sdkmanager
fi
# Add required permissions
chmod -R a+rwx ${ANDROID_SDK_ROOT}
reloadEtcEnvironment
invoke_tests "Android"

14
images/ubuntu/scripts/build/apache.sh Normal file
View File

@@ -0,0 +1,14 @@
#!/bin/bash -e
################################################################################
## File: apache.sh
## Desc: Installs Apache HTTP Server
################################################################################
# Install Apache
apt-get install apache2 -y
# Disable apache2.service
systemctl is-active --quiet apache2.service && systemctl stop apache2.service
systemctl disable apache2.service
invoke_tests "WebServers" "Apache"

15
images/ubuntu/scripts/build/apt-common.sh Normal file
View File

@@ -0,0 +1,15 @@
#!/bin/bash -e
################################################################################
## File: apt-common.sh
## Desc: Installs basic command line utilities and dev packages
################################################################################
source $HELPER_SCRIPTS/install.sh
common_packages=$(get_toolset_value .apt.common_packages[])
cmd_packages=$(get_toolset_value .apt.cmd_packages[])
for package in $common_packages $cmd_packages; do
echo "Install $package"
apt-get install -y --no-install-recommends $package
done
invoke_tests "Apt"

7
images/ubuntu/scripts/build/apt-mock-remove.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash -e
prefix=/usr/local/bin
for tool in apt apt-get apt-fast apt-key;do
sudo rm -f $prefix/$tool
done

51
images/ubuntu/scripts/build/apt-mock.sh Normal file
View File

@@ -0,0 +1,51 @@
#!/bin/bash -e
# A temporary workaround for https://github.com/Azure/azure-linux-extensions/issues/1238
prefix=/usr/local/bin
for real_tool in /usr/bin/apt /usr/bin/apt-get /usr/bin/apt-fast /usr/bin/apt-key;do
tool=`basename $real_tool`
cat >$prefix/$tool <<EOT
#!/bin/sh
i=1
while [ \$i -le 30 ];do
err=\$(mktemp)
$real_tool "\$@" 2>\$err
# no errors, break the loop and continue normal flow
test -f \$err || break
cat \$err >&2
retry=false
if grep -q 'Could not get lock' \$err;then
# apt db locked needs retry
retry=true
elif grep -q 'Could not open file /var/lib/apt/lists' \$err;then
# apt update is not completed, needs retry
retry=true
elif grep -q 'IPC connect call failed' \$err;then
# the delay should help with gpg-agent not ready
retry=true
elif grep -q 'Temporary failure in name resolution' \$err;then
# It looks like DNS is not updated with random generated hostname yet
retry=true
elif grep -q 'dpkg frontend is locked by another process' \$err;then
# dpkg process is busy by another process
retry=true
fi
rm \$err
if [ \$retry = false ]; then
break
fi
sleep 5
echo "...retry \$i"
i=\$((i + 1))
done
EOT
chmod +x $prefix/$tool
done

15
images/ubuntu/scripts/build/apt-ubuntu-archive.sh Normal file
View File

@@ -0,0 +1,15 @@
#!/bin/bash -e
################################################################################
## File: apt-ubuntu-archive.sh
## Desc: Script for configuring apt sources. https://manpages.ubuntu.com/manpages/jammy/en/man1/apt-transport-mirror.1.html
################################################################################
touch /etc/apt/apt-mirrors.txt
printf "http://azure.archive.ubuntu.com/ubuntu/\tpriority:1\n" | tee -a /etc/apt/apt-mirrors.txt
printf "http://archive.ubuntu.com/ubuntu/\tpriority:2\n" | tee -a /etc/apt/apt-mirrors.txt
printf "http://security.ubuntu.com/ubuntu/\tpriority:3\n" | tee -a /etc/apt/apt-mirrors.txt
sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//mirror+file:\/etc\/apt\/apt-mirrors.txt/' /etc/apt/sources.list
cp -f /etc/apt/sources.list /etc/cloud/templates/sources.list.ubuntu.tmpl

9
images/ubuntu/scripts/build/apt-vital.sh Normal file
View File

@@ -0,0 +1,9 @@
#!/bin/bash -e
################################################################################
## File: apt-vital.sh
## Desc: Installs vital command line utilities
################################################################################
source $HELPER_SCRIPTS/install.sh
vital_packages=$(get_toolset_value .apt.vital_packages[])
apt-get install -y --no-install-recommends $vital_packages

43
images/ubuntu/scripts/build/apt.sh Normal file
View File

@@ -0,0 +1,43 @@
#!/bin/bash -e
# Stop and disable apt-daily upgrade services;
systemctl stop apt-daily.timer
systemctl disable apt-daily.timer
systemctl disable apt-daily.service
systemctl stop apt-daily-upgrade.timer
systemctl disable apt-daily-upgrade.timer
systemctl disable apt-daily-upgrade.service
# Enable retry logic for apt up to 10 times
echo "APT::Acquire::Retries \"10\";" > /etc/apt/apt.conf.d/80-retries
# Configure apt to always assume Y
echo "APT::Get::Assume-Yes \"true\";" > /etc/apt/apt.conf.d/90assumeyes
# APT understands a field called Phased-Update-Percentage which can be used to control the rollout of a new version. It is an integer between 0 and 100.
# In case you have multiple systems that you want to receive the same set of updates,
# you can set APT::Machine-ID to a UUID such that they all phase the same,
# or set APT::Get::Never-Include-Phased-Updates or APT::Get::Always-Include-Phased-Updates to true such that APT will never/always consider phased updates.
# apt-cache policy pkgname
echo 'APT::Get::Always-Include-Phased-Updates "true";' > /etc/apt/apt.conf.d/99-phased-updates
# Fix bad proxy and http headers settings
cat <<EOF >> /etc/apt/apt.conf.d/99bad_proxy
Acquire::http::Pipeline-Depth 0;
Acquire::http::No-Cache true;
Acquire::BrokenProxy true;
EOF
# Uninstall unattended-upgrades
apt-get purge unattended-upgrades
echo 'APT sources'
cat /etc/apt/sources.list
apt-get update
# Install jq
apt-get install jq
# Install apt-fast using quick-install.sh
# https://github.com/ilikenwf/apt-fast
bash -c "$(curl -fsSL https://raw.githubusercontent.com/ilikenwf/apt-fast/master/quick-install.sh)"

31
images/ubuntu/scripts/build/aws.sh Normal file
View File

@@ -0,0 +1,31 @@
#!/bin/bash -e
################################################################################
## File: aws.sh
## Desc: Installs the AWS CLI, Session Manager plugin for the AWS CLI, and AWS SAM CLI
## Supply chain security: AWS SAM CLI - checksum validation
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/os.sh
source $HELPER_SCRIPTS/install.sh
download_with_retries "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" "/tmp" "awscliv2.zip"
unzip -qq /tmp/awscliv2.zip -d /tmp
/tmp/aws/install -i /usr/local/aws-cli -b /usr/local/bin
download_with_retries "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" "/tmp" "session-manager-plugin.deb"
apt install /tmp/session-manager-plugin.deb
# Download the latest aws sam cli release
aws_sam_cli_zip_name="aws-sam-cli-linux-x86_64.zip"
download_with_retries "https://github.com/aws/aws-sam-cli/releases/latest/download/${aws_sam_cli_zip_name}" "/tmp" $aws_sam_cli_zip_name
# Supply chain security - AWS SAM CLI
aws_sam_cli_hash=$(get_github_package_hash "aws" "aws-sam-cli" "${aws_sam_cli_zip_name}.. ")
use_checksum_comparison "/tmp/${aws_sam_cli_zip_name}" "$aws_sam_cli_hash"
# Install the latest aws sam cli release
unzip /tmp/${aws_sam_cli_zip_name} -d /tmp
/tmp/install
invoke_tests "CLI.Tools" "AWS"

17
images/ubuntu/scripts/build/azcopy.sh Normal file
View File

@@ -0,0 +1,17 @@
#!/bin/bash -e
################################################################################
## File: azcopy.sh
## Desc: Installs AzCopy
################################################################################
source $HELPER_SCRIPTS/install.sh
# Install AzCopy10
download_with_retries "https://aka.ms/downloadazcopy-v10-linux" "/tmp" "azcopy.tar.gz"
tar xzf /tmp/azcopy.tar.gz --strip-components=1 -C /tmp
mv /tmp/azcopy /usr/local/bin/azcopy
chmod +x /usr/local/bin/azcopy
# Create azcopy 10 alias for backward compatibility
ln -sf /usr/local/bin/azcopy /usr/local/bin/azcopy10
invoke_tests "Tools" "azcopy"

13
images/ubuntu/scripts/build/azure-cli.sh Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/bash -e
################################################################################
## File: azure-cli.sh
## Desc: Installed Azure CLI (az)
################################################################################
# Install Azure CLI (instructions taken from https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
curl -fsSL https://aka.ms/InstallAzureCLIDeb | sudo bash
echo "azure-cli https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt" >> $HELPER_SCRIPTS/apt-sources.txt
rm -f /etc/apt/sources.list.d/azure-cli.list
rm -f /etc/apt/sources.list.d/azure-cli.list.save
invoke_tests "CLI.Tools" "Azure CLI"

15
images/ubuntu/scripts/build/azure-devops-cli.sh Normal file
View File

@@ -0,0 +1,15 @@
#!/bin/bash -e
################################################################################
## File: azure-devops-cli.sh
## Desc: Installed Azure DevOps CLI (az devops)
################################################################################
# AZURE_EXTENSION_DIR shell variable defines where modules are installed
# https://docs.microsoft.com/en-us/cli/azure/azure-cli-extensions-overview
export AZURE_EXTENSION_DIR=/opt/az/azcliextensions
echo "AZURE_EXTENSION_DIR=$AZURE_EXTENSION_DIR" | tee -a /etc/environment
# install azure devops Cli extension
az extension add -n azure-devops
invoke_tests "CLI.Tools" "Azure DevOps CLI"

15
images/ubuntu/scripts/build/bazel.sh Normal file
View File

@@ -0,0 +1,15 @@
#!/bin/bash -e
################################################################################
## File: bazel.sh
## Desc: Installs Bazel and Bazelisk (A user-friendly launcher for Bazel)
################################################################################
source $HELPER_SCRIPTS/install.sh
# Install bazelisk
npm install -g @bazel/bazelisk
# run bazelisk once in order to instal /usr/local/bin/bazel binary
sudo -u $SUDO_USER bazel version
invoke_tests "Tools" "Bazel"

16
images/ubuntu/scripts/build/bicep.sh Normal file
View File

@@ -0,0 +1,16 @@
#!/bin/bash -e
################################################################################
## File: bicep.sh
## Desc: Installs bicep cli
################################################################################
source $HELPER_SCRIPTS/install.sh
# Install Bicep CLI
download_with_retries "https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64" "." "bicep.bin"
# Mark it as executable
chmod +x ./bicep.bin
# Add bicep to PATH (requires admin)
sudo mv ./bicep.bin /usr/local/bin/bicep
invoke_tests "Tools" "Bicep"

40
images/ubuntu/scripts/build/clang.sh Normal file
View File

@@ -0,0 +1,40 @@
#!/bin/bash -e
################################################################################
## File: clang.sh
## Desc: Installs Clang compiler
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
function InstallClang {
local version=$1
echo "Installing clang-$version..."
apt-get install -y "clang-$version" "lldb-$version" "lld-$version" "clang-format-$version" "clang-tidy-$version"
}
function SetDefaultClang {
local version=$1
echo "Make Clang ${version} default"
update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-${version} 100
update-alternatives --install /usr/bin/clang clang /usr/bin/clang-${version} 100
update-alternatives --install /usr/bin/clang-format clang-format /usr/bin/clang-format-${version} 100
update-alternatives --install /usr/bin/clang-tidy clang-tidy /usr/bin/clang-tidy-${version} 100
update-alternatives --install /usr/bin/run-clang-tidy run-clang-tidy /usr/bin/run-clang-tidy-${version} 100
}
versions=$(get_toolset_value '.clang.versions[]')
default_clang_version=$(get_toolset_value '.clang.default_version')
for version in ${versions[*]}; do
if [[ $version != $default_clang_version ]]; then
InstallClang $version
fi
done
InstallClang $default_clang_version
SetDefaultClang $default_clang_version
invoke_tests "Tools" "clang"

34
images/ubuntu/scripts/build/cleanup.sh Normal file
View File

@@ -0,0 +1,34 @@
#!/bin/bash -e
# before cleanup
before=$(df / -Pm | awk 'NR==2{print $4}')
# clears out the local repository of retrieved package files
# It removes everything but the lock file from /var/cache/apt/archives/ and /var/cache/apt/archives/partial
apt-get clean
rm -rf /tmp/*
rm -rf /root/.cache
# journalctl
if command -v journalctl; then
journalctl --rotate
journalctl --vacuum-time=1s
fi
# delete all .gz and rotated file
find /var/log -type f -regex ".*\.gz$" -delete
find /var/log -type f -regex ".*\.[0-9]$" -delete
# wipe log files
find /var/log/ -type f -exec cp /dev/null {} \;
# after cleanup
after=$(df / -Pm | awk 'NR==2{print $4}')
# display size
echo "Before: $before MB"
echo "After : $after MB"
echo "Delta : $(($after-$before)) MB"
# delete symlink for tests running
rm -f /usr/local/bin/invoke_tests

29
images/ubuntu/scripts/build/cmake.sh Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/bash -e
################################################################################
## File: cmake.sh
## Desc: Installs CMake
## Supply chain security: CMake - checksum validation
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
# Test to see if the software in question is already installed, if not install it
echo "Checking to see if the installer script has already been run"
if command -v cmake; then
echo "cmake is already installed"
else
# Download script to install CMake
download_url=$(get_github_package_download_url "Kitware/CMake" "endswith(\"inux-x86_64.sh\")")
curl -fsSL "${download_url}" -o cmakeinstall.sh
# Supply chain security - CMake
hash_url=$(get_github_package_download_url "Kitware/CMake" "endswith(\"SHA-256.txt\")")
external_hash=$(get_hash_from_remote_file "$hash_url" "linux-x86_64.sh")
use_checksum_comparison "cmakeinstall.sh" "$external_hash"
# Install CMake and remove the install script
chmod +x cmakeinstall.sh \
&& ./cmakeinstall.sh --prefix=/usr/local --exclude-subdir \
&& rm cmakeinstall.sh
fi
invoke_tests "Tools" "Cmake"

31
images/ubuntu/scripts/build/codeql-bundle.sh Normal file
View File

@@ -0,0 +1,31 @@
#!/bin/bash -e
################################################################################
## File: codeql-bundle.sh
## Desc: Install the CodeQL CLI Bundle to the toolcache.
################################################################################
source $HELPER_SCRIPTS/install.sh
# Retrieve the CLI version of the latest CodeQL bundle.
base_url="$(curl -fsSL https://raw.githubusercontent.com/github/codeql-action/v2/src/defaults.json)"
bundle_version="$(echo "$base_url" | jq -r '.cliVersion')"
bundle_tag_name="codeql-bundle-v$bundle_version"
echo "Downloading CodeQL bundle $bundle_version..."
# Note that this is the all-platforms CodeQL bundle, to support scenarios where customers run
# different operating systems within containers.
download_with_retries "https://github.com/github/codeql-action/releases/download/$bundle_tag_name/codeql-bundle.tar.gz" "/tmp" "codeql-bundle.tar.gz"
codeql_archive="/tmp/codeql-bundle.tar.gz"
codeql_toolcache_path="$AGENT_TOOLSDIRECTORY/CodeQL/$bundle_version/x64"
mkdir -p "$codeql_toolcache_path"
echo "Unpacking the downloaded CodeQL bundle archive..."
tar -xzf "$codeql_archive" -C "$codeql_toolcache_path"
# Touch a file to indicate to the CodeQL Action that this bundle shipped with the toolcache. This is
# to support overriding the CodeQL version specified in defaults.json on GitHub Enterprise.
touch "$codeql_toolcache_path/pinned-version"
# Touch a file to indicate to the toolcache that setting up CodeQL is complete.
touch "$codeql_toolcache_path.complete"

12
images/ubuntu/scripts/build/complete-snap-setup.sh Normal file
View File

@@ -0,0 +1,12 @@
#!/bin/bash -e
################################################################################
## File: snap-environment.sh
## Desc: Update /etc/environment to include /snap/bin in PATH
## because /etc/profile.d is ignored by `--norc` shell launch option
################################################################################
# Source the helpers
source $HELPER_SCRIPTS/etc-environment.sh
# Update /etc/environemnt
prependEtcEnvironmentPath "/snap/bin"

62
images/ubuntu/scripts/build/configure-environment.sh Normal file
View File

@@ -0,0 +1,62 @@
#!/bin/bash -e
# Source the helpers for use with the script
source $HELPER_SCRIPTS/os.sh
# Set ImageVersion and ImageOS env variables
echo ImageVersion=$IMAGE_VERSION | tee -a /etc/environment
echo ImageOS=$IMAGE_OS | tee -a /etc/environment
# Set the ACCEPT_EULA variable to Y value to confirm your acceptance of the End-User Licensing Agreement
echo ACCEPT_EULA=Y | tee -a /etc/environment
# This directory is supposed to be created in $HOME and owned by user(https://github.com/actions/runner-images/issues/491)
mkdir -p /etc/skel/.config/configstore
echo 'XDG_CONFIG_HOME=$HOME/.config' | tee -a /etc/environment
# Change waagent entries to use /mnt for swapfile
sed -i 's/ResourceDisk.Format=n/ResourceDisk.Format=y/g' /etc/waagent.conf
sed -i 's/ResourceDisk.EnableSwap=n/ResourceDisk.EnableSwap=y/g' /etc/waagent.conf
sed -i 's/ResourceDisk.SwapSizeMB=0/ResourceDisk.SwapSizeMB=4096/g' /etc/waagent.conf
# Add localhost alias to ::1 IPv6
sed -i 's/::1 ip6-localhost ip6-loopback/::1 localhost ip6-localhost ip6-loopback/g' /etc/hosts
# Prepare directory and env variable for toolcache
AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache
mkdir $AGENT_TOOLSDIRECTORY
echo "AGENT_TOOLSDIRECTORY=$AGENT_TOOLSDIRECTORY" | tee -a /etc/environment
chmod -R 777 $AGENT_TOOLSDIRECTORY
# https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html
# https://www.suse.com/support/kb/doc/?id=000016692
echo 'vm.max_map_count=262144' | tee -a /etc/sysctl.conf
# https://kind.sigs.k8s.io/docs/user/known-issues/#pod-errors-due-to-too-many-open-files
echo 'fs.inotify.max_user_watches=655360' | tee -a /etc/sysctl.conf
echo 'fs.inotify.max_user_instances=1280' | tee -a /etc/sysctl.conf
# https://github.com/actions/runner-images/pull/7860
netfilter_rule='/etc/udev/rules.d/50-netfilter.rules'
rulesd="$(dirname "${netfilter_rule}")"
mkdir -p $rulesd
touch $netfilter_rule
echo 'ACTION=="add", SUBSYSTEM=="module", KERNEL=="nf_conntrack", RUN+="/usr/sbin/sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1"' | tee -a $netfilter_rule
# Create symlink for tests running
chmod +x $HELPER_SCRIPTS/invoke-tests.sh
ln -s $HELPER_SCRIPTS/invoke-tests.sh /usr/local/bin/invoke_tests
# Disable motd updates metadata
sed -i 's/ENABLED=1/ENABLED=0/g' /etc/default/motd-news
if [[ -f "/etc/fwupd/daemon.conf" ]]; then
sed -i 's/UpdateMotd=true/UpdateMotd=false/g' /etc/fwupd/daemon.conf
systemctl mask fwupd-refresh.timer
fi
# Disable to load providers
# https://github.com/microsoft/azure-pipelines-agent/issues/3834
if isUbuntu22; then
sed -i 's/openssl_conf = openssl_init/#openssl_conf = openssl_init/g' /etc/ssl/openssl.cnf
fi

41
images/ubuntu/scripts/build/containers.sh Normal file
View File

@@ -0,0 +1,41 @@
#!/bin/bash -e
################################################################################
## File: containers.sh
## Desc: Installs container tools: podman, buildah and skopeo onto the image
################################################################################
source $HELPER_SCRIPTS/os.sh
#
# pin podman due to https://github.com/actions/runner-images/issues/7753
# https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/2024394
#
if isUbuntu20; then
install_packages=(podman buildah skopeo)
else
install_packages=(podman=3.4.4+ds1-1ubuntu1 buildah skopeo)
fi
# Packages is available in the official Ubuntu upstream starting from Ubuntu 21
if isUbuntu20; then
REPO_URL="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable"
source /etc/os-release
sh -c "echo 'deb ${REPO_URL}/x${NAME}_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list"
wget -nv https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/x${NAME}_${VERSION_ID}/Release.key -O Release.key
apt-key add Release.key
fi
# Install podman, buildah, scopeo container's tools
apt-get update
apt-get -y install ${install_packages[@]}
mkdir -p /etc/containers
echo -e "[registries.search]\nregistries = ['docker.io', 'quay.io']" | tee /etc/containers/registries.conf
if isUbuntu20; then
# Remove source repo
rm /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
# Document source repo
echo "containers $REPO_URL" >> $HELPER_SCRIPTS/apt-sources.txt
fi
invoke_tests "Tools" "Containers"

20
images/ubuntu/scripts/build/docker-compose.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/bash -e
################################################################################
## File: docker-compose.sh
## Desc: Installs Docker Compose v1
## Supply chain security: Docker Compose v1 - checksum validation
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
# Install docker-compose v1 from releases
URL="https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64"
curl -fsSL "${URL}" -o /tmp/docker-compose-v1
# Supply chain security - Docker Compose v1
external_hash=$(get_hash_from_remote_file "${URL}.sha256" "compose-Linux-x86_64")
use_checksum_comparison "/tmp/docker-compose-v1" "${external_hash}"
install /tmp/docker-compose-v1 /usr/local/bin/docker-compose
invoke_tests "Tools" "Docker-compose v1"

84
images/ubuntu/scripts/build/docker.sh Normal file
View File

@@ -0,0 +1,84 @@
#!/bin/bash -e
################################################################################
## File: docker.sh
## Desc: Installs docker onto the image
## Supply chain security: Docker Compose v2, amazon-ecr-credential-helper - checksum validation
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/os.sh
source $HELPER_SCRIPTS/install.sh
repo_url="https://download.docker.com/linux/ubuntu"
gpg_key="/usr/share/keyrings/docker.gpg"
repo_path="/etc/apt/sources.list.d/docker.list"
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o $gpg_key
echo "deb [arch=amd64 signed-by=$gpg_key] $repo_url $(getOSVersionLabel) stable" > $repo_path
apt-get update
apt-get install --no-install-recommends docker-ce docker-ce-cli containerd.io docker-buildx-plugin
# Download docker compose v2 from releases
URL=$(get_github_package_download_url "docker/compose" "contains(\"compose-linux-x86_64\")")
curl -fsSL "${URL}" -o /tmp/docker-compose
# Supply chain security - Docker Compose v2
compose_hash_url=$(get_github_package_download_url "docker/compose" "contains(\"checksums.txt\")")
compose_external_hash=$(get_hash_from_remote_file "${compose_hash_url}" "compose-linux-x86_64")
use_checksum_comparison "/tmp/docker-compose" "${compose_external_hash}"
# Install docker compose v2
install /tmp/docker-compose /usr/libexec/docker/cli-plugins/docker-compose
# docker from official repo introduced different GID generation: https://github.com/actions/runner-images/issues/8157
gid=$(cut -d ":" -f 3 /etc/group | grep "^1..$" | sort -n | tail -n 1 | awk '{ print $1+1 }')
groupmod -g $gid docker
chgrp -hR docker /run/docker.sock
# Enable docker.service
systemctl is-active --quiet docker.service || systemctl start docker.service
systemctl is-enabled --quiet docker.service || systemctl enable docker.service
# Docker daemon takes time to come up after installing
sleep 10
docker info
if [ "${DOCKERHUB_PULL_IMAGES:-yes}" == "yes" ]; then
# If credentials are provided, attempt to log into Docker Hub
# with a paid account to avoid Docker Hub's rate limit.
if [ "${DOCKERHUB_LOGIN}" ] && [ "${DOCKERHUB_PASSWORD}" ]; then
docker login --username "${DOCKERHUB_LOGIN}" --password "${DOCKERHUB_PASSWORD}"
fi
# Pull images
images=$(get_toolset_value '.docker.images[]')
for image in $images; do
docker pull "$image"
done
# Always attempt to logout so we do not leave our credentials on the built
# image. Logout _should_ return a zero exit code even if no credentials were
# stored from earlier.
docker logout
else
echo "Skipping docker images pulling"
fi
# Download amazon-ecr-credential-helper
aws_helper="docker-credential-ecr-login"
aws_latest_release_url="https://api.github.com/repos/awslabs/amazon-ecr-credential-helper/releases/latest"
aws_helper_url=$(curl "${authString[@]}" -fsSL "${aws_latest_release_url}" | jq -r '.body' | awk -F'[()]' '/linux-amd64/ {print $2}')
download_with_retries "${aws_helper_url}" "/tmp" "${aws_helper}"
# Supply chain security - amazon-ecr-credential-helper
aws_helper_external_hash=$(get_hash_from_remote_file "${aws_helper_url}.sha256" "${aws_helper}")
use_checksum_comparison "/tmp/${aws_helper}" "${aws_helper_external_hash}"
# Install amazon-ecr-credential-helper
install "/tmp/${aws_helper}" "/usr/bin/${aws_helper}"
# Cleanup custom repositories
rm $gpg_key
rm $repo_path
invoke_tests "Tools" "Docker"
if [ "${DOCKERHUB_PULL_IMAGES:-yes}" == "yes" ]; then
invoke_tests "Tools" "Docker images"
fi

98
images/ubuntu/scripts/build/dotnetcore-sdk.sh Normal file
View File

@@ -0,0 +1,98 @@
#!/bin/bash -e
################################################################################
## File: dotnetcore-sdk.sh
## Desc: Installs .NET Core SDK
################################################################################
source $HELPER_SCRIPTS/etc-environment.sh
source $HELPER_SCRIPTS/install.sh
source $HELPER_SCRIPTS/os.sh
# Ubuntu 20 doesn't support EOL versions
LATEST_DOTNET_PACKAGES=$(get_toolset_value '.dotnet.aptPackages[]')
DOTNET_VERSIONS=$(get_toolset_value '.dotnet.versions[]')
DOTNET_TOOLS=$(get_toolset_value '.dotnet.tools[].name')
# Disable telemetry
export DOTNET_CLI_TELEMETRY_OPTOUT=1
# There is a versions conflict, that leads to
# Microsoft <-> Canonical repos dependencies mix up.
# Give Microsoft's repo higher priority to avoid collisions.
# See: https://github.com/dotnet/core/issues/7699
cat << EOF > /etc/apt/preferences.d/dotnet
Package: *net*
Pin: origin packages.microsoft.com
Pin-Priority: 1001
EOF
apt-get update
for latest_package in ${LATEST_DOTNET_PACKAGES[@]}; do
echo "Determing if .NET Core ($latest_package) is installed"
if ! IsPackageInstalled $latest_package; then
echo "Could not find .NET Core ($latest_package), installing..."
apt-get install $latest_package -y
else
echo ".NET Core ($latest_package) is already installed"
fi
done
rm /etc/apt/preferences.d/dotnet
apt-get update
# Get list of all released SDKs from channels which are not end-of-life or preview
sdks=()
for version in ${DOTNET_VERSIONS[@]}; do
release_url="https://dotnetcli.blob.core.windows.net/dotnet/release-metadata/${version}/releases.json"
download_with_retries "${release_url}" "." "${version}.json"
releases=$(cat "./${version}.json")
if [[ $version == "6.0" ]]; then
sdks=("${sdks[@]}" $(echo "${releases}" | jq -r 'first(.releases[].sdks[]?.version | select(contains("preview") or contains("rc") | not))'))
else
sdks=("${sdks[@]}" $(echo "${releases}" | jq -r '.releases[].sdk.version | select(contains("preview") or contains("rc") | not)'))
sdks=("${sdks[@]}" $(echo "${releases}" | jq -r '.releases[].sdks[]?.version | select(contains("preview") or contains("rc") | not)'))
fi
rm ./${version}.json
done
sortedSdks=$(echo ${sdks[@]} | tr ' ' '\n' | sort -r | uniq -w 5)
extract_dotnet_sdk() {
local ARCHIVE_NAME="$1"
set -e
dest="./tmp-$(basename -s .tar.gz $ARCHIVE_NAME)"
echo "Extracting $ARCHIVE_NAME to $dest"
mkdir "$dest" && tar -C "$dest" -xzf "$ARCHIVE_NAME"
rsync -qav --remove-source-files "$dest/shared/" /usr/share/dotnet/shared/
rsync -qav --remove-source-files "$dest/host/" /usr/share/dotnet/host/
rsync -qav --remove-source-files "$dest/sdk/" /usr/share/dotnet/sdk/
rm -rf "$dest" "$ARCHIVE_NAME"
}
# Download/install additional SDKs in parallel
export -f download_with_retries
export -f extract_dotnet_sdk
parallel --jobs 0 --halt soon,fail=1 \
'url="https://dotnetcli.blob.core.windows.net/dotnet/Sdk/{}/dotnet-sdk-{}-linux-x64.tar.gz"; \
download_with_retries $url' ::: "${sortedSdks[@]}"
find . -name "*.tar.gz" | parallel --halt soon,fail=1 'extract_dotnet_sdk {}'
# NuGetFallbackFolder at /usr/share/dotnet/sdk/NuGetFallbackFolder is warmed up by smoke test
# Additional FTE will just copy to ~/.dotnet/NuGet which provides no benefit on a fungible machine
setEtcEnvironmentVariable DOTNET_SKIP_FIRST_TIME_EXPERIENCE 1
setEtcEnvironmentVariable DOTNET_NOLOGO 1
setEtcEnvironmentVariable DOTNET_MULTILEVEL_LOOKUP 0
prependEtcEnvironmentPath '$HOME/.dotnet/tools'
# install dotnet tools
for dotnet_tool in ${DOTNET_TOOLS[@]}; do
echo "Installing dotnet tool $dotnet_tool"
dotnet tool install $dotnet_tool --tool-path '/etc/skel/.dotnet/tools'
done
invoke_tests "DotnetSDK"

25
images/ubuntu/scripts/build/dpkg-config.sh Normal file
View File

@@ -0,0 +1,25 @@
#!/bin/bash -e
# This is the anti-frontend. It never interacts with you at all,
# and makes the default answers be used for all questions. It
# might mail error messages to root, but that's it; otherwise it
# is completely silent and unobtrusive, a perfect frontend for
# automatic installs. If you are using this front-end, and require
# non-default answers to questions, you will need to preseed the
# debconf database
echo 'DEBIAN_FRONTEND=noninteractive' | tee -a /etc/environment
# dpkg can be instructed not to ask for confirmation
# when replacing a configuration file (with the --force-confdef --force-confold options)
cat <<EOF >> /etc/apt/apt.conf.d/10dpkg-options
Dpkg::Options {
"--force-confdef";
"--force-confold";
}
EOF
# hide information about packages that are no longer required
cat <<EOF >> /etc/apt/apt.conf.d/10apt-autoremove
APT::Get::AutomaticRemove "0";
APT::Get::HideAutoRemove "1";
EOF

29
images/ubuntu/scripts/build/erlang.sh Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/bash -e
################################################################################
## File: erlang.sh
## Desc: Installs erlang
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
source_list=/etc/apt/sources.list.d/eslerlang.list
source_key=/usr/share/keyrings/eslerlang.gpg
# Install Erlang
wget -q -O - https://packages.erlang-solutions.com/ubuntu/erlang_solutions.asc | gpg --dearmor > $source_key
echo "deb [signed-by=$source_key] https://packages.erlang-solutions.com/ubuntu $(lsb_release -cs) contrib" > $source_list
apt-get update
apt-get install --no-install-recommends esl-erlang
# Install rebar3
rebar3_url="https://github.com/erlang/rebar3/releases/latest/download/rebar3"
download_with_retries $rebar3_url "/usr/local/bin" "rebar3"
chmod +x /usr/local/bin/rebar3
# Clean up source list
rm $source_list
rm $source_key
invoke_tests "Tools" "erlang"

23
images/ubuntu/scripts/build/example.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/bash -e
################################################################################
## File: example.sh
## Desc: This is an example script that can be copied to add a new software
## installer to the image
################################################################################
# Test to see if the software in question is already installed, if not install it
echo "Checking to see if the installer script has already been run"
if [ -z $EXAMPLE_VAR ]; then
$EXAMPLE_VAR=1.0.0
else
echo "Example variable already set to $EXAMPLE_VAR"
fi
# Run tests to determine that the software installed as expected
echo "Testing to make sure that script performed as expected, and basic scenarios work"
if [ -z $EXAMPLE_VAR ]; then
echo "EXAMPLE_VAR variable was not set as expected"
exit 1
else
echo "EXAMPLE_VAR was set properly"
fi

50
images/ubuntu/scripts/build/firefox.sh Normal file
View File

@@ -0,0 +1,50 @@
#!/bin/bash -e
################################################################################
## File: firefox.sh
## Desc: Installs Firefox
################################################################################
# Source the helpers for use with the script
# shellcheck source=../helpers/install.sh
source "$HELPER_SCRIPTS/install.sh"
# shellcheck source=../helpers/os.sh
source "$HELPER_SCRIPTS/os.sh"
# Mozillateam PPA is added manually because sometimes
# lanuchad portal sends empty answer when trying to add it automatically
repo_url="http://ppa.launchpad.net/mozillateam/ppa/ubuntu"
gpg_fingerprint="0ab215679c571d1c8325275b9bdb3d89ce49ec21"
gpg_key="/etc/apt/trusted.gpg.d/mozillateam_ubuntu_ppa.gpg"
repo_path="/etc/apt/sources.list.d/mozillateam-ubuntu-ppa-focal.list"
# Install Firefox
curl -fsSL "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x${gpg_fingerprint}" | sudo gpg --dearmor -o $gpg_key
echo "deb $repo_url $(getOSVersionLabel) main" > $repo_path
apt-get update
apt-get install --target-release 'o=LP-PPA-mozillateam' -y firefox
rm $repo_path
# Document apt source repo's
echo "mozillateam $repo_url" >> $HELPER_SCRIPTS/apt-sources.txt
# add to gloabl system preferences for firefox locale en_US, because other browsers have en_US local.
# Default firefox local is en_GB
echo 'pref("intl.locale.requested","en_US");' >> "/usr/lib/firefox/browser/defaults/preferences/syspref.js"
# Download and unpack latest release of geckodriver
downloadUrl=$(get_github_package_download_url "mozilla/geckodriver" "test(\"linux64.tar.gz$\")")
download_with_retries "$downloadUrl" "/tmp" geckodriver.tar.gz
GECKODRIVER_DIR="/usr/local/share/gecko_driver"
GECKODRIVER_BIN="$GECKODRIVER_DIR/geckodriver"
mkdir -p $GECKODRIVER_DIR
tar -xzf /tmp/geckodriver.tar.gz -C $GECKODRIVER_DIR
chmod +x $GECKODRIVER_BIN
ln -s "$GECKODRIVER_BIN" /usr/bin/
echo "GECKOWEBDRIVER=$GECKODRIVER_DIR" | tee -a /etc/environment
invoke_tests "Browsers" "Firefox"

28
images/ubuntu/scripts/build/gcc.sh Normal file
View File

@@ -0,0 +1,28 @@
#!/bin/bash -e
################################################################################
## File: gcc.sh
## Desc: Installs GNU C++
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/os.sh
source $HELPER_SCRIPTS/install.sh
function InstallGcc {
version=$1
echo "Installing $version..."
apt-get install $version -y
}
# Install GNU C++ compiler
add-apt-repository ppa:ubuntu-toolchain-r/test -y
apt-get update -y
versions=$(get_toolset_value '.gcc.versions[]')
for version in ${versions[*]}; do
InstallGcc $version
done
invoke_tests "Tools" "gcc"

27
images/ubuntu/scripts/build/gfortran.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/bin/bash -e
################################################################################
## File: gfortran.sh
## Desc: Installs GNU Fortran
################################################################################
source $HELPER_SCRIPTS/install.sh
source $HELPER_SCRIPTS/os.sh
function InstallFortran {
version=$1
echo "Installing $version..."
apt-get install $version -y
}
# Install GNU Fortran compiler
add-apt-repository ppa:ubuntu-toolchain-r/test -y
apt-get update -y
versions=$(get_toolset_value '.gfortran.versions[]')
for version in ${versions[*]}
do
InstallFortran $version
done
invoke_tests "Tools" "gfortran"

22
images/ubuntu/scripts/build/git-lfs.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash -e
################################################################################
## File: git-lfs.sh
## Desc: Installs Git-lfs
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
GIT_LFS_REPO="https://packagecloud.io/install/repositories/github/git-lfs"
# Install git-lfs
curl -fsSL $GIT_LFS_REPO/script.deb.sh | bash
apt-get install -y git-lfs
# Remove source repo's
rm /etc/apt/sources.list.d/github_git-lfs.list
# Document apt source repo's
echo "git-lfs $GIT_LFS_REPO" >> $HELPER_SCRIPTS/apt-sources.txt
invoke_tests "Tools" "Git-lfs"

36
images/ubuntu/scripts/build/git.sh Normal file
View File

@@ -0,0 +1,36 @@
#!/bin/bash -e
################################################################################
## File: git.sh
## Desc: Installs Git
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
GIT_REPO="ppa:git-core/ppa"
## Install git
add-apt-repository $GIT_REPO -y
apt-get update
apt-get install git -y
git --version
# Git version 2.35.2 introduces security fix that breaks action\checkout https://github.com/actions/checkout/issues/760
cat <<EOF >> /etc/gitconfig
[safe]
directory = *
EOF
# Install git-ftp
apt-get install git-ftp -y
# Remove source repo's
add-apt-repository --remove $GIT_REPO
# Document apt source repo's
echo "git-core $GIT_REPO" >> $HELPER_SCRIPTS/apt-sources.txt
# Add well-known SSH host keys to known_hosts
ssh-keyscan -t rsa,ecdsa,ed25519 github.com >> /etc/ssh/ssh_known_hosts
ssh-keyscan -t rsa ssh.dev.azure.com >> /etc/ssh/ssh_known_hosts
invoke_tests "Tools" "Git"

22
images/ubuntu/scripts/build/github-cli.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash -e
################################################################################
## File: github-cli.sh
## Desc: Installs GitHub CLI
## Must be run as non-root user after homebrew
## Supply chain security: GitHub CLI - checksum validation
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
# Download GitHub CLI
URL=$(get_github_package_download_url "cli/cli" "contains(\"linux\") and contains(\"amd64\") and contains(\".deb\")")
download_with_retries "${URL}" "/tmp" "gh_cli_linux_amd64.deb"
# Supply chain security - GitHub CLI
hash_url=$(get_github_package_download_url "cli/cli" "contains(\"checksums.txt\")")
external_hash=$(get_hash_from_remote_file "${hash_url}" "linux_amd64.deb")
use_checksum_comparison "/tmp/gh_cli_linux_amd64.deb" "${external_hash}"
# Install GitHub CLI
apt install /tmp/gh_cli_linux_amd64.deb
invoke_tests "CLI.Tools" "GitHub CLI"

86
images/ubuntu/scripts/build/google-chrome.sh Normal file
View File

@@ -0,0 +1,86 @@
#!/bin/bash -e
################################################################################
## File: google-chrome.sh
## Desc: Installs google-chrome, chromedriver and chromium
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
function GetChromiumRevision {
CHROME_REVISION=$1
# Take the first part of the revision variable to search not only for a specific version,
# but also for similar ones, so that we can get a previous one if the required revision is not found
CHROME_REVISION_PREFIX=${CHROME_REVISION:0:${#CHROME_REVISION}/2+1}
SEARCH_URL="https://www.googleapis.com/storage/v1/b/chromium-browser-snapshots/o?delimiter=/&prefix=Linux_x64"
# Revision can include a hash instead of a number. Need to filter it out https://github.com/actions/runner-images/issues/5256
REVISIONS_AVAILABLE=$(curl -s $SEARCH_URL/${CHROME_REVISION_PREFIX} | jq -r '.prefixes[]' | grep -E "Linux_x64\/[0-9]+\/"| cut -d "/" -f 2 | sort --version-sort)
# If required Chromium revision is not found in the list
# we should have to decrement the revision number until we find one.
# This is mentioned in the documentation we use for this installation:
# https://www.chromium.org/getting-involved/download-chromium
LATEST_VALID_REVISION=$(echo $REVISIONS_AVAILABLE | cut -f 1 -d " ")
for REVISION in $REVISIONS_AVAILABLE; do
if [ "$CHROME_REVISION" -lt "$REVISION" ]; then
break
fi
LATEST_VALID_REVISION=$REVISION
done
echo $LATEST_VALID_REVISION
}
# Download and install Google Chrome
CHROME_DEB_URL="https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb"
CHROME_DEB_NAME="google-chrome-stable_current_amd64.deb"
download_with_retries $CHROME_DEB_URL "/tmp" "${CHROME_DEB_NAME}"
apt install "/tmp/${CHROME_DEB_NAME}" -f
echo "CHROME_BIN=/usr/bin/google-chrome" | tee -a /etc/environment
# Remove Google Chrome repo
rm -f /etc/cron.daily/google-chrome /etc/apt/sources.list.d/google-chrome.list /etc/apt/sources.list.d/google-chrome.list.save
# Parse Google Chrome version
FULL_CHROME_VERSION=$(google-chrome --product-version)
CHROME_VERSION=${FULL_CHROME_VERSION%.*}
echo "Chrome version is $FULL_CHROME_VERSION"
# Get chrome versions information
CHROME_PLATFORM="linux64"
CHROME_VERSIONS_URL="https://googlechromelabs.github.io/chrome-for-testing/latest-patch-versions-per-build-with-downloads.json"
CHROME_VERSIONS_JSON=$(curl -fsSL "${CHROME_VERSIONS_URL}")
# Download and unpack the latest release of chromedriver
CHROMEDRIVER_VERSION=$(echo "${CHROME_VERSIONS_JSON}" | jq -r '.builds["'"$CHROME_VERSION"'"].version')
CHROMEDRIVER_URL=$(echo "${CHROME_VERSIONS_JSON}" | jq -r '.builds["'"$CHROME_VERSION"'"].downloads.chromedriver[] | select(.platform=="'"${CHROME_PLATFORM}"'").url')
CHROMEDRIVER_ARCHIVE="chromedriver_linux64.zip"
CHROMEDRIVER_DIR="/usr/local/share/chromedriver-linux64"
CHROMEDRIVER_BIN="$CHROMEDRIVER_DIR/chromedriver"
echo "Installing chromedriver version $CHROMEDRIVER_VERSION"
download_with_retries $CHROMEDRIVER_URL "/tmp" $CHROMEDRIVER_ARCHIVE
unzip -qq /tmp/$CHROMEDRIVER_ARCHIVE -d /usr/local/share
chmod +x $CHROMEDRIVER_BIN
ln -s "$CHROMEDRIVER_BIN" /usr/bin/
echo "CHROMEWEBDRIVER=$CHROMEDRIVER_DIR" | tee -a /etc/environment
# Download and unpack Chromium
CHROME_REVISION=$(echo "${CHROME_VERSIONS_JSON}" | jq -r '.builds["'"$CHROME_VERSION"'"].revision')
CHROMIUM_REVISION=$(GetChromiumRevision $CHROME_REVISION)
CHROMIUM_URL="https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Linux_x64%2F${CHROMIUM_REVISION}%2Fchrome-linux.zip?alt=media"
CHROMIUM_ARCHIVE="${CHROMIUM_REVISION}-chromium-linux.zip"
CHROMIUM_DIR="/usr/local/share/chromium"
CHROMIUM_BIN="${CHROMIUM_DIR}/chrome-linux/chrome"
echo "Installing chromium revision $CHROMIUM_REVISION"
download_with_retries $CHROMIUM_URL "/tmp" $CHROMIUM_ARCHIVE
mkdir $CHROMIUM_DIR
unzip -qq /tmp/$CHROMIUM_ARCHIVE -d $CHROMIUM_DIR
ln -s $CHROMIUM_BIN /usr/bin/chromium
ln -s $CHROMIUM_BIN /usr/bin/chromium-browser
invoke_tests "Browsers" "Chrome"
invoke_tests "Browsers" "Chromium"

22
images/ubuntu/scripts/build/google-cloud-cli.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash -e
################################################################################
## File: google-cloud-cli.sh
## Desc: Installs the Google Cloud CLI
################################################################################
REPO_URL="https://packages.cloud.google.com/apt"
# Install the Google Cloud CLI
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] $REPO_URL cloud-sdk main" > /etc/apt/sources.list.d/google-cloud-sdk.list
wget -qO- https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor > /usr/share/keyrings/cloud.google.gpg
apt-get update -y
apt-get install -y google-cloud-cli
# remove apt
rm /etc/apt/sources.list.d/google-cloud-sdk.list
rm /usr/share/keyrings/cloud.google.gpg
# add repo to the apt-sources.txt
echo "google-cloud-sdk $REPO_URL" >> $HELPER_SCRIPTS/apt-sources.txt
invoke_tests "CLI.Tools" "Google Cloud CLI"

44
images/ubuntu/scripts/build/haskell.sh Normal file
View File

@@ -0,0 +1,44 @@
#!/bin/bash -e
################################################################################
## File: haskell.sh
## Desc: Installs Haskell
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/etc-environment.sh
# Any nonzero value for noninteractive installation
export BOOTSTRAP_HASKELL_NONINTERACTIVE=1
export BOOTSTRAP_HASKELL_INSTALL_NO_STACK_HOOK=1
export GHCUP_INSTALL_BASE_PREFIX=/usr/local
export BOOTSTRAP_HASKELL_GHC_VERSION=0
ghcup_bin=$GHCUP_INSTALL_BASE_PREFIX/.ghcup/bin
setEtcEnvironmentVariable "BOOTSTRAP_HASKELL_NONINTERACTIVE" $BOOTSTRAP_HASKELL_NONINTERACTIVE
setEtcEnvironmentVariable "GHCUP_INSTALL_BASE_PREFIX" $GHCUP_INSTALL_BASE_PREFIX
# Install GHCup
curl --proto '=https' --tlsv1.2 -fsSL https://get-ghcup.haskell.org | sh > /dev/null 2>&1 || true
export PATH="$ghcup_bin:$PATH"
prependEtcEnvironmentPath $ghcup_bin
availableVersions=$(ghcup list -t ghc -r | grep -v "prerelease" | awk '{print $2}')
# Get 2 latest Haskell Major.Minor versions
minorMajorVersions=$(echo "$availableVersions" | cut -d"." -f 1,2 | uniq | tail -n2)
for majorMinorVersion in $minorMajorVersions; do
fullVersion=$(echo "$availableVersions" | grep "$majorMinorVersion." | tail -n1)
echo "install ghc version $fullVersion..."
ghcup install ghc $fullVersion
ghcup set ghc $fullVersion
done
echo "install cabal..."
ghcup install cabal latest
chmod -R 777 $GHCUP_INSTALL_BASE_PREFIX/.ghcup
ln -s $GHCUP_INSTALL_BASE_PREFIX/.ghcup /etc/skel/.ghcup
# Install the latest stable release of haskell stack
curl -fsSL https://get.haskellstack.org/ | sh
invoke_tests "Haskell"

21
images/ubuntu/scripts/build/heroku.sh Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/bash -e
################################################################################
## File: heroku.sh
## Desc: This script installs Heroku CLI. Based on instructions found here: https://devcenter.heroku.com/articles/heroku-cli
################################################################################
## Install Heroku CLI
# add heroku repository to apt
echo "deb https://cli-assets.heroku.com/channels/stable/apt ./" > /etc/apt/sources.list.d/heroku.list
# install heroku's release key for package verification
curl https://cli-assets.heroku.com/channels/stable/apt/release.key | apt-key add -
# install heroku
apt-get update -y && apt-get install -y heroku
# remove heroku's apt repository
rm /etc/apt/sources.list.d/heroku.list
invoke_tests "Tools" "Heroku"

12
images/ubuntu/scripts/build/hhvm.sh Normal file
View File

@@ -0,0 +1,12 @@
#!/bin/bash -e
################################################################################
## File: hhvm.sh
## Desc: Installs hhvm
################################################################################
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xB4112585D386EB94
add-apt-repository https://dl.hhvm.com/ubuntu
apt-get update
apt-get -qq install -y hhvm
invoke_tests "Tools" "HHVM"

31
images/ubuntu/scripts/build/homebrew.sh Normal file
View File

@@ -0,0 +1,31 @@
#!/bin/bash -e
################################################################################
## File: homebrew.sh
## Desc: Installs the Homebrew on Linux
## Caveat: Brew MUST NOT be used to install any tool during the image build to avoid dependencies, which may come along with the tool
################################################################################
# Source the helpers
source $HELPER_SCRIPTS/etc-environment.sh
source $HELPER_SCRIPTS/install.sh
# Install the Homebrew on Linux
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
# Invoke shellenv to make brew available during runnig session
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
setEtcEnvironmentVariable HOMEBREW_NO_AUTO_UPDATE 1
setEtcEnvironmentVariable HOMEBREW_CLEANUP_PERIODIC_FULL_DAYS 3650
# Validate the installation ad hoc
echo "Validate the installation reloading /etc/environment"
reloadEtcEnvironment
gfortran=$(brew --prefix)/bin/gfortran
# Remove gfortran symlink, not to conflict with system gfortran
if [[ -e $gfortran ]]; then
rm $gfortran
fi
invoke_tests "Tools" "Homebrew"

125
images/ubuntu/scripts/build/java-tools.sh Normal file
View File

@@ -0,0 +1,125 @@
#!/bin/bash -e
################################################################################
## File: java-tools.sh
## Desc: Installs Java and related tooling (Ant, Gradle, Maven)
################################################################################
source $HELPER_SCRIPTS/install.sh
source $HELPER_SCRIPTS/os.sh
source $HELPER_SCRIPTS/etc-environment.sh
createJavaEnvironmentalVariable() {
local JAVA_VERSION=$1
local DEFAULT=$2
local INSTALL_PATH_PATTERN="/usr/lib/jvm/temurin-${JAVA_VERSION}-jdk-amd64"
if [[ ${DEFAULT} == "True" ]]; then
echo "Setting up JAVA_HOME variable to ${INSTALL_PATH_PATTERN}"
addEtcEnvironmentVariable JAVA_HOME ${INSTALL_PATH_PATTERN}
echo "Setting up default symlink"
update-java-alternatives -s ${INSTALL_PATH_PATTERN}
fi
echo "Setting up JAVA_HOME_${JAVA_VERSION}_X64 variable to ${INSTALL_PATH_PATTERN}"
addEtcEnvironmentVariable JAVA_HOME_${JAVA_VERSION}_X64 ${INSTALL_PATH_PATTERN}
}
enableRepositories() {
osLabel=$(getOSVersionLabel)
# Add Addoptium PPA
# apt-key is deprecated, dearmor and add manually
wget -qO - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor > /usr/share/keyrings/adoptium.gpg
echo "deb [signed-by=/usr/share/keyrings/adoptium.gpg] https://packages.adoptium.net/artifactory/deb/ $osLabel main" > /etc/apt/sources.list.d/adoptium.list
}
installOpenJDK() {
local JAVA_VERSION=$1
# Install Java from PPA repositories.
apt-get -y install temurin-${JAVA_VERSION}-jdk=\*
javaVersionPath="/usr/lib/jvm/temurin-${JAVA_VERSION}-jdk-amd64"
JAVA_TOOLCACHE_PATH="${AGENT_TOOLSDIRECTORY}/Java_Temurin-Hotspot_jdk"
fullJavaVersion=$(cat "${javaVersionPath}/release" | grep "^SEMANTIC" | cut -d "=" -f 2 | tr -d "\"" | tr "+" "-")
# If there is no semver in java release, then extract java version from -fullversion
[[ -z ${fullJavaVersion} ]] && fullJavaVersion=$(${javaVersionPath}/bin/java -fullversion 2>&1 | tr -d "\"" | tr "+" "-" | awk '{print $4}')
# Convert non valid semver like 11.0.14.1-9 -> 11.0.14-9
# https://github.com/adoptium/temurin-build/issues/2248
[[ ${fullJavaVersion} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ ]] && fullJavaVersion=$(echo $fullJavaVersion | sed -E 's/\.[0-9]+-/-/')
# When version string is too short, add extra ".0" to make it valid semver
[[ ${fullJavaVersion} =~ ^[0-9]+- ]] && fullJavaVersion=$(echo $fullJavaVersion | sed -E 's/-/.0-/')
[[ ${fullJavaVersion} =~ ^[0-9]+\.[0-9]+- ]] && fullJavaVersion=$(echo $fullJavaVersion | sed -E 's/-/.0-/')
javaToolcacheVersionPath="${JAVA_TOOLCACHE_PATH}/${fullJavaVersion}"
echo "Java ${JAVA_VERSION} Toolcache Version Path: ${javaToolcacheVersionPath}"
mkdir -p "${javaToolcacheVersionPath}"
# Create a complete file
touch "${javaToolcacheVersionPath}/x64.complete"
# Create symlink for Java
ln -s ${javaVersionPath} "${javaToolcacheVersionPath}/x64"
# add extra permissions to be able execute command without sudo
chmod -R 777 /usr/lib/jvm
}
# Fetch repositories data
enableRepositories
# Get all the updates from enabled repositories.
apt-get update
defaultVersion=$(get_toolset_value '.java.default')
jdkVersionsToInstall=($(get_toolset_value ".java.versions[]"))
for jdkVersionToInstall in ${jdkVersionsToInstall[@]}; do
installOpenJDK ${jdkVersionToInstall}
if [[ ${jdkVersionToInstall} == ${defaultVersion} ]]
then
createJavaEnvironmentalVariable ${jdkVersionToInstall} True
else
createJavaEnvironmentalVariable ${jdkVersionToInstall} False
fi
done
# Install Ant
apt-get install -y --no-install-recommends ant ant-optional
echo "ANT_HOME=/usr/share/ant" | tee -a /etc/environment
# Install Maven
mavenVersion=$(get_toolset_value '.java.maven')
mavenDownloadUrl="https://dlcdn.apache.org/maven/maven-3/${mavenVersion}/binaries/apache-maven-${mavenVersion}-bin.zip"
download_with_retries ${mavenDownloadUrl} "/tmp" "maven.zip"
unzip -qq -d /usr/share /tmp/maven.zip
ln -s /usr/share/apache-maven-${mavenVersion}/bin/mvn /usr/bin/mvn
# Install Gradle
# This script founds the latest gradle release from https://services.gradle.org/versions/all
# The release is downloaded, extracted, a symlink is created that points to it, and GRADLE_HOME is set.
gradleJson=$(curl -fsSL https://services.gradle.org/versions/all)
gradleLatestVersion=$(echo ${gradleJson} | jq -r '.[] | select(.version | contains("-") | not).version' | sort -V | tail -n1)
gradleDownloadUrl=$(echo ${gradleJson} | jq -r ".[] | select(.version==\"$gradleLatestVersion\") | .downloadUrl")
echo "gradleUrl=${gradleDownloadUrl}"
echo "gradleVersion=${gradleLatestVersion}"
download_with_retries ${gradleDownloadUrl} "/tmp" "gradleLatest.zip"
unzip -qq -d /usr/share /tmp/gradleLatest.zip
ln -s /usr/share/gradle-"${gradleLatestVersion}"/bin/gradle /usr/bin/gradle
echo "GRADLE_HOME=$(find /usr/share -depth -maxdepth 1 -name "gradle*")" | tee -a /etc/environment
# Delete java repositories and keys
rm -f /etc/apt/sources.list.d/adoptium.list
rm -f /etc/apt/sources.list.d/zulu.list
rm -f /usr/share/keyrings/adoptium.gpg
rm -f /usr/share/keyrings/zulu.gpg
reloadEtcEnvironment
invoke_tests "Java"

27
images/ubuntu/scripts/build/julia.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/bin/bash -e
################################################################################
## File: julia.sh
## Desc: Installs Julia, and adds Julia to the path
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
# get the latest julia version
json=$(curl -fsSL "https://julialang-s3.julialang.org/bin/versions.json")
julia_version=$(echo $json | jq -r '.[].files[] | select(.triplet=="x86_64-linux-gnu" and (.version | contains("-") | not)).version' | sort -V | tail -n1)
# download julia archive
julia_tar_url=$(echo $json | jq -r ".[].files[].url | select(endswith(\"julia-${julia_version}-linux-x86_64.tar.gz\"))")
julia_tar_name="julia-${julia_version}-linux-x86_64.tar.gz"
download_with_retries $julia_tar_url "/tmp" "${julia_tar_name}"
# extract files and make symlink
julia_tar_tmp="/tmp/${julia_tar_name}"
julia_installation_path="/usr/local/julia${julia_version}"
mkdir -p "${julia_installation_path}"
tar -C "${julia_installation_path}" -xzf "${julia_tar_tmp}" --strip-components=1
ln -s "${julia_installation_path}/bin/julia" /usr/bin/julia
rm "${julia_tar_tmp}"
invoke_tests "Tools" "Julia"

23
images/ubuntu/scripts/build/kotlin.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/bash -e
################################################################################
## File: kotlin.sh
## Desc: Installs Kotlin
## Supply chain security: Kotlin - checksum validation
################################################################################
source $HELPER_SCRIPTS/install.sh
KOTLIN_ROOT="/usr/share"
kotlin_zip_name="kotlin-compiler.zip"
download_url=$(get_github_package_download_url "JetBrains/kotlin" "contains(\"kotlin-compiler\")")
download_with_retries "$download_url" "/tmp" "$kotlin_zip_name"
# Supply chain security - Kotlin
kotlin_hash=$(get_github_package_hash "JetBrains" "kotlin" "kotlin-compiler-.*\.zip" "" "latest" "false" "|" 3)
use_checksum_comparison "/tmp/${kotlin_zip_name}" "$kotlin_hash"
unzip -qq /tmp/${kotlin_zip_name} -d $KOTLIN_ROOT
rm $KOTLIN_ROOT/kotlinc/bin/*.bat
ln -sf $KOTLIN_ROOT/kotlinc/bin/* /usr/bin
invoke_tests "Tools" "Kotlin"

43
images/ubuntu/scripts/build/kubernetes-tools.sh Normal file
View File

@@ -0,0 +1,43 @@
#!/bin/bash -e
################################################################################
## File: kubernetes-tools.sh
## Desc: Installs kubectl, helm, kustomize
## Supply chain security: KIND, minikube - checksum validation
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
# Download KIND
kind_url=$(get_github_package_download_url "kubernetes-sigs/kind" "contains(\"kind-linux-amd64\")")
curl -fsSL -o /tmp/kind "${kind_url}"
# Supply chain security - KIND
kind_external_hash=$(get_hash_from_remote_file "${kind_url}.sha256sum" "kind-linux-amd64")
use_checksum_comparison "/tmp/kind" "${kind_external_hash}"
# Install KIND
sudo install /tmp/kind /usr/local/bin/kind
## Install kubectl
KUBECTL_MINOR_VERSION=$(curl -fsSL "https://dl.k8s.io/release/stable.txt" | cut -d'.' -f1,2 )
curl -fsSL https://pkgs.k8s.io/core:/stable:/$KUBECTL_MINOR_VERSION/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/'$KUBECTL_MINOR_VERSION'/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update -y && sudo apt-get install -y kubectl
rm -f /etc/apt/sources.list.d/kubernetes.list
# Install Helm
curl -fsSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
# Download minikube
curl -fsSL -O https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
# Supply chain security - minikube
minikube_hash=$(get_github_package_hash "kubernetes" "minikube" "linux-amd64" "" "latest" "false" ":" 2)
use_checksum_comparison "minikube-linux-amd64" "${minikube_hash}"
# Install minikube
sudo install minikube-linux-amd64 /usr/local/bin/minikube
# Install kustomize
download_url="https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
curl -fsSL "$download_url" | bash
mv kustomize /usr/local/bin
invoke_tests "Tools" "Kubernetes tools"

19
images/ubuntu/scripts/build/leiningen.sh Normal file
View File

@@ -0,0 +1,19 @@
#!/bin/bash -e
################################################################################
## File: leiningen.sh
## Desc: Installs Leiningen
################################################################################
LEIN_BIN=/usr/local/bin/lein
curl -fsSL https://raw.githubusercontent.com/technomancy/leiningen/stable/bin/lein > $LEIN_BIN
chmod 0755 $LEIN_BIN
# Run lein to trigger self-install
export LEIN_HOME=/usr/local/lib/lein
lein
LEIN_JAR=$(find $LEIN_HOME -name "leiningen-*-standalone.jar")
echo "LEIN_JAR=$LEIN_JAR" | tee -a /etc/environment
echo "LEIN_HOME=$LEIN_HOME" | tee -a /etc/environment
invoke_tests "Tools" "Leiningen"

14
images/ubuntu/scripts/build/limits.sh Normal file
View File

@@ -0,0 +1,14 @@
#!/bin/bash -e
echo 'session required pam_limits.so' >> /etc/pam.d/common-session
echo 'session required pam_limits.so' >> /etc/pam.d/common-session-noninteractive
echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf
echo 'DefaultLimitSTACK=16M:infinity' >> /etc/systemd/system.conf
# Raise Number of File Descriptors
echo '* soft nofile 65536' >> /etc/security/limits.conf
echo '* hard nofile 65536' >> /etc/security/limits.conf
# Double stack size from default 8192KB
echo '* soft stack 16384' >> /etc/security/limits.conf
echo '* hard stack 16384' >> /etc/security/limits.conf

49
images/ubuntu/scripts/build/microsoft-edge.sh Normal file
View File

@@ -0,0 +1,49 @@
#!/bin/bash -e
################################################################################
## File: microsoft-edge.sh
## Desc: Installs Microsoft Edge
################################################################################
source $HELPER_SCRIPTS/install.sh
REPO_URL="https://packages.microsoft.com/repos/edge"
gpg_key="/usr/share/keyrings/microsoft-edge.gpg"
repo_path="/etc/apt/sources.list.d/microsoft-edge.list"
wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > $gpg_key
# Specify an arch as Microsoft repository supports armhf and arm64 as well
echo "deb [arch=amd64 signed-by=$gpg_key] $REPO_URL stable main" > $repo_path
apt-get update
apt-get install --no-install-recommends microsoft-edge-stable
rm $gpg_key
rm $repo_path
echo "microsoft-edge $REPO_URL" >> $HELPER_SCRIPTS/apt-sources.txt
# Install Microsoft Edge Webdriver
EDGEDRIVER_DIR="/usr/local/share/edge_driver"
EDGEDRIVER_BIN="$EDGEDRIVER_DIR/msedgedriver"
mkdir -p $EDGEDRIVER_DIR
EDGE_VERSION=$(microsoft-edge --version | cut -d' ' -f 3)
EDGE_VERSION_MAJOR=$(echo $EDGE_VERSION | cut -d'.' -f 1)
EDGE_DRIVER_VERSION_URL="https://msedgedriver.azureedge.net/LATEST_RELEASE_${EDGE_VERSION_MAJOR}_LINUX"
# Convert a resulting file to normal UTF-8
EDGE_DRIVER_LATEST_VERSION=$(curl -fsSL "$EDGE_DRIVER_VERSION_URL" | iconv -f utf-16 -t utf-8 | tr -d '\r')
EDGEDRIVER_URL="https://msedgedriver.azureedge.net/${EDGE_DRIVER_LATEST_VERSION}/edgedriver_linux64.zip"
download_with_retries $EDGEDRIVER_URL "/tmp" "edgedriver_linux64.zip"
unzip -qq /tmp/edgedriver_linux64.zip -d $EDGEDRIVER_DIR
chmod +x $EDGEDRIVER_BIN
ln -s $EDGEDRIVER_BIN /usr/bin
echo "EDGEWEBDRIVER=$EDGEDRIVER_DIR" | tee -a /etc/environment
invoke_tests "Browsers" "Edge"

18
images/ubuntu/scripts/build/miniconda.sh Normal file
View File

@@ -0,0 +1,18 @@
#!/bin/bash -e
################################################################################
## File: miniconda.sh
## Desc: Installs miniconda
################################################################################
# Install Miniconda
curl -fsSL https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh -o miniconda.sh \
&& chmod +x miniconda.sh \
&& ./miniconda.sh -b -p /usr/share/miniconda \
&& rm miniconda.sh
CONDA=/usr/share/miniconda
echo "CONDA=$CONDA" | tee -a /etc/environment
ln -s $CONDA/bin/conda /usr/bin/conda
invoke_tests "Tools" "Conda"

26
images/ubuntu/scripts/build/mongodb.sh Normal file
View File

@@ -0,0 +1,26 @@
#!/bin/bash -e
################################################################################
## File: mongodb.sh
## Desc: Installs Mongo DB
################################################################################
# Source the helpers
source $HELPER_SCRIPTS/os.sh
source $HELPER_SCRIPTS/install.sh
REPO_URL="https://repo.mongodb.org/apt/ubuntu"
osLabel=$(getOSVersionLabel)
toolsetVersion=$(get_toolset_value '.mongodb.version')
# Install Mongo DB
wget -qO - https://www.mongodb.org/static/pgp/server-$toolsetVersion.asc | sudo apt-key add -
echo "deb [ arch=amd64,arm64 ] $REPO_URL $osLabel/mongodb-org/$toolsetVersion multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-$toolsetVersion.list
sudo apt-get update
sudo apt-get install -y mongodb-org
rm /etc/apt/sources.list.d/mongodb-org-$toolsetVersion.list
echo "mongodb $REPO_URL" >> $HELPER_SCRIPTS/apt-sources.txt
invoke_tests "Databases" "MongoDB"

28
images/ubuntu/scripts/build/mono.sh Normal file
View File

@@ -0,0 +1,28 @@
#!/bin/bash -e
################################################################################
## File: mono.sh
## Desc: Installs Mono
################################################################################
source $HELPER_SCRIPTS/os.sh
LSB_CODENAME=$(lsb_release -cs)
# There are no packages for Ubuntu 22 in the repo, but developers confirmed that packages from Ubuntu 20 should work
if isUbuntu22; then
LSB_CODENAME="focal"
fi
# Test to see if the software in question is already installed, if not install it
# wget "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF" -O out && sudo apt-key add out && rm out
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
echo "deb https://download.mono-project.com/repo/ubuntu stable-$LSB_CODENAME main" | tee /etc/apt/sources.list.d/mono-official-stable.list
apt-get update
apt-get install -y --no-install-recommends apt-transport-https mono-complete nuget
rm /etc/apt/sources.list.d/mono-official-stable.list
rm -f /etc/apt/sources.list.d/mono-official-stable.list.save
echo "mono https://download.mono-project.com/repo/ubuntu stable-$LSB_CODENAME main" >> $HELPER_SCRIPTS/apt-sources.txt
invoke_tests "Tools" "Mono"

14
images/ubuntu/scripts/build/mssql-cmd-tools.sh Normal file
View File

@@ -0,0 +1,14 @@
#!/bin/bash -e
################################################################################
## File: mssql-cmd-tools.sh
## Desc: Install MS SQL Server client tools (https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-setup-tools?view=sql-server-2017)
################################################################################
export ACCEPT_EULA=Y
apt-get update
apt-get install -y mssql-tools unixodbc-dev
apt-get -f install
ln -s /opt/mssql-tools/bin/* /usr/local/bin/
invoke_tests "Tools" "MSSQLCommandLineTools"

29
images/ubuntu/scripts/build/mysql.sh Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/bash -e
################################################################################
## File: mysql.sh
## Desc: Installs MySQL Client
################################################################################
source $HELPER_SCRIPTS/os.sh
# Mysql setting up root password
MYSQL_ROOT_PASSWORD=root
echo "mysql-server mysql-server/root_password password $MYSQL_ROOT_PASSWORD" | debconf-set-selections
echo "mysql-server mysql-server/root_password_again password $MYSQL_ROOT_PASSWORD" | debconf-set-selections
export ACCEPT_EULA=Y
# Install MySQL Client
apt-get install mysql-client -y
# Install MySQL Server
apt-get install -y mysql-server
#Install MySQL Dev tools
apt install libmysqlclient-dev -y
# Disable mysql.service
systemctl is-active --quiet mysql.service && systemctl stop mysql.service
systemctl disable mysql.service
invoke_tests "Databases" "MySQL"

14
images/ubuntu/scripts/build/nginx.sh Normal file
View File

@@ -0,0 +1,14 @@
#!/bin/bash -e
################################################################################
## File: nginx.sh
## Desc: Installs Nginx
################################################################################
# Install Nginx
apt-get install nginx -y
# Disable nginx.service
systemctl is-active --quiet nginx.service && systemctl stop nginx.service
systemctl disable nginx.service
invoke_tests "WebServers" "Nginx"

29
images/ubuntu/scripts/build/nodejs.sh Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/bash -e
################################################################################
## File: nodejs.sh
## Desc: Installs Node.js LTS and related tooling (Gulp, Grunt)
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
# Install default Node.js
defaultVersion=$(get_toolset_value '.node.default')
curl -fsSL https://raw.githubusercontent.com/tj/n/master/bin/n -o ~/n
bash ~/n $defaultVersion
# Install node modules
node_modules=$(get_toolset_value '.node_modules[].name')
npm install -g $node_modules
echo "Creating the symlink for [now] command to vercel CLI"
ln -s /usr/local/bin/vercel /usr/local/bin/now
# fix global modules installation as regular user
# related issue https://github.com/actions/runner-images/issues/3727
sudo chmod -R 777 /usr/local/lib/node_modules
sudo chmod -R 777 /usr/local/bin
rm -rf ~/n
invoke_tests "Node" "Node.js"

18
images/ubuntu/scripts/build/nvm.sh Normal file
View File

@@ -0,0 +1,18 @@
#!/bin/bash -e
################################################################################
## File: nvm.sh
## Desc: Installs Nvm
################################################################################
export NVM_DIR="/etc/skel/.nvm"
mkdir $NVM_DIR
VERSION=$(curl -fsSL https://api.github.com/repos/nvm-sh/nvm/releases/latest | jq -r '.tag_name')
curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/$VERSION/install.sh | bash
echo 'NVM_DIR=$HOME/.nvm' | tee -a /etc/environment
echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm' | tee -a /etc/skel/.bash_profile
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
invoke_tests "Tools" "nvm"
# set system node.js as default one
nvm alias default system

15
images/ubuntu/scripts/build/oc.sh Normal file
View File

@@ -0,0 +1,15 @@
#!/bin/bash -e
################################################################################
## File: oc.sh
## Desc: Installs the OC CLI
################################################################################
source $HELPER_SCRIPTS/install.sh
# Install the oc CLI
DOWNLOAD_URL="https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz"
PACKAGE_TAR_NAME="oc.tar.gz"
download_with_retries $DOWNLOAD_URL "/tmp" $PACKAGE_TAR_NAME
tar xzf "/tmp/$PACKAGE_TAR_NAME" -C "/usr/local/bin" oc
invoke_tests "CLI.Tools" "OC CLI"

23
images/ubuntu/scripts/build/oras-cli.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/bash -e
################################################################################
## File: oras-cli.sh
## Desc: Installs ORAS CLI
## Supply chain security: ORAS CLI - checksum validation
################################################################################
source $HELPER_SCRIPTS/install.sh
# Determine latest ORAS CLI version
URL=$(get_github_package_download_url "oras-project/oras" "endswith(\"linux_amd64.tar.gz\")")
archive_name=$(basename "${URL}")
# Download ORAS CLI
download_with_retries "${URL}" "/tmp" "${archive_name}"
# Supply chain security - ORAS CLI
hash_url=$(get_github_package_download_url "oras-project/oras" "contains(\"checksums.txt\")")
external_hash=$(get_hash_from_remote_file "${hash_url}" "linux_amd64.tar.gz")
use_checksum_comparison "/tmp/${archive_name}" "${external_hash}"
# Unzip ORAS CLI
tar xzf "/tmp/${archive_name}" -C /usr/local/bin oras
invoke_tests "CLI.Tools" "Oras CLI"

16
images/ubuntu/scripts/build/packer.sh Normal file
View File

@@ -0,0 +1,16 @@
#!/bin/bash -e
################################################################################
## File: packer.sh
## Desc: Installs packer
################################################################################
source $HELPER_SCRIPTS/install.sh
# Install Packer
URL=$(curl -fsSL https://api.releases.hashicorp.com/v1/releases/packer/latest | jq -r '.builds[] | select((.arch=="amd64") and (.os=="linux")).url')
ZIP_NAME="packer_linux_amd64.zip"
download_with_retries "${URL}" "/tmp" "${ZIP_NAME}"
unzip -qq "/tmp/${ZIP_NAME}" -d /usr/local/bin
rm -f "/tmp/${ZIP_NAME}"
invoke_tests "Tools" "Packer"

17
images/ubuntu/scripts/build/phantomjs.sh Normal file
View File

@@ -0,0 +1,17 @@
#!/bin/bash -e
################################################################################
## File: phantomjs.sh
## Desc: Installs PhantomJS
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
# Install PhantomJS
apt-get install -y chrpath libssl-dev libxft-dev libfreetype6 libfreetype6-dev libfontconfig1 libfontconfig1-dev
PHANTOM_JS=phantomjs-2.1.1-linux-x86_64
download_with_retries https://bitbucket.org/ariya/phantomjs/downloads/$PHANTOM_JS.tar.bz2 "/tmp"
tar xjf /tmp/$PHANTOM_JS.tar.bz2 -C /usr/local/share
ln -sf /usr/local/share/$PHANTOM_JS/bin/phantomjs /usr/local/bin
invoke_tests "Tools" "Phantomjs"

114
images/ubuntu/scripts/build/php.sh Normal file
View File

@@ -0,0 +1,114 @@
#!/bin/bash -e
################################################################################
## File: php.sh
## Desc: Installs php
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/etc-environment.sh
source $HELPER_SCRIPTS/os.sh
source $HELPER_SCRIPTS/install.sh
# add repository for old Ubuntu images
# details in thread: https://github.com/actions/runner-images/issues/6331
if isUbuntu20; then
apt-add-repository ppa:ondrej/php -y
apt-get update
fi
# Install PHP
php_versions=$(get_toolset_value '.php.versions[]')
for version in $php_versions; do
echo "Installing PHP $version"
apt-get install -y --no-install-recommends \
php$version \
php$version-amqp \
php$version-apcu \
php$version-bcmath \
php$version-bz2 \
php$version-cgi \
php$version-cli \
php$version-common \
php$version-curl \
php$version-dba \
php$version-dev \
php$version-enchant \
php$version-fpm \
php$version-gd \
php$version-gmp \
php$version-igbinary \
php$version-imagick \
php$version-imap \
php$version-interbase \
php$version-intl \
php$version-ldap \
php$version-mbstring \
php$version-memcache \
php$version-memcached \
php$version-mongodb \
php$version-mysql \
php$version-odbc \
php$version-opcache \
php$version-pgsql \
php$version-phpdbg \
php$version-pspell \
php$version-readline \
php$version-redis \
php$version-snmp \
php$version-soap \
php$version-sqlite3 \
php$version-sybase \
php$version-tidy \
php$version-xdebug \
php$version-xml \
php$version-xsl \
php$version-yaml \
php$version-zip \
php$version-zmq
apt-get install -y --no-install-recommends php$version-pcov
# Disable PCOV, as Xdebug is enabled by default
# https://github.com/krakjoe/pcov#interoperability
phpdismod -v $version pcov
if [[ $version == "7.2" || $version == "7.3" ]]; then
apt-get install -y --no-install-recommends php$version-recode
fi
if [[ $version != "8.0" && $version != "8.1" && $version != "8.2" ]]; then
apt-get install -y --no-install-recommends php$version-xmlrpc php$version-json
fi
done
apt-get install -y --no-install-recommends php-pear
apt-get install -y --no-install-recommends snmp
# Install composer
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === file_get_contents('https://composer.github.io/installer.sig')) { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
sudo mv composer.phar /usr/bin/composer
php -r "unlink('composer-setup.php');"
# Add composer bin folder to path
prependEtcEnvironmentPath '$HOME/.config/composer/vendor/bin'
#Create composer folder for user to preserve folder permissions
mkdir -p /etc/skel/.composer
# Install phpunit (for PHP)
wget -q -O phpunit https://phar.phpunit.de/phpunit-8.phar
chmod +x phpunit
mv phpunit /usr/local/bin/phpunit
# ubuntu 20.04 libzip-dev is libzip5 based and is not compatible libzip-dev of ppa:ondrej/php
# see https://github.com/actions/runner-images/issues/1084
if isUbuntu20; then
rm /etc/apt/sources.list.d/ondrej-*.list
apt-get update
fi
invoke_tests "Common" "PHP"

31
images/ubuntu/scripts/build/pipx-packages.sh Normal file
View File

@@ -0,0 +1,31 @@
#!/bin/bash -e
################################################################################
## File: pipx-packages.sh
## Desc: Install tools via pipx
################################################################################
source $HELPER_SCRIPTS/install.sh
export PATH="$PATH:/opt/pipx_bin"
pipx_packages=$(get_toolset_value ".pipx[] .package")
for package in $pipx_packages; do
python_version=$(get_toolset_value ".pipx[] | select(.package == \"$package\") .python")
if [ "$python_version" != "null" ]; then
python_path="/opt/hostedtoolcache/Python/$python_version*/x64/bin/python$python_version"
echo "Install $package into python $python_path"
pipx install $package --python $python_path
else
echo "Install $package into default python"
pipx install $package
# https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
# Install ansible into an existing ansible-core Virtual Environment
if [[ $package == "ansible-core" ]]; then
pipx inject $package ansible
fi
fi
done
invoke_tests "Common" "PipxPackages"

31
images/ubuntu/scripts/build/post-deployment.sh Normal file
View File

@@ -0,0 +1,31 @@
#!/bin/bash -e
################################################################################
## File: post-deployment.sh
## Desc: Post deployment actions
################################################################################
mv -f /imagegeneration/post-generation /opt
echo "chmod -R 777 /opt"
chmod -R 777 /opt
echo "chmod -R 777 /usr/share"
chmod -R 777 /usr/share
chmod 755 $IMAGE_FOLDER
# Remove quotes around PATH
ENVPATH=$(grep 'PATH=' /etc/environment | head -n 1 | sed -z 's/^PATH=*//')
ENVPATH=${ENVPATH#"\""}
ENVPATH=${ENVPATH%"\""}
echo "PATH=$ENVPATH" | sudo tee -a /etc/environment
echo "Updated /etc/environment: $(cat /etc/environment)"
# Clean yarn and npm cache
if yarn --version > /dev/null
then
yarn cache clean
fi
if npm --version
then
npm cache clean --force
fi

37
images/ubuntu/scripts/build/postgresql.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/bash -e
################################################################################
## File: postgresql.sh
## Desc: Installs PostgreSQL
################################################################################
# Source the helpers
source $HELPER_SCRIPTS/os.sh
source $HELPER_SCRIPTS/install.sh
REPO_URL="https://apt.postgresql.org/pub/repos/apt/"
# Preparing repo for PostgreSQL
wget -qO - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor > /usr/share/keyrings/postgresql.gpg
echo "deb [signed-by=/usr/share/keyrings/postgresql.gpg] $REPO_URL $(getOSVersionLabel)-pgdg main" > /etc/apt/sources.list.d/pgdg.list
# Fetch PostgreSQL version to install from the toolset
toolsetVersion=$(get_toolset_value '.postgresql.version')
# Install PostgreSQL
echo "Install PostgreSQL"
apt update
apt install postgresql-$toolsetVersion
echo "Install libpq-dev"
apt-get install libpq-dev
# Disable postgresql.service
systemctl is-active --quiet postgresql.service && systemctl stop postgresql.service
systemctl disable postgresql.service
rm /etc/apt/sources.list.d/pgdg.list
rm /usr/share/keyrings/postgresql.gpg
echo "postgresql $REPO_URL" >> $HELPER_SCRIPTS/apt-sources.txt
invoke_tests "Databases" "PostgreSQL"

12
images/ubuntu/scripts/build/powershellcore.sh Normal file
View File

@@ -0,0 +1,12 @@
#!/bin/bash -e
################################################################################
## File: powershellcore.sh
## Desc: Installs powershellcore
################################################################################
source $HELPER_SCRIPTS/install.sh
pwshversion=$(get_toolset_value .pwsh.version)
# Install Powershell
apt-get install -y powershell=$pwshversion*

28
images/ubuntu/scripts/build/preimagedata.sh Normal file
View File

@@ -0,0 +1,28 @@
#!/bin/bash -e
imagedata_file=$IMAGEDATA_FILE
image_version=$IMAGE_VERSION
image_version_major=${image_version/.*/}
image_version_minor=$(echo $image_version | cut -d "." -f 2)
os_name=$(lsb_release -ds | sed "s/ /\\\n/g")
os_version=$(lsb_release -rs)
image_label="ubuntu-${os_version}"
version_major=${os_version/.*/}
version_wo_dot=${os_version/./}
github_url="https://github.com/actions/runner-images/blob"
software_url="${github_url}/ubuntu${version_major}/${image_version_major}.${image_version_minor}/images/ubuntu/Ubuntu${version_wo_dot}-Readme.md"
releaseUrl="https://github.com/actions/runner-images/releases/tag/ubuntu${version_major}%2F${image_version_major}.${image_version_minor}"
cat <<EOF > $imagedata_file
[
{
"group": "Operating System",
"detail": "${os_name}"
},
{
"group": "Runner Image",
"detail": "Image: ${image_label}\nVersion: ${image_version}\nIncluded Software: ${software_url}\nImage Release: ${releaseUrl}"
}
]
EOF

21
images/ubuntu/scripts/build/pulumi.sh Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/bash -e
################################################################################
## File: pulumi.sh
## Desc: Installs Pulumi
## Supply chain security: Pulumi - checksum validation
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
# Dowload Pulumi
version=$(curl -fsSL "https://www.pulumi.com/latest-version")
URL="https://get.pulumi.com/releases/sdk/pulumi-v${version}-linux-x64.tar.gz"
download_with_retries "${URL}" "/tmp" "pulumi-v${version}.tar.gz"
# Supply chain security - Pulumi
external_hash=$(get_hash_from_remote_file "https://github.com/pulumi/pulumi/releases/download/v${version}/SHA512SUMS" "linux-x64.tar.gz")
use_checksum_comparison "/tmp/pulumi-v${version}.tar.gz" "${external_hash}" "512"
# Unzipping Pulumi
tar --strip=1 -xf "/tmp/pulumi-v${version}.tar.gz" -C /usr/local/bin
invoke_tests "Tools" "Pulumi"

93
images/ubuntu/scripts/build/pypy.sh Normal file
View File

@@ -0,0 +1,93 @@
#!/bin/bash -e
################################################################################
## File: pypy.sh
## Desc: Installs PyPy
################################################################################
source $HELPER_SCRIPTS/install.sh
# This function installs PyPy using the specified arguments:
# $1=PACKAGE_URL
function InstallPyPy
{
PACKAGE_URL=$1
PACKAGE_TAR_NAME=$(echo $PACKAGE_URL | awk -F/ '{print $NF}')
echo "Downloading tar archive '$PACKAGE_TAR_NAME'"
PACKAGE_TAR_TEMP_PATH="/tmp/$PACKAGE_TAR_NAME"
download_with_retries $PACKAGE_URL "/tmp" $PACKAGE_TAR_NAME
echo "Expand '$PACKAGE_TAR_NAME' to the /tmp folder"
tar xf $PACKAGE_TAR_TEMP_PATH -C /tmp
# Get Python version
PACKAGE_NAME=${PACKAGE_TAR_NAME/.tar.bz2/}
MAJOR_VERSION=$(echo ${PACKAGE_NAME/pypy/} | cut -d. -f1)
PYTHON_MAJOR="python$MAJOR_VERSION"
if [ $MAJOR_VERSION != 2 ]; then
PYPY_MAJOR="pypy$MAJOR_VERSION"
else
PYPY_MAJOR="pypy"
fi
PACKAGE_TEMP_FOLDER="/tmp/$PACKAGE_NAME"
PYTHON_FULL_VERSION=$("$PACKAGE_TEMP_FOLDER/bin/$PYPY_MAJOR" -c "import sys;print('{}.{}.{}'.format(sys.version_info[0],sys.version_info[1],sys.version_info[2]))")
PYPY_FULL_VERSION=$("$PACKAGE_TEMP_FOLDER/bin/$PYPY_MAJOR" -c "import sys;print('{}.{}.{}'.format(*sys.pypy_version_info[0:3]))")
echo "Put '$PYPY_FULL_VERSION' to PYPY_VERSION file"
echo $PYPY_FULL_VERSION > "$PACKAGE_TEMP_FOLDER/PYPY_VERSION"
# PyPy folder structure
PYPY_TOOLCACHE_PATH=$AGENT_TOOLSDIRECTORY/PyPy
PYPY_TOOLCACHE_VERSION_PATH=$PYPY_TOOLCACHE_PATH/$PYTHON_FULL_VERSION
PYPY_TOOLCACHE_VERSION_ARCH_PATH=$PYPY_TOOLCACHE_VERSION_PATH/x64
echo "Check if PyPy hostedtoolcache folder exist..."
if [ ! -d $PYPY_TOOLCACHE_PATH ]; then
mkdir -p $PYPY_TOOLCACHE_PATH
fi
echo "Create PyPy '$PYPY_TOOLCACHE_VERSION_PATH' folder"
mkdir $PYPY_TOOLCACHE_VERSION_PATH
echo "Move PyPy '$PACKAGE_TEMP_FOLDER' binaries to '$PYPY_TOOLCACHE_VERSION_ARCH_PATH' folder"
mv $PACKAGE_TEMP_FOLDER $PYPY_TOOLCACHE_VERSION_ARCH_PATH
echo "Create additional symlinks (Required for UsePythonVersion Azure DevOps task)"
cd $PYPY_TOOLCACHE_VERSION_ARCH_PATH/bin
# Starting from PyPy 7.3.4 these links are already included in the package
[ -f ./$PYTHON_MAJOR ] || ln -s $PYPY_MAJOR $PYTHON_MAJOR
[ -f ./python ] || ln -s $PYTHON_MAJOR python
chmod +x ./python ./$PYTHON_MAJOR
echo "Install latest Pip"
./python -m ensurepip
./python -m pip install --ignore-installed pip
echo "Create complete file"
touch $PYPY_TOOLCACHE_VERSION_PATH/x64.complete
echo "Remove '$PACKAGE_TAR_TEMP_PATH'"
rm -f $PACKAGE_TAR_TEMP_PATH
}
# Installation PyPy
pypyVersions=$(curl -fsSL https://downloads.python.org/pypy/versions.json)
toolsetVersions=$(get_toolset_value '.toolcache[] | select(.name | contains("PyPy")) | .versions[]')
for toolsetVersion in $toolsetVersions; do
latestMajorPyPyVersion=$(echo $pypyVersions |
jq -r --arg toolsetVersion $toolsetVersion '.[]
| select((.python_version | startswith($toolsetVersion)) and .stable == true).files[]
| select(.arch == "x64" and .platform == "linux").download_url' | head -1)
if [[ -z "$latestMajorPyPyVersion" ]]; then
echo "Failed to get PyPy version '$toolsetVersion'"
exit 1
fi
InstallPyPy $latestMajorPyPyVersion
done
chown -R "$SUDO_USER:$SUDO_USER" "$AGENT_TOOLSDIRECTORY/PyPy"

34
images/ubuntu/scripts/build/python.sh Normal file
View File

@@ -0,0 +1,34 @@
#!/bin/bash -e
################################################################################
## File: python.sh
## Desc: Installs Python 2/3
################################################################################
set -e
# Source the helpers for use with the script
source $HELPER_SCRIPTS/etc-environment.sh
source $HELPER_SCRIPTS/os.sh
# Install Python, Python 3, pip, pip3
apt-get install -y --no-install-recommends python3 python3-dev python3-pip python3-venv
# Install pipx
# Set pipx custom directory
export PIPX_BIN_DIR=/opt/pipx_bin
export PIPX_HOME=/opt/pipx
python3 -m pip install pipx
python3 -m pipx ensurepath
# Update /etc/environment
setEtcEnvironmentVariable "PIPX_BIN_DIR" $PIPX_BIN_DIR
setEtcEnvironmentVariable "PIPX_HOME" $PIPX_HOME
prependEtcEnvironmentPath $PIPX_BIN_DIR
# Test pipx
if ! command -v pipx; then
echo "pipx was not installed or not found on PATH"
exit 1
fi
# Adding this dir to PATH will make installed pip commands are immediately available.
prependEtcEnvironmentPath '$HOME/.local/bin'
invoke_tests "Tools" "Python"

22
images/ubuntu/scripts/build/r.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash -e
################################################################################
## File: r.sh
## Desc: Installs R
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/os.sh
# install R
osLabel=$(getOSVersionLabel)
wget -qO- https://cloud.r-project.org/bin/linux/ubuntu/marutter_pubkey.asc | gpg --dearmor > /usr/share/keyrings/rlang.gpg
echo "deb [signed-by=/usr/share/keyrings/rlang.gpg] https://cloud.r-project.org/bin/linux/ubuntu $osLabel-cran40/" > /etc/apt/sources.list.d/rlang.list
apt-get update
apt-get install r-base
rm /etc/apt/sources.list.d/rlang.list
rm /usr/share/keyrings/rlang.gpg
invoke_tests "Tools" "R"

8
images/ubuntu/scripts/build/reboot.sh Normal file
View File

@@ -0,0 +1,8 @@
#!/bin/bash -e
################################################################################
## File: reboot.sh
## Desc: Reboot VM
################################################################################
echo "Reboot VM"
sudo reboot

16
images/ubuntu/scripts/build/repos.sh Normal file
View File

@@ -0,0 +1,16 @@
#!/bin/bash -e
################################################################################
## File: repos.sh
## Desc: Installs official Microsoft package repos for the distribution
################################################################################
LSB_RELEASE=$(lsb_release -rs)
# Install Microsoft repository
wget https://packages.microsoft.com/config/ubuntu/$LSB_RELEASE/packages-microsoft-prod.deb
dpkg -i packages-microsoft-prod.deb
# update
apt-get install -y apt-transport-https ca-certificates curl software-properties-common
apt-get -yq update
apt-get -yq dist-upgrade

57
images/ubuntu/scripts/build/ruby.sh Normal file
View File

@@ -0,0 +1,57 @@
#!/bin/bash -e
################################################################################
## File: ruby.sh
## Desc: Installs Ruby requirements and ruby gems
################################################################################
source $HELPER_SCRIPTS/os.sh
source $HELPER_SCRIPTS/install.sh
apt-get install ruby-full
# Install ruby gems from toolset
gemsToInstall=$(get_toolset_value ".rubygems[] .name")
if [ -n "$gemsToInstall" ]; then
for gem in $gemsToInstall; do
echo "Installing gem $gem"
gem install $gem
done
fi
# Install Ruby requirements
apt-get install -y libz-dev openssl libssl-dev
echo "Install Ruby from toolset..."
PACKAGE_TAR_NAMES=$(curl -fsSL "https://api.github.com/repos/ruby/ruby-builder/releases/latest" | jq -r '.assets[].name')
TOOLSET_VERSIONS=$(get_toolset_value '.toolcache[] | select(.name | contains("Ruby")) | .versions[]')
PLATFORM_VERSION=$(get_toolset_value '.toolcache[] | select(.name | contains("Ruby")) | .platform_version')
RUBY_PATH="$AGENT_TOOLSDIRECTORY/Ruby"
echo "Check if Ruby hostedtoolcache folder exist..."
if [ ! -d $RUBY_PATH ]; then
mkdir -p $RUBY_PATH
fi
for TOOLSET_VERSION in ${TOOLSET_VERSIONS[@]}; do
PACKAGE_TAR_NAME=$(echo "$PACKAGE_TAR_NAMES" | grep "^ruby-${TOOLSET_VERSION}-ubuntu-${PLATFORM_VERSION}.tar.gz$" | sort -V | tail -1)
RUBY_VERSION=$(echo "$PACKAGE_TAR_NAME" | cut -d'-' -f 2)
RUBY_VERSION_PATH="$RUBY_PATH/$RUBY_VERSION"
echo "Create Ruby $RUBY_VERSION directory..."
mkdir -p $RUBY_VERSION_PATH
echo "Downloading tar archive $PACKAGE_TAR_NAME"
DOWNLOAD_URL="https://github.com/ruby/ruby-builder/releases/download/toolcache/${PACKAGE_TAR_NAME}"
download_with_retries $DOWNLOAD_URL "/tmp" $PACKAGE_TAR_NAME
echo "Expand '$PACKAGE_TAR_NAME' to the '$RUBY_VERSION_PATH' folder"
tar xf "/tmp/$PACKAGE_TAR_NAME" -C $RUBY_VERSION_PATH
COMPLETE_FILE_PATH="$RUBY_VERSION_PATH/x64.complete"
if [ ! -f $COMPLETE_FILE_PATH ]; then
echo "Create complete file"
touch $COMPLETE_FILE_PATH
fi
done
invoke_tests "Tools" "Ruby"

18
images/ubuntu/scripts/build/runner-package.sh Normal file
View File

@@ -0,0 +1,18 @@
#!/bin/bash -e
################################################################################
## File: runner-package.sh
## Desc: Downloads and Installs runner package
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
DOWNLOAD_URL=$(get_github_package_download_url "actions/runner" 'test("actions-runner-linux-x64-[0-9]+\\.[0-9]{3}\\.[0-9]+\\.tar\\.gz")')
FILE_NAME="${DOWNLOAD_URL##*/}"
sudo mkdir -p /opt/runner-cache
download_with_retries "${DOWNLOAD_URL}" "/tmp" "${FILE_NAME}"
sudo mv /tmp/$FILE_NAME /opt/runner-cache/$FILE_NAME

34
images/ubuntu/scripts/build/rust.sh Normal file
View File

@@ -0,0 +1,34 @@
#!/bin/bash -e
################################################################################
## File: rust.sh
## Desc: Installs Rust
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/etc-environment.sh
source $HELPER_SCRIPTS/os.sh
export RUSTUP_HOME=/etc/skel/.rustup
export CARGO_HOME=/etc/skel/.cargo
curl -fsSL https://sh.rustup.rs | sh -s -- -y --default-toolchain=stable --profile=minimal
# Initialize environment variables
source $CARGO_HOME/env
# Install common tools
rustup component add rustfmt clippy
if isUbuntu22; then
cargo install bindgen-cli cbindgen cargo-audit cargo-outdated
else
cargo install --locked bindgen-cli cbindgen cargo-audit cargo-outdated
fi
# Cleanup Cargo cache
rm -rf ${CARGO_HOME}/registry/*
# Update /etc/environemnt
prependEtcEnvironmentPath '$HOME/.cargo/bin'
invoke_tests "Tools" "Rust"

15
images/ubuntu/scripts/build/sbt.sh Normal file
View File

@@ -0,0 +1,15 @@
#!/bin/bash -e
################################################################################
## File: sbt.sh
## Desc: Installs sbt
################################################################################
source $HELPER_SCRIPTS/install.sh
# Install latest sbt release
downloadUrl=$(get_github_package_download_url "sbt/sbt" "endswith(\".tgz\")")
download_with_retries "$downloadUrl" "/tmp" "sbt.tgz"
tar zxf /tmp/sbt.tgz -C /usr/share
ln -s /usr/share/sbt/bin/sbt /usr/bin/sbt
invoke_tests "Tools" "Sbt"

25
images/ubuntu/scripts/build/selenium.sh Normal file
View File

@@ -0,0 +1,25 @@
#!/bin/bash -e
################################################################################
## File: selenium.sh
## Desc: Installs selenium server
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
# Download Selenium server
SELENIUM_MAJOR_VERSION=$(get_toolset_value '.selenium.version')
SELENIUM_BINARY_NAME=$(get_toolset_value '.selenium.binary_name')
SELENIUM_JAR_PATH="/usr/share/java"
SELENIUM_JAR_NAME="$SELENIUM_BINARY_NAME.jar"
SELENIUM_DOWNLOAD_URL=$(get_github_package_download_url "SeleniumHQ/selenium" "contains(\"${SELENIUM_BINARY_NAME}-${SELENIUM_MAJOR_VERSION}\") and endswith(\".jar\")")
download_with_retries $SELENIUM_DOWNLOAD_URL $SELENIUM_JAR_PATH $SELENIUM_JAR_NAME
# Create an epmty file to retrive selenium version
SELENIUM_FULL_VERSION=$(echo $SELENIUM_DOWNLOAD_URL | awk -F"${SELENIUM_BINARY_NAME}-|.jar" '{print $2}')
touch "$SELENIUM_JAR_PATH/$SELENIUM_BINARY_NAME-$SELENIUM_FULL_VERSION"
# Add SELENIUM_JAR_PATH environment variable
echo "SELENIUM_JAR_PATH=$SELENIUM_JAR_PATH/$SELENIUM_JAR_NAME" | tee -a /etc/environment
invoke_tests "Tools" "Selenium"

14
images/ubuntu/scripts/build/snap.sh Normal file
View File

@@ -0,0 +1,14 @@
#!/bin/bash -e
# Put snapd auto refresh on hold
# as it may generate too much traffic on Canonical's snap server
# when they are rolling a new major update out.
# Hold is calculated as today's date + 60 days
# snapd is started automatically, but during image generation
# a unix socket may die, restart snapd.service (and therefore snapd.socket)
# to make sure the socket is alive.
systemctl restart snapd.socket
systemctl restart snapd
snap set system refresh.hold="$(date --date='today+60 days' +%Y-%m-%dT%H:%M:%S%:z)"

11
images/ubuntu/scripts/build/sphinx.sh Normal file
View File

@@ -0,0 +1,11 @@
#!/bin/bash -e
################################################################################
## File: sphinx.sh
## Desc: Installs Sphinx
################################################################################
# Install Sphinx
apt-get install -y sphinxsearch
invoke_tests "Tools" "Sphinx"

25
images/ubuntu/scripts/build/sqlpackage.sh Normal file
View File

@@ -0,0 +1,25 @@
#!/bin/bash -e
################################################################################
## File: sqlpackage.sh
## Desc: Install SqlPackage CLI to DacFx (https://docs.microsoft.com/sql/tools/sqlpackage/sqlpackage-download#get-sqlpackage-net-core-for-linux)
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
source $HELPER_SCRIPTS/os.sh
# Install libssl1.1 dependency
if isUbuntu22; then
download_with_retries "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb" "/tmp"
dpkg -i /tmp/libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb
fi
# Install SqlPackage
download_with_retries "https://aka.ms/sqlpackage-linux" "." "sqlpackage.zip"
unzip -qq sqlpackage.zip -d /usr/local/sqlpackage
rm -f sqlpackage.zip
chmod +x /usr/local/sqlpackage/sqlpackage
ln -sf /usr/local/sqlpackage/sqlpackage /usr/local/bin
invoke_tests "Tools" "SqlPackage"

46
images/ubuntu/scripts/build/swift.sh Normal file
View File

@@ -0,0 +1,46 @@
#!/bin/bash -e
################################################################################
## File: swift.sh
## Desc: Installs Swift
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
# Install
image_label="$(lsb_release -rs)"
swift_version=$(curl -fsSL "https://api.github.com/repos/apple/swift/releases/latest" | jq -r '.tag_name | match("[0-9.]+").string')
swift_tar_name="swift-$swift_version-RELEASE-ubuntu$image_label.tar.gz"
swift_tar_url="https://swift.org/builds/swift-$swift_version-release/ubuntu${image_label//./}/swift-$swift_version-RELEASE/$swift_tar_name"
download_with_retries $swift_tar_url "/tmp" "$swift_tar_name"
# Verifing pgp signature using official swift pgp key. Referring to https://www.swift.org/install/linux/#Installation-via-Tarball
# Download swift pgp key
download_with_retries "https://swift.org/keys/all-keys.asc" "/tmp" "all-keys.asc"
# Import swift pgp key
gpg --no-default-keyring --keyring swift --import /tmp/all-keys.asc
# Download signature file
download_with_retries "$swift_tar_url.sig" "/tmp" "$swift_tar_name.sig"
# Verify signature
gpg --no-default-keyring --keyring swift --verify "/tmp/$swift_tar_name.sig" "/tmp/$swift_tar_name"
# Remove swift pgp public key with temporary keyring
rm ~/.gnupg/swift
tar xzf /tmp/$swift_tar_name
SWIFT_INSTALL_ROOT="/usr/share/swift"
SWIFT_BIN_ROOT="$SWIFT_INSTALL_ROOT/usr/bin"
SWIFT_LIB_ROOT="$SWIFT_INSTALL_ROOT/usr/lib"
mv swift-$swift_version-RELEASE-ubuntu$image_label $SWIFT_INSTALL_ROOT
mkdir -p /usr/local/lib
ln -s "$SWIFT_BIN_ROOT/swift" /usr/local/bin/swift
ln -s "$SWIFT_BIN_ROOT/swiftc" /usr/local/bin/swiftc
ln -s "$SWIFT_LIB_ROOT/libsourcekitdInProc.so" /usr/local/lib/libsourcekitdInProc.so
echo "SWIFT_PATH=$SWIFT_BIN_ROOT" | tee -a /etc/environment
invoke_tests "Common" "Swift"

16
images/ubuntu/scripts/build/terraform.sh Normal file
View File

@@ -0,0 +1,16 @@
#!/bin/bash -e
################################################################################
## File: terraform.sh
## Desc: Installs terraform
################################################################################
source $HELPER_SCRIPTS/install.sh
# Install Terraform
URL=$(curl -fsSL https://api.releases.hashicorp.com/v1/releases/terraform/latest | jq -r '.builds[] | select((.arch=="amd64") and (.os=="linux")).url')
ZIP_NAME="terraform_linux_amd64.zip"
download_with_retries "${URL}" "/tmp" "${ZIP_NAME}"
unzip -qq "/tmp/${ZIP_NAME}" -d /usr/local/bin
rm -f "/tmp/${ZIP_NAME}"
invoke_tests "Tools" "Terraform"

20
images/ubuntu/scripts/build/validate-disk-space.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/bash -e
################################################################################
## File: validate-disk-space.sh
## Desc: Validate free disk space
################################################################################
availableSpaceMB=$(df / -hm | sed 1d | awk '{ print $4}')
minimumFreeSpaceMB=15000
echo "Available disk space: $availableSpaceMB MB"
if [ $RUN_VALIDATION != "true" ]; then
echo "Skipping validation disk space..."
exit 0
fi
if [ $availableSpaceMB -le $minimumFreeSpaceMB ]; then
echo "Not enough disk space on the image (minimum available space: $minimumFreeSpaceMB MB)"
exit 1
fi

27
images/ubuntu/scripts/build/vcpkg.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/bin/bash -e
################################################################################
## File: vcpkg.sh
## Desc: Installs vcpkg
################################################################################
# Set env variable for vcpkg
VCPKG_INSTALLATION_ROOT=/usr/local/share/vcpkg
echo "VCPKG_INSTALLATION_ROOT=${VCPKG_INSTALLATION_ROOT}" | tee -a /etc/environment
# Install vcpkg
git clone https://github.com/Microsoft/vcpkg $VCPKG_INSTALLATION_ROOT
$VCPKG_INSTALLATION_ROOT/bootstrap-vcpkg.sh
# workaround https://github.com/microsoft/vcpkg/issues/27786
mkdir -p /root/.vcpkg/ $HOME/.vcpkg
touch /root/.vcpkg/vcpkg.path.txt $HOME/.vcpkg/vcpkg.path.txt
$VCPKG_INSTALLATION_ROOT/vcpkg integrate install
chmod 0777 -R $VCPKG_INSTALLATION_ROOT
ln -sf $VCPKG_INSTALLATION_ROOT/vcpkg /usr/local/bin
rm -rf /root/.vcpkg $HOME/.vcpkg
invoke_tests "Tools" "Vcpkg"

20
images/ubuntu/scripts/build/yq.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/bash -e
################################################################################
## File: yq.sh
## Desc: Installs YQ
## Supply chain security: YQ - checksum validation
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
# Download YQ
base_url="https://github.com/mikefarah/yq/releases/latest/download"
download_with_retries "${base_url}/yq_linux_amd64" "/tmp" "yq"
# Supply chain security - YQ
external_hash=$(get_hash_from_remote_file "${base_url}/checksums" "yq_linux_amd64 " "" " " "19")
use_checksum_comparison "/tmp/yq" "${external_hash}"
# Install YQ
sudo install /tmp/yq /usr/bin/yq
invoke_tests "Tools" "yq"

28
images/ubuntu/scripts/build/zstd.sh Normal file
View File

@@ -0,0 +1,28 @@
#!/bin/bash -e
################################################################################
## File: zstd.sh
## Desc: Installs zstd
## Supply chain security: zstd - checksum validation
################################################################################
# Source the helpers for use with the script
source $HELPER_SCRIPTS/install.sh
# Download zstd
release_tag=$(curl -fsSL https://api.github.com/repos/facebook/zstd/releases/latest | jq -r '.tag_name')
zstd_tar_name=zstd-${release_tag//v}.tar.gz
URL=https://github.com/facebook/zstd/releases/download/${release_tag}/${zstd_tar_name}
download_with_retries "${URL}" "/tmp" "${zstd_tar_name}"
# Supply chain security - zstd
external_hash=$(get_hash_from_remote_file "${URL}.sha256" "${zstd_tar_name}")
use_checksum_comparison "/tmp/${zstd_tar_name}" "${external_hash}"
# Install zstd
apt-get install -y liblz4-dev
tar xzf /tmp/$zstd_tar_name -C /tmp
make -C /tmp/zstd-${release_tag//v}/contrib/pzstd all
make -C /tmp/zstd-${release_tag//v} zstd-release
for copyprocess in zstd zstdless zstdgrep; do cp /tmp/zstd-${release_tag//v}/programs/$copyprocess /usr/local/bin/; done
cp /tmp/zstd-${release_tag//v}/contrib/pzstd/pzstd /usr/local/bin/
for symlink in zstdcat zstdmt unzstd; do ln -sf /usr/local/bin/zstd /usr/local/bin/$symlink; done
invoke_tests "Tools" "Zstd"