[Ubuntu] Update Docker installer script (#9232)

images/ubuntu/scripts/build/install-docker.sh

@@ -2,7 +2,7 @@
 ################################################################################
 ##  File:  install-docker.sh
 ##  Desc:  Install docker onto the image
-##  Supply chain security: Docker Compose v2, amazon-ecr-credential-helper - checksum validation
+##  Supply chain security: amazon-ecr-credential-helper - dynamic checksum validation
 ################################################################################
 
 # Source the helpers for use with the script
@@ -17,34 +17,36 @@ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o $GPG_
 echo "deb [arch=amd64 signed-by=$GPG_KEY] $REPO_URL ${os_codename} stable" > $REPO_PATH
 apt-get update
 
-for pkg in containerd.io docker-ce-cli docker-ce docker-buildx-plugin; do
+# Install docker components which available via apt-get
-    version=$(get_toolset_value ".docker.components.\"$pkg\"")
+# Using toolsets keep installation order to install dependencies before the package in order to control versions
+
+components=$(get_toolset_value '.docker.components[] .package')
+for package in $components; do
+    version=$(get_toolset_value ".docker.components[] | select(.package == \"$package\") | .version")
     if [[ $version == "latest" ]]; then
-        components_to_install+="${pkg} "
+        apt-get install -y --no-install-recommends "$package"
     else
-        version_string=$(apt-cache madison "${pkg}" | awk '{ print $3 }' | grep "${version}" | grep "${os_codename}" | head -1)
+        version_string=$(apt-cache madison "$package" | awk '{ print $3 }' | grep "$version" | grep "$os_codename" | head -1)
-        components_to_install+="${pkg}=${version_string} "
+        apt-get install -y --no-install-recommends "${package}=${version_string}"
     fi
 done
-apt-get install -y --no-install-recommends $components_to_install
 
-# Download docker compose v2 from releases
+# Install plugins that are best installed from the GitHub repository
-# Temporaty pinned to v2.23.3 due https://github.com/actions/runner-images/issues/9172
+# Be aware that `url` built from github repo name and plugin name because of current repo naming for those plugins
-compose_version=$(get_toolset_value ".docker.components.compose")
-URL=$(resolve_github_release_asset_url "docker/compose" "endswith(\"compose-linux-x86_64\")" "${compose_version}")
-compose_binary_path=$(download_with_retry "${URL}" "/tmp/docker-compose-v2")
 
-# Supply chain security - Docker Compose v2
+plugins=$(get_toolset_value '.docker.plugins[] .plugin')
-compose_hash_url=$(resolve_github_release_asset_url "docker/compose" "endswith(\"checksums.txt\")" "${compose_version}")
+for plugin in $plugins; do
-compose_external_hash=$(get_checksum_from_url "${compose_hash_url}" "compose-linux-x86_64" "SHA256")
+    version=$(get_toolset_value ".docker.plugins[] | select(.plugin == \"$plugin\") | .version")
-use_checksum_comparison "${compose_binary_path}" "${compose_external_hash}"
+    filter=$(get_toolset_value ".docker.plugins[] | select(.plugin == \"$plugin\") | .asset")
-
+    url=$(resolve_github_release_asset_url "docker/$plugin" "endswith(\"$filter\")" "$version")
-# Install docker compose v2
+    binary_path=$(download_with_retry "$url" "/tmp/docker-$plugin")
-install "${compose_binary_path}" /usr/libexec/docker/cli-plugins/docker-compose
+    mkdir -pv "/usr/libexec/docker/cli-plugins"
+    install "$binary_path" "/usr/libexec/docker/cli-plugins/docker-$plugin"
+done
 
 # docker from official repo introduced different GID generation: https://github.com/actions/runner-images/issues/8157
 gid=$(cut -d ":" -f 3 /etc/group | grep "^1..$" | sort -n | tail -n 1 | awk '{ print $1+1 }')
-groupmod -g $gid docker
+groupmod -g "$gid" docker
 chgrp -hR docker /run/docker.sock
 
 # Enable docker.service

images/ubuntu/scripts/tests/Tools.Tests.ps1

@@ -65,16 +65,31 @@ Describe "Rust" {
 }
 
 Describe "Docker" {
-    It "docker" {
+    It "docker client" {
-        "docker --version" | Should -ReturnZeroExitCode
+        $version=(Get-ToolsetContent).docker.components | Where-Object { $_.package -eq 'docker-ce-cli' } | Select-Object -ExpandProperty version
+        If ($version -ne "latest") {
+            $(docker version --format '{{.Client.Version}}') | Should -BeLike "*$version*"
+        }else{
+            "docker version --format '{{.Client.Version}}'" | Should -ReturnZeroExitCode
+        }
     }
 
     It "docker buildx" {
-        "docker buildx" | Should -ReturnZeroExitCode
+        $version=(Get-ToolsetContent).docker.plugins | Where-Object { $_.plugin -eq 'buildx' } | Select-Object -ExpandProperty version
+        If ($version -ne "latest") {
+            $(docker buildx version) | Should -BeLike "*$version*"
+        }else{
+            "docker buildx" | Should -ReturnZeroExitCode
+        }
     }
 
     It "docker compose v2" {
-        "docker compose" | Should -ReturnZeroExitCode
+        $version=(Get-ToolsetContent).docker.plugins | Where-Object { $_.plugin -eq 'compose' } | Select-Object -ExpandProperty version
+        If ($version -ne "latest") {
+            $(docker compose version --short) | Should -BeLike "*$version*"
+        }else{
+            "docker compose version --short" | Should -ReturnZeroExitCode
+        }
     }
 
     It "docker-credential-ecr-login" {

images/ubuntu/toolsets/toolset-2004.json

@@ -237,13 +237,32 @@
             "node:20-alpine",
             "ubuntu:20.04"
         ],
-        "components": {
+        "components": [
-            "docker-ce": "24.0.7",
+            {
-            "docker-ce-cli": "24.0.7",
+                "package": "containerd.io",
-            "containerd.io": "latest",
+                "version": "latest"
-            "docker-buildx-plugin": "latest",
+            },
-            "compose": "2.23.3"
+            {
-        }
+                "package": "docker-ce-cli",
+                "version": "24.0.7"
+            },
+            {
+                "package": "docker-ce",
+                "version": "24.0.7"
+            }
+        ],
+        "plugins": [
+            {
+                "plugin": "buildx",
+                "version": "latest",
+                "asset": "linux-amd64"
+            },            
+            {
+                "plugin": "compose",
+                "version": "2.23.3",
+                "asset": "linux-x86_64"
+            }
+        ]
     },
     "pipx": [
         {

images/ubuntu/toolsets/toolset-2204.json

@@ -228,13 +228,32 @@
             "ubuntu:20.04",
             "ubuntu:22.04"
         ],
-        "components": {
+        "components": [
-            "docker-ce": "24.0.7",
+            {
-            "docker-ce-cli": "24.0.7",
+                "package": "containerd.io",
-            "containerd.io": "latest",
+                "version": "latest"
-            "docker-buildx-plugin": "latest",
+            },
-            "compose": "2.23.3"
+            {
-        }
+                "package": "docker-ce-cli",
+                "version": "24.0.7"
+            },
+            {
+                "package": "docker-ce",
+                "version": "24.0.7"
+            }
+        ],
+        "plugins": [
+            {
+                "plugin": "buildx",
+                "version": "latest",
+                "asset": "linux-amd64"
+            },            
+            {
+                "plugin": "compose",
+                "version": "2.23.3",
+                "asset": "linux-x86_64"
+            }
+        ]
     },
     "pipx": [
         {