ci(pipelines): route server base images through internal mirror#27346
Draft
ChumpChief wants to merge 1 commit into
Draft
ci(pipelines): route server base images through internal mirror#27346ChumpChief wants to merge 1 commit into
ChumpChief wants to merge 1 commit into
Conversation
Add ARG BASE_IMAGE_REGISTRY=docker.io to the four server Dockerfiles and have each server-* pipeline override it via additionalBuildArguments to point at the internal mirror namespace. This makes the build resilient against 1ES network isolation policies that block egress to registry-1.docker.io, while keeping local and external-contributor builds unchanged (they continue to pull from Docker Hub). The internal mirror uses the namespace layout mirror/docker/library/<image> so that overriding BASE_IMAGE_REGISTRY is the only change needed to swap between upstream and mirror. Adds tools/pipelines/README.md describing how to maintain mirrored base images going forward. AB#73353 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
|
Hi! Thank you for opening this PR. Want me to review it? Based on the diff (159 lines, 11 files), I've queued these reviewers:
How this works
|
ChumpChief
force-pushed
the
test/server-pipelines-acr-mirror
branch
from
29484af to
5427c6c
Compare
Contributor
|
🔗 No broken links found! ✅ Your attention to detail is admirable. linkcheck output |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds an overridable
BASE_IMAGE_REGISTRYbuild arg to the fourserver-*Dockerfiles (gitssh, gitrest, historian, routerlicious), defaulting todocker.iofor unchanged local/external behavior. Eachserver-*pipeline overrides the arg viaadditionalBuildArgumentsto pull the base image from the internal mirror, avoiding the 1ES network-isolation block onregistry-1.docker.io.Also adds
tools/pipelines/README.mddocumenting how to upgrade or add mirrored base images going forward.AB#73353