最佳实践:将大型installer.exe文件从施加位置复制到Azure DevOps码头映像生成代理

Question

我正在构建一个码头窗口容器映像，通过一个带有Azure DevOps管道的Dockerfile使用windows-server-2019。对于容器，我需要通过一个setup.exe文件安装一个大型专有程序。

将其提供给构建上下文的最佳实践是什么？

我的想法是不将setup.exe包含在Dockerfile所在的git中，而是将其存储在blob存储中，并直接提供给构建上下文。

我的Dockerfile：

FROM mcr.microsoft.com/windows/servercore:ltsc2019

# install APP
WORKDIR c:/temp
COPY pf.exe C:/temp/installer.exe
RUN powershell.exe -Command Start-Process C:/temp/installer.exe -ArgumentList '-install -quiet' -Wait;

我的构建pipeline.yml：

variables:
  imageName: "APP"
  dockerRegistryServiceConnection: "XXX"

trigger:
  branches:
    include:
      - "master"
      - "develop"

pool:
  vmImage: "windows-2019"

steps:
  - task: Docker@2
    displayName: Build an image
    inputs:
      repository: $(imageName)
      command: buildAndPush
      tags: $(imageName)-$(Build.BuildNumber)
      Dockerfile: extraction/Dockerfile

Answer 1

你的想法是可以实现的。您可以将installer.exe文件存储在Blob存储中，并直接在Azure管道中使用它。

以下是几个步骤：

Step1:创建一个Azure存储帐户并存储installer.exe文件

Step2:在Azure管道中，您可以使用Azure PowerShell任务运行azcopy命令，将文件从Azure存储帐户下载到与dockerfile相同的文件。

以下是YAML示例：

variables:
  imageName: "APP"
  dockerRegistryServiceConnection: "XXX"

trigger:
  branches:
    include:
      - "master"
      - "develop"

pool:
  vmImage: "windows-2019"

steps:
  - task: AzurePowerShell@5
  displayName: 'Azure PowerShell script: InlineScript'
  inputs:
    azureSubscription: azure
    ScriptType: InlineScript
    Inline: 'azcopy copy ''https://mystorageaccount.blob.core.windows.net/mycontainer/installer.exe'' ''$(build.sourcesdirectory)\installer.exe'''
    azurePowerShellVersion: LatestVersion

  - task: Docker@2
    displayName: Build an image
    inputs:
      repository: $(imageName)
      command: buildAndPush
      tags: $(imageName)-$(Build.BuildNumber)
      Dockerfile: extraction/Dockerfile

有关更多信息，您可以参考下面的doc：使用AzCopy从Azure Blob存储下载Blob

Answer 2

嗨，我做得很像你的建议，这是我的解决方案：

variables:
    imageName: "xxx"
    dockerRegistryServiceConnection: "xxx"
    azureResourceServiceConnection: "xxx"
    keyVaultName: "xxx"
    keyVaultSecretName: "xxx"
    azureSubscription: "xxx"
    storageAccountName: "xxx"
    containerName: "xxx-installer"
    fileName: "xxx.exe"
  
  trigger:
    branches:
      include:
        - "master"
  
  pool:
    vmImage: "windows-2019"
  
  steps:
    - task: AzureKeyVault@2
      inputs:
        azureSubscription: $(azureResourceServiceConnection)
        KeyVaultName: $(keyVaultName)
        SecretsFilter: $(keyVaultSecretName)
        RunAsPreJob: true
    - task: AzureCLI@2
      displayName: "Download xxx installer"
      inputs:
        azureSubscription: $(azureSubscription)
        scriptLocation: inlineScript
        scriptType: ps
        inlineScript: |
          mkdir $(Build.SourcesDirectory)\BuildContext
          az storage blob download --container-name $(containerName) --file $(Build.SourcesDirectory)\BuildContext/$(fileName) --name $(fileName) --account-key $(xxx) --account-name $(storageAccountName)
          copy extraction\Dockerfile $(Build.SourcesDirectory)\BuildContext\Dockerfile
    - task: Docker@2
      displayName: Build docker image
      inputs:
        repository: $(imageName)
        containerRegistry: $(dockerRegistryServiceConnection)
        command: buildAndPush
        tags: $(imageName)-$(Build.BuildNumber)
        Dockerfile: $(Build.SourcesDirectory)/BuildContext/Dockerfile
    - task: AzureCLI@2
      displayName: "Post build cleanup"
      inputs:
        azureSubscription: $(azureSubscription)
        scriptLocation: inlineScript
        scriptType: ps
        inlineScript: |
          Get-ChildItem -Path $(Build.SourcesDirectory)\BuildContext -Recurse | Remove-Item -force -recurse
          Remove-Item $(Build.SourcesDirectory)\BuildContext -Force