chore(vhdbuilder): add COSI conversion for ACL VHD images#8532
Closed
bfjelds wants to merge 2 commits into
Closed
Conversation
Add a post-build pipeline step that converts AzureContainerLinux (ACL) VHD images to COSI format using ImageCustomizer's convert command (v1.2.0-2). Changes: - New script: convert-vhd-to-cosi.sh downloads ACL VHD from blob storage, runs ImageCustomizer convert (VHD -> COSI), and uploads the COSI file - New make target: convert-vhd-to-cosi in packer.mk - Pipeline vars: set IMG_CUSTOMIZER_CONTAINER and IMG_CUSTOMIZER_VERSION on ACL build jobs in both PR and release pipelines - Builder template: add Convert ACL VHD to COSI step after SIG->classic conversion, conditioned on OS_SKU=AzureContainerLinux - Immutable copy: updated to also copy/remove .cosi files for ACL builds Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Brian Fjeldstad <bfjelds@microsoft.com>
bfjelds
changed the title
bfjelds
changed the title
bfjelds
commented
May 18, 2026
| echo "Successfully copied VHD to immutable container" | ||
| if [ "${OS_SKU}" = "AzureContainerLinux" ]; then | ||
| echo "Copying ${DESTINATION_STORAGE_CONTAINER}/${CAPTURED_SIG_VERSION}.cosi to immutable storage container" | ||
| az storage blob copy start --account-name "$STORAGE_ACCOUNT_NAME" --destination-blob "${CAPTURED_SIG_VERSION}.cosi" --destination-container "$VHD_CONTAINER_NAME" --source-uri "${DESTINATION_STORAGE_CONTAINER}/${CAPTURED_SIG_VERSION}.cosi" --auth-mode login || exit 1 |
Member
Author
There was a problem hiding this comment.
find correct place to upload
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a post-build pipeline stage that converts AzureContainerLinux (ACL) VHD images to COSI format using the imagecustomizer convert tool, and propagates the new .cosi artifact through the immutable-blob copy step.
Changes:
- New script
convert-vhd-to-cosi.sh+convert-vhd-to-cosimake target that downloads the ACL VHD, runsimagecustomizer convertin a container, and uploads the resulting.cosiback to blob storage. - New pipeline step in
.builder-release-template.yaml(conditioned onOS_SKU=AzureContainerLinux) and extension to the immutable-copy step that also copies/removes.cosifiles. - ACL build jobs in both PR and release pipelines now set
SIG_SOURCE_*andIMG_CUSTOMIZER_CONTAINER/IMG_CUSTOMIZER_VERSION(mcr.microsoft.com/azurelinux/imagecustomizer:1.2.0-2).
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| vhdbuilder/packer/imagecustomizer/scripts/convert-vhd-to-cosi.sh | New script: pulls ACL VHD, runs ImageCustomizer convert to COSI, uploads result. |
| packer.mk | Adds convert-vhd-to-cosi make target wrapping the new script. |
| .pipelines/templates/.builder-release-template.yaml | Adds ACL-only Convert-to-COSI step; extends immutable copy step to also copy/remove the .cosi blob. |
| .pipelines/.vsts-vhd-builder.yaml | Sets ACL SIG source variables and ImageCustomizer container/version for amd64 + arm64 PR jobs. |
| .pipelines/.vsts-vhd-builder-release.yaml | Same variable additions for the release pipeline. |
…ntainer
Match adamsanaglo's proof-of-concept upload destination:
- Upload to AFD_UPLOAD_ENDPOINT/COSI_CONTAINER/{config}-{version}.cosi
- Use IMG_CUSTOMIZER_CONFIG for blob name prefix (cosi-acl)
- Remove COSI copy-to-immutable logic (no longer in staging container)
- Pass AFD_UPLOAD_ENDPOINT, COSI_CONTAINER, IMG_CUSTOMIZER_CONFIG env vars
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Brian Fjeldstad <bfjelds@microsoft.com>
bfjelds
commented
May 18, 2026
| exit $azExitCode | ||
| fi | ||
|
|
||
| echo "Successfully converted and uploaded COSI: ${AFD_UPLOAD_ENDPOINT}/${COSI_CONTAINER}/${COSI_BLOB_NAME}" |
Member
Author
There was a problem hiding this comment.
need to register with nebraska
bfjelds
commented
May 18, 2026
| @@ -0,0 +1,104 @@ | |||
| #!/bin/bash | |||
| set -euo pipefail | |||
Member
Author
There was a problem hiding this comment.
it sounds like this type of code needs to move to https://msazure.visualstudio.com/CloudNativeCompute/_git/aks-rp?path=/nodelifecycle/vhdbuilder&version=GBmaster&_a=contents
bfjelds
commented
May 18, 2026
| echo '##vso[task.setvariable variable=ARCHITECTURE]X86_64' | ||
| echo '##vso[task.setvariable variable=ENABLE_FIPS]True' | ||
| echo '##vso[task.setvariable variable=ENABLE_TRUSTED_LAUNCH]True' | ||
| echo '##vso[task.setvariable variable=ENABLE_CGROUPV2]True' |
bfjelds
commented
May 18, 2026
| echo '##vso[task.setvariable variable=ENABLE_FIPS]True' | ||
| echo '##vso[task.setvariable variable=ENABLE_TRUSTED_LAUNCH]True' | ||
| echo '##vso[task.setvariable variable=ENABLE_CGROUPV2]True' | ||
| displayName: Setup Build Variables |
bfjelds
commented
May 18, 2026
| echo '##vso[task.setvariable variable=ENABLE_FIPS]True' | ||
| echo '##vso[task.setvariable variable=ENABLE_TRUSTED_LAUNCH]True' | ||
| echo '##vso[task.setvariable variable=ENABLE_CGROUPV2]True' | ||
| displayName: Setup Build Variables |
bfjelds
commented
May 18, 2026
| echo '##vso[task.setvariable variable=ENABLE_FIPS]True' | ||
| echo '##vso[task.setvariable variable=ENABLE_TRUSTED_LAUNCH]True' | ||
| echo '##vso[task.setvariable variable=ENABLE_CGROUPV2]True' | ||
| displayName: Setup Build Variables |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Add a post-build pipeline step that converts AzureContainerLinux (ACL) VHD images to COSI format using ImageCustomizer's convert command (v1.2.0-2). Export ACL COSI image, used for A/B updates.
Changes:
Which issue(s) this PR fixes:
Fixes #