azl4: build target and test image definitions

.pipelines/templates/stages/trident_images/trident-testimg-template.yml

@@ -134,6 +134,21 @@ steps:
           cp $(Build.ArtifactStagingDirectory)/ssh/id_rsa* ${{ parameters.tridentSourceDirectory }}/artifacts/
         displayName: Copy SSH Keys
 
+  # Stage the SSH public key into the test image tree so the builder bakes it
+  # into the image. The Makefile previously did this via the files/id_rsa.pub
+  # prerequisite; those explicit image targets were removed, so the pipeline
+  # now stages the key before building. Superseded by the shared
+  # prepare-testimage-requirements template.
+  - ${{ if eq(parameters.useStagedSshKeys, true) }}:
+      - bash: |
+          set -eux
+
+          SRC="${{ parameters.tridentSourceDirectory }}/artifacts/id_rsa.pub"
+          DEST="${{ parameters.tridentSourceDirectory }}/tests/images/trident-vm-testimage/base/files"
+          mkdir -p "$DEST"
+          cp "$SRC" "$DEST/"
+        displayName: Stage SSH public key into testimage tree
+
   - script: |
       echo "##[warning]THE PIPELINE TEMPLATE trident-testimg-template.yaml IS DEPRECATED. PLEASE SWITCH TO USING testimages.py TO BUILD TEST IMAGES."
       cat /etc/os-release

Makefile

@@ -943,40 +943,21 @@ validate-pipeline-website-artifact:
 		npm install && \
 			npm run serve -- --port $(SERVER_PORT)
 
-#
-# Generic COSI image build target pattern
-#
-COSI_TARGETS = $(shell ./tests/images/testimages.py list --filter-type cosi)
-
-.PHONY: $(COSI_TARGETS)
-$(COSI_TARGETS): %: artifacts/%.cosi
-
-.PHONY: all-cosi
-all-cosi: $(COSI_TARGETS)
-
-#
-# Generic ISO image build target pattern
-#
-ISO_TARGETS = $(shell ./tests/images/testimages.py list --filter-type iso)
-
-.PHONY: $(ISO_TARGETS)
-$(ISO_TARGETS): %: artifacts/%.iso
-
-.PHONY: all-iso
-all-iso: $(ISO_TARGETS)
-
 # Fun trick to use the stem of the target (%) as a variable ($*) in the
 # prerequisites so that we can use find to get all the files in the directory.
 # https://www.gnu.org/software/make/manual/make.html#Secondary-Expansion
 .SECONDEXPANSION:
-artifacts/%.cosi artifacts/%.iso artifacts/%.vhdx: $$(shell ./tests/images/testimages.py dependencies $$*)
+artifacts/%.cosi artifacts/%.iso artifacts/%.vhdx artifacts/%.vhd artifacts/%.qcow2: $$(shell ./tests/images/testimages.py dependencies $$*)
 	@echo "Building '$*' [$@] from $<"
+	@echo "Extension is: $(subst .,,$(suffix $@))"
+	@test "$(subst .,,$(suffix $@))" != "cosi" || echo "NOTE: customizing a COSI image (OutputFormat.COSI). If you intend a baremetal-image COSI (OutputFormat.BAREMETAL_IMAGE), invoke ./tests/images/testimages.py build $* --output-type baremetal-image directly."
 	@echo "Prerequisites:"
 	@echo "$^" | tr ' ' '\n' | sed 's/^/    /'
 	@echo "Building image..."
 	sudo ./tests/images/testimages.py build \
 		$* \
 		--output-dir ./artifacts \
+		--output-type $(subst .,,$(suffix $@)) \
 		$(if $(strip $(MIC_CONTAINER_IMAGE)),--container $(MIC_CONTAINER_IMAGE)) \
 		$(if $(strip $(MIC_ARCHITECTURE)),--image-architecture $(MIC_ARCHITECTURE))
 
@@ -1046,155 +1027,6 @@ $(MINIMAL_IMAGE_AARCH64):
 	@mkdir -p artifacts
 	@tests/images/testimages.py download-image minimal_aarch64
 
-artifacts/trident-vm-grub-testimage.qcow2: \
-	$(QEMU_GUEST_IMAGE) \
-	$(TRIDENT_VM_DEPENDENCIES) \
-	$(VM_IMAGE_PATH_PREFIX)/baseimg-grub.yaml \
-	$(VM_IMAGE_PATH_PREFIX)/files/id_rsa.pub \
-	artifacts/rpm-overrides
-	@echo "Building $@ from $<"
-	docker run --rm \
-		--privileged \
-		-v ".:/repo:z" \
-		-v "/dev:/dev" \
-		${MIC_CONTAINER_IMAGE} \
-			--log-level debug \
-			--rpm-source /repo/bin/RPMS \
-			--rpm-source /repo/artifacts/rpm-overrides \
-			--build-dir /build \
-			--image-file /repo/$< \
-			--output-image-file /repo/$@ \
-			--output-image-format qcow2 \
-			--config-file /repo/$(VM_IMAGE_PATH_PREFIX)/baseimg-grub.yaml
-
-artifacts/trident-vm-grub-testimage-arm64.qcow2: \
-	base/core_arm64.vhdx \
-	$(TRIDENT_VM_DEPENDENCIES) \
-	$(VM_IMAGE_PATH_PREFIX)/baseimg-grub.yaml \
-	$(VM_IMAGE_PATH_PREFIX)/files/id_rsa.pub
-	@echo "Building $@ from $<"
-	docker run --rm \
-		--privileged \
-		-v ".:/repo:z" \
-		-v "/dev:/dev" \
-		${MIC_CONTAINER_IMAGE} \
-			--log-level debug \
-			--rpm-source /repo/bin/RPMS \
-			--build-dir /build \
-			--image-file /repo/$< \
-			--output-image-file /repo/$@ \
-			--output-image-format qcow2 \
-			--config-file /repo/$(VM_IMAGE_PATH_PREFIX)/baseimg-grub-verity.yaml
-
-artifacts/trident-vm-grub-verity-testimage.qcow2: \
-	$(QEMU_GUEST_IMAGE) \
-	$(TRIDENT_VM_DEPENDENCIES) \
-	$(VM_IMAGE_PATH_PREFIX)/baseimg-grub-verity.yaml \
-	$(VM_IMAGE_PATH_PREFIX)/files/etc-mount.service \
-	$(VM_IMAGE_PATH_PREFIX)/files/etc-mount.sh \
-	$(VM_IMAGE_PATH_PREFIX)/files/id_rsa.pub \
-	artifacts/rpm-overrides
-	@echo "Building $@ from $<"
-	docker run --rm \
-		--privileged \
-		-v ".:/repo:z" \
-		-v "/dev:/dev" \
-		${MIC_CONTAINER_IMAGE} \
-			--log-level debug \
-			--rpm-source /repo/bin/RPMS \
-			--rpm-source /repo/artifacts/rpm-overrides \
-			--build-dir /build \
-			--image-file /repo/$< \
-			--output-image-file /repo/$@ \
-			--output-image-format qcow2 \
-			--config-file /repo/$(VM_IMAGE_PATH_PREFIX)/baseimg-grub-verity.yaml
-
-artifacts/trident-vm-root-verity-testimage.qcow2: \
-	$(QEMU_GUEST_IMAGE) \
-	$(TRIDENT_VM_DEPENDENCIES) \
-	$(VM_IMAGE_PATH_PREFIX)/baseimg-root-verity.yaml \
-	$(VM_IMAGE_PATH_PREFIX)/files/id_rsa.pub \
-	artifacts/rpm-overrides
-	@echo "Building $@ from $<"
-	docker run --rm \
-		--privileged \
-		-v ".:/repo:z" \
-		-v "/dev:/dev" \
-		${MIC_CONTAINER_IMAGE} \
-			--log-level debug \
-			--rpm-source /repo/bin/RPMS \
-			--rpm-source /repo/artifacts/rpm-overrides \
-			--build-dir /build \
-			--image-file /repo/$< \
-			--output-image-file /repo/$@ \
-			--output-image-format qcow2 \
-			--config-file /repo/$(VM_IMAGE_PATH_PREFIX)/baseimg-root-verity.yaml
-
-artifacts/trident-vm-verity-testimage-arm64.qcow2: \
-	base/core_arm64.vhdx \
-	$(TRIDENT_VM_DEPENDENCIES) \
-	$(VM_IMAGE_PATH_PREFIX)/baseimg-verity.yaml \
-	$(VM_IMAGE_PATH_PREFIX)/files/etc-mount.service \
-	$(VM_IMAGE_PATH_PREFIX)/files/etc-mount.sh \
-	$(VM_IMAGE_PATH_PREFIX)/files/id_rsa.pub
-	@echo "Building $@ from $<"
-	docker run --rm \
-		--privileged \
-		-v ".:/repo:z" \
-		-v "/dev:/dev" \
-		${MIC_CONTAINER_IMAGE} \
-			--log-level debug \
-			--rpm-source /repo/bin/RPMS \
-			--build-dir /build \
-			--image-file /repo/$< \
-			--output-image-file /repo/$@ \
-			--output-image-format qcow2 \
-			--config-file /repo/$(VM_IMAGE_PATH_PREFIX)/baseimg-verity.yaml
-
-artifacts/trident-vm-usr-verity-testimage.qcow2: \
-	$(QEMU_GUEST_IMAGE) \
-	$(TRIDENT_VM_DEPENDENCIES) \
-	$(VM_IMAGE_PATH_PREFIX)/baseimg-usr-verity.yaml \
-	$(VM_IMAGE_PATH_PREFIX)/files/id_rsa.pub \
-	artifacts/rpm-overrides
-	@echo "Building $@ from $<"
-	docker run --rm \
-		--privileged \
-		-v ".:/repo:z" \
-		-v "/dev:/dev" \
-		${MIC_CONTAINER_IMAGE} \
-			--log-level debug \
-			--rpm-source /repo/bin/RPMS \
-			--rpm-source /repo/artifacts/rpm-overrides \
-			--build-dir /build \
-			--image-file /repo/$< \
-			--output-image-file /repo/$@ \
-			--output-image-format qcow2 \
-			--config-file /repo/$(VM_IMAGE_PATH_PREFIX)/baseimg-usr-verity.yaml
-
-artifacts/trident-vm-grub-verity-azure-testimage.vhd: \
-	$(CORE_SELINUX_IMAGE) \
-	$(TRIDENT_VM_DEPENDENCIES) \
-	$(VM_IMAGE_PATH_PREFIX)/baseimg-grub-verity-azure.yaml \
-	$(VM_IMAGE_PATH_PREFIX)/files/etc-mount.service \
-	$(VM_IMAGE_PATH_PREFIX)/files/etc-mount.sh \
-	$(VM_IMAGE_PATH_PREFIX)/files/id_rsa.pub \
-	artifacts/rpm-overrides
-	@echo "Building $@ from $<"
-	docker run --rm \
-		--privileged \
-		-v ".:/repo:z" \
-		-v "/dev:/dev" \
-		${MIC_CONTAINER_IMAGE} \
-			--log-level debug \
-			--rpm-source /repo/bin/RPMS \
-			--rpm-source /repo/artifacts/rpm-overrides \
-			--build-dir /build \
-			--image-file /repo/$< \
-			--output-image-file /repo/$@ \
-			--output-image-format vhd-fixed \
-			--config-file /repo/$(VM_IMAGE_PATH_PREFIX)/baseimg-grub-verity-azure.yaml
-
 .PHONY: imagecustomizer-dev-amd64
 imagecustomizer-dev-amd64:
 	make -C ../azure-linux-image-tools/toolkit go-imagecustomizer

tests/images/builder/README.md

@@ -100,7 +100,7 @@ The following commands are supported:
     python3 ./testimages.py dependencies <image_name>
     # Build an image locally
     python3 ./testimages.py build <image_name>
-    # Show key info about the image, such as name, source, config path, etc.
+    # Show key info about the image, such as name, source, base image, etc.
     python3 ./testimages.py show-image <image_name> <field>
     # Show info on key artifacts, such as the Image Customizer version or container image
     python3 ./testimages.py show-artifact
@@ -111,16 +111,22 @@ The following commands are supported:
 To build an image with Builder or test your changes to Builder, follow these steps:
 
 1. If necessary, make changes to the Builder source code.
-1. Download the base image:
+1. Download the base image. To find which base image an image builds on (as the build pipeline does), run:
+
+```bash
+    python3 ./testimages.py show-image <image_name> base-image
+```
+
+   Then download it:
 
 ```bash
     ./testimages.py download-image <base_image_name>
 ```
 
-1. If necessary, update the Image Customizer config for the image you want to build, by modifying the corresponding YAML in `test-images/platform-integration-images`. You can also find the relevant YAML by running:
+1. If necessary, update the Image Customizer config for the image you want to build, by modifying the corresponding YAML in `test-images/platform-integration-images`. To see the config YAML used for each output type, run:
 
 ```bash
-    python3 ./testimages.py show-image <image_name> config-file
+    python3 ./testimages.py show-image <image_name> output-and-config
 ```
 
 1. Build the image: